As The Privacy (lack of) Noose Tightens…

I’m sure you will all be thrilled to know that I’m getting my infrastructure back up and in place.

Not so “thrilling” is some of the New Crap I’ve run into. We’ll see if I can “Fix It” adequately…

First up, the Good Bit:

I’m posting this via my Lab WiFi and Lab Router (then on to Spectrum Cable as the ISP). It’s all working OK. I can now start bringing up my various internal servers, data farm, lab / play computers, etc.

The Bad Bits:

I’ve run into 2 Bad Things that are pissers. Neither one of them is at all “good” in any way.

1) Netgear has inserted an obligatory change into my Netgear WiFi router. I didn’t ask for it. I can’t reverse it. I despise it. Looks like I’ll need to either put my own software on the thing, or just build my own router. This sucks.

What is it? They had a “Parental Controls” option that you could turn off via the local management page (named “Genie” I think). That is now just dead. Clicking the configure button takes you to a web page “https: //netgear.opendns.com/sign_in.php” which informs you:

The Live Parental Control service based on OpenDNS will no longer be supported on Netgear devices as of December 31, 2021.

Effective April 1st, 2021, Netgear will remove support for Live Parental Controls from the Netgear genie app and from updated versions of their firmware. Customers can continue to use OpenDNS for content and security filtering by directly setting up an account at https: //www.opendns.com/home-internet-security.

OK, that would be fine… except: I DON’T WANT an account, nor do I want “parental controls”. Yet “Parental controls” are ON by default and you can not turn it OFF without getting an account (and thus leaving footprints that you have it turned off and your IP address and more…)

Essentially, I’m forced into some kind of OpenDNS Parental Controls hell against my will and without any PRIVACY RESPECTING way to turn it off. And you can bet that Parental Controls is going to include all sorts of “Orange Man Bad” and “MAGA Bad” and “Disinformation Bad” etc. etc. nooses about your information neck. Or you get “outed” as someone who is a Free Thinker and thus deserving of monitoring…

As this is now built into the router, we’ll need to see if I can bypass it by setting up an internal DNS server that just ignores the OpenDNS Parental Controls stuck into the Netgear…

Which brings us to #2 issue.

2) Spectrum seems to be doing some kind of DNS blocking. I just set the DNS in my router (which hands those IPs to the DHCP clients for DNS servers) to be 8.8.8.8 and another open site. When I did that (thinking that ought to get me past the OpenDNS Parental Controls issue) I could not get a DNS resolution.

Setting the default DNS back to that of the Spectrum router, and suddenly everything works again.

OK…

This means that ALL DNS lookups end up being the property of Spectrum (who gets to sell them, provide them to TLAs & LEOs, and maybe NGOs…) and you can’t get out of it with using alternative DNS servers.

What To Do? TBD.

For now, I’m just going to let it run as is (since it is working). Once I get my PiHole DNS server set up, we’ll see if I can do proper DNS lookups to root servers et. al. via normal Linux / Unix tools. IF that’s broken too, then I’m in the position of needing to dump Spectrum as my carrier. Oh Well.

Frontier (IIRC) is the other local carrier. If anyone knows their state of DNS Buggery, that would be “nice to know” as swapping from one bugger to another with no gain is pointless.

I’m pretty sure that, worse case, I set up a VPN to The Free World and run my DNS through it to a private DNS server. But really… what a POS (and that’s not Point Of Sale) world where I have to fight BOTH my ISP and my purchased (years ago…) router vendor just to get clean unfiltered un-SPIED-on DNS services.

More as I discover The Crap Load that others won’t even know is happening…

FWiW, I’m also going to get to re-explore the various privacy respecting DNS services (over HTTPS – DoH, and over TLS – DoT) and see which of them I can tunnel through this mess. IIRC, the PiHole can do one or both of those, as can Linux DNS services (dnsmasq?) and various browsers. But it’s been about a year since I last configured that stuff, so “some assembly required” and a bit of review…

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Security & Privacy, Tech Bits. Bookmark the permalink.

48 Responses to As The Privacy (lack of) Noose Tightens…

  1. John Hultquist says:

    ” that others won’t even know is happening… ”

    That’s most of the population, and then there are those that know, but don’t have a clue as to what can or should be done.
    My life would be less stressful if I bypassed your lack of privacy discussions.

  2. cdquarles says:

    Are you using a router that Spectrum supplied? If so, I’d suggest making or getting a different one. The only Spectrum hardware I have is their cable modem. The consumer grade router I bought a while back certainly could be buggered. When I bought email service from Proton (Swiss), I got a VPN included.

  3. Ossqss says:

    @EM, I wonder if you configured the netgear as an access point if it will bypass the router settings? Also, can you do a factory reset with the little pinhole? I think that reverts the firmware to factory condition. IIRC, you can manually revert firmware on it also, not positive.

    I use an ASUS AC router and don’t have any challenges like that.

  4. E.M.Smith says:

    @Ossqss:

    Yes, I can reset firmware to factory original (security holes and all…).

    I’d be more inclined to just put Openwrt on it.

    It IS running as an access point (my Netgear).

    FWIW, I’m posting this comment from the Pine64 I had running about 2 months ago in the “Vacation Cottage”. It has PiHole installed. It also seems happy with just about any DNS lookup.

    This needs a little bit more “proving up”, as I just got it running again about 2 minutes ago; but it looks like a workable solution at first blush.

    @CDQuarles:

    Yes. I’m using the Spectrum default cable modem, and their WiFi Access Point “solution”. Why? Because it was quicker and easier to just say “make it go with the ‘usual’ stuff” as a first step.

    IF it becomes a pain (i.e. hard to bypass their “help”) I’ll change that. But for right now it looks like using my infrastructure “one more router removed” will work fine with PiHole as my internal DNS server and with lookups going via *nix server format and not plain old desktop format.

    So things are improved some, with more work required (and proving up). At least enough for the next couple of months.

    @John Hultquist:

    I’m more attuned to it than most due to my SysAdmin history. As the line goes: “You are not paranoid, you are a SysAdmin… they ARE out to get you!” Since the SysAdmin has the key to the company…

    For folks who don’t really care if looking up a new toaster gets you toaster ads for the next week, or where visiting a sporting goods store will get your name and address sold to Cabella’s (and maybe handed over to the FBI / ATF for archiving) since you have “done nothing wrong” and don’t own any guns on the naughty list (or the next one or the one after that…); everything is just fine anyway.

    As I “run a blog” and discuss the politically incorrect: I need to be more cautious about being “outed” and “cancelled” and / or Raided For The Optics. I also don’t like toaster ads for 6 months because I looked at a toaster on Amazon, nor do I want the TLAs told I’m a candidate for a protoscope just because I checked out a link in a comment that I decided needed to be deleted due to what was in said link. (i.e. being cast as a potential Black Hat because I was doing my White Hat fiduciary duty…)

    It’s the old “You don’t need to worry if you are doing nothing wrong…” saw. But some of us do, due to the “nothing wrong” now being made of a moving river of sand, and due to the Cancel Culture Mob moving on to attacking people at their homes (even SCOTUS members…)

    FWIW, you can get about 95% there with just 2 simple things:

    1) Use a whole house network VPN (and one is better than none).

    2) Put up a PiHole DNS server (it’s really easy and cost is about $50 all up, plus it is fun ;-) and point it at the DNS structure servers (plural – ‘recursive’ DNS) not at a “sell your info” public server (singular – open server). Explained in my postings about how to do it.

    FWIW #2:

    I deliberately tend to do it “the hard way” and run head long into the walls simply because I want to know what breaks, and where there are issues. It is a life long Systems Admin habit / behaviour. Poke The Bear so you know where to shoot it (and how to walk by it without waking it up too…)

    So just because I’m bitching about something doesn’t mean there’s not a much easier way to “fix” the issue ;-)

    @All:

    I put 1.1.1.1 in as DNS server in the Netgear and things worked again on the Chromebook. It is the Cloudflare one that claims more encryption:

    https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/

    What makes 1.1.1.1 more secure than other public DNS services?
    A variety of DNS services support DNSSEC. While this is a good security practice, it does not protect users’ queries from the DNS companies themselves. Many of these companies collect data from their DNS customers to use for commercial purposes, such as selling to advertisers.

    By contrast, 1.1.1.1 does not mine user data. Logs are kept for 24 hours for debugging purposes, then they are purged.

    1.1.1.1 also offers security features not available from many other public DNS services, such as query name minimization. Query name minimization improves privacy by only including in each query the minimum number of information required for that step in the resolution process.

    So it may well be that just using a DNSSEC / DoH / DoT server bypasses the Spectrum “whatever it was”. It is also possible I had something wrong when using 8.8.8.8 and / or a reboot of something was needed that I didn’t do (yet). Whatever. “Someday” with lots of spare time I may do more Dig Here! at it. For now I’m OK with 1.1.1.1 for the ChromeBooks IF on Spectrum networks or IF pointed at the lab WiFi. In a week or three I’ll have everything pointed at the PiHole anyway, so only “new connects” from visitors or things I don’t care about (TV) will hit the Spectrum stuff.

    For now I’m just happy to have a Linux Workstation back up and running, my Lab Network up with one more layer of indirection and such between the TVs and low security stuff and my stuff. Oh, and having a PiHole running again, even if little is pointing at it just now (just the Linux Workstation that it is running on…)

    We’ll find out over time if the Netgear Parental Controls is just doing DNS via “family friendly DNS”, or if it is looking at packet IPs. Given the limited hardware, I think it is just a DNS redirection. So me having fixed my DNS bypasses their bypass… near as I can tell. (Maybe I need to try hitting a porn site to test it… Now if only I knew any porn sites… Really. I have no clue where they are these days. I did get to rt.com, so Russia is not being blocked. Wonder if a search on “how to make Sarin Gas” would give me the name of a ‘banned’ site ;-) Seriously, though, you can see how normal SysAdmin testing of things can flag you eight ways from Sunday into bad groups…

  5. jim2 says:

    I just changed my network settings in firefox to use dns over https and used this page to test. Looks like it’s working?

    https://www.top10vpn.com/tools/what-is-my-dns-server/

  6. Power Grab says:

    Today I received an email from a sheet music site. The first two specific songs they offered included not only a song that I did do a search for recently, but also one that I did not search for. However, I did briefly and quietly sing part of the chorus of the second song in the car the other day.

    That reaches a new level of creepiness for me.

  7. rhoda klapp says:

    So I’ve been back in the UK for five years. I no longer have anything to do with the IRS. A few weeks ago I was talking about US vs UK tax with my US-resident sister-in-law and H&R Block was mentioned. Two days later I got an email promoting their services. They don’t operate here, very few people need that kind of help, our tax is simpler to file for the ordinary person. It is evident that my google phone is listening all the time and selling details if certain trigger words are heard. The google assistant feature, their ‘siri’, is turned off. Supposedly. My next phone will be a dumb phone if I can find one.

  8. philjourdan says:

    I can send you a AC 1750. Before the nanny state. No charge. But it is the ole TIO and LIU, I got them to send a new one because their DHCP sucks. BUt I do not think you care about that.

  9. cdquarles says:

    I just checked into DNS over HTTPS. I set my browsers accordingly. I don’t use Chrome, so may have to see how chromium browsers handle DoH.

  10. H.R. says:

    My flip phone is looking better every day.

    I know the location of the phone has to be known, else it could never receive a call. I have voice and text only and no data, but I know everything that goes across that phone is recorded and tucked away.

    Given what Power Grab mentioned about that song she sang, I am wondering if they have set up a ‘Siri’ type of system to pick up on key words and then monetize that.

    A few years ago, I would have never even thought of such a thing but now, who knows?

  11. jim2 says:

    EMS – so you are running the Netgear router right after the cable modem and by setting the netgear dns to 1.1.1.1, it’s using Cloudfare?

  12. E.M.Smith says:

    @Jim2:

    Yes.

    WALL SOCKET -> Cable Modem -> Spectrum WiFi & Router -> Netgear Doing WiFi

    The Spectrum is doing DHCP for both the WiFi it provides and the cable to the Netgear. The Netgear does DHCP for anything connecting to the Netgear WiFi (and its wired ports if I used them).

    Spectrum WiFi Router (that also has 4 wired RJ-45 ports) is 192.x.x.x while the Netgear WiFi (and 4 wired RJ-45 ports, should I use them) is in the 10.x.x.x range.

    As of now, any device on any of the ports or WiFi channels looks to be working on DHCP with the served DNS server IPs.

    The Netgear is serving 1.1.1.1 as the DHCP server (and secondarily another public DNS server). All seems to be working.

    I’ve not yet gone back and done the test of making it 8.8.8.8 again and “breaking it” again, so it is possible that was not the problem and something else was making it not work then (but at that moment I think I did swap back and forth 2 times and had it working / not working with the swap…)..

    Had I known that the Spectrum Cable Modem was not also the WiFi device (as it is for AT&T) I’d have not taken their WiFi router (as I already have one ;-), but I “just wanted it to work” and figured it would be one box as was AT&T. Oh Well.

    The Pine64 does a WiFi / DHCP connection to the Netgear. PiHole is running on it, and it looks to be doing DNS just fine right now (recursive DNS using the normal lookups starting at root servers if needed and walking the tree down to Authoritative Servers); so that looks to be bypassing the DNS from Spectrum too; so Spectrum is likely just picking out the simplest type of DNS request and ignoring the more professional server type. ( and yes, I’m avoiding jargon here to make it clearer to the non-NetworkWeenies what I’m talking about…)

    So, as of now, it looks like only things that are directly DHCP to the Spectrum WiFi router are getting their DNS servers (the TV sets & the spousal Mac). Anything using the Netgear are getting 1.1.1.1 from Cloudflare (or the secondary server if 1.1.1.1 is down, which it never is…) and likely going encrypted. (At least the Chrome Things are… not tested Mac and Android). The Pine64 is its own PiHole DNS server and just ignores the rest. Then anything that I point at the Pine64 in the future will also be using the PiHole.

    At least, that’s what it’s doing today.

  13. jim2 says:

    Awesome. I still have a RPi running around somewhere here. I’ve been meaning to set up Pihole on it for some time. Gotta get more roundtuits!

  14. E.M.Smith says:

    @PhilJourdan:

    Thanks for the offer, but I think I’m OK now.

    @Rhoda:

    That IS spooky… I can think of no other reason than that it was “listening”. So it came in an email? Does your Telco have your email address?

    I don’t have an email tied to 2 of my “Burner Phones”, so that’s one isolation I have. The other phone doesn’t get much use…

    @Power Grab:

    So does your car have internet connectivity? Or was your phone in the car with you when you were singing?

    It’s possible the 2nd song is often liked by folks who like the first song, so only the first triggered a send and the other one was just a “they go together a lot” add on.

    @Per HTTPS / DoH encrypted DNS and others:

    Yup. Very much a good thing to do, like it or not. If enough folks move to an encrypted DNS server, it will starve out the desire by others to invest in the infrastructure to do DNS monitoring / hijacking…

  15. rhoda klapp says:

    I deleted the communication from Block as soon as it came in but it was probably an SMS text now I come to tink of it. And email would indeed have been more spooky although I’m sure they could find a way to get my email. I work on the principle that anything I commit to electrons is in the publc domain.

    (Still wishing I’d made up a few false identities when it was still easy to do so.)

  16. jim2 says:

    Thanks for that Netgear tip, EMS. I have a Netgear router right after the cable box also. Was able to put in cloudfare, a danish DNS service that is supposed to be censorship free, and google. Had to kill the DNS over HTTPS to test, but it works. Put the DNS over HTTPS back on. It also uses cloudfare.

    Do you set your PiHole IP as one of the DNS addresses in your Netgear router?

  17. John Hultquist says:

    From a macro-standpoint, not a personal one, I find the pushing of “stuff” at me a big waste of time and electricity.
    For example, my wife played the violin, and I am offering it to the local college for any use they can put it to. I knew she had a very good bow, so searched the net so as to properly describe it to my contact in the music department. Another: I searched-up “hardest woods” a month ago. Just curious.
    Now when I visit a site, I get ads for violins and bows and specialty woods. The fantastic claims for artificial intelligence are bogus. If they know so damn much about me, they ought to know that I don’t play violin and am not interested in buying expensive exotic hardwoods.

  18. cdquarles says:

    It looks like all Chromium based browsers handle DoH the same way.

  19. H.R. says:

    @John H. – Oh yeah! I search on a bunch of things I’m just curious about so I can learn more. ` But I must have one heck of an adblocker because I rarely see any ads.

    I am also using a VPN that has me located at various places; Ashburn VA, San Jose CA, Ohio State University Airport (?!?), Miami FL, South Boston Mass., Boardman OR, a few others I’ve forgotten. 🥸

    That’s always fun when I search for a store to find their hours or if they have something in stock that I can just go pick up. When I get to the site the default store nearest my VPN egress point there’s almost always has a popup that asks “So and So wants to use your current location. [Allow] [Block]” I just hit the ‘X’ to close the dialog box without choosing an option.

    Sometimes, I’m just looking to see if the chain store carries a particular type of product or brand. Then I use the default store for the city where it thinks I am. 😁

    As E.M. has mentioned a few times, if you can’t mask some details, at least dirty up the trail so it’s hard to stitch together everything about you. To all appearances, I must really get around! I’m liable to pop up anywhere. 🤣

  20. Josh from Sedona says:

    You should look into space boys internet service, you know starlink

  21. philjourdan says:

    1.1.1.1 (one.one.one.one) is legit, but google is blocking it! It is cloudflare, so no more needs to be said,. Use it, But google will block it Which is not bad!

  22. another ian says:

    rhoda

    That “tink” you were having – have you been reading “Bottersnikes and Gumbles” somewhere along the way?

    (https://en.wikipedia.org/wiki/Bottersnikes_and_Gumbles )

  23. beng135 says:

    I use 1.1.1.2 and 1.0.0.2 as DNS servers. In puppy linux, just create an etc/resolv.conf.head file with nameserver 1.1.1.2 on the first line and more servers on additional lines.

  24. E.M.Smith says:

    @PhilJourdan:

    Google blocking it? Is it on a phone?

    @Josh from Sedona:

    The problem is that here in Florida, when we get gully washer rain storms, satellite coms go marginal to offline. (At least for Sat based TV). I may still get it just to play with it and / or for mobile when camping… but for now it’s cable based for the IP TV…

    @Jim2:

    The IPs served by the Netgear as DNS resolvers varies over time. Mostly due to things changing in life. Sometimes as “experiments” and testing stuff. Sometimes just due to the infrastructure evolving. Then there’s the benefit of not having everything going to one place all the time…

    The PiHole ( I actually have had up to 4 of them running at one time…) usually lives on my “Lab Side” of the Netgear, so the Netgear provides it as a preferred DNS. (Sometimes 2 different PiHoles as the only 2 being used). Also, the Netgear itself uses the PiHole for resolutions, so if someone defaults to pointing at the Netgear for DNS, it gets the PiHole result. At least that’s what it was before I tore it all down to move it to Florida ;-)

    I also have some SBC based computers, laptops, etc. that will connect to the House Network sometimes. Some of the SBCs have PiHole built in / running on them. The laptops will point to various other equipment (as do the phones) depending on what network / WiFi spigot they connect with.

    Yes, it’s a bit of a mess ;-)

    Telco/Spectrum Router / Wifi :

    2 TV Sets, Guest Network, The Odd Cell phone / Tablet. An occasional computer. Netgear Router uplink.

    Netgear Lab Router:

    All my Lab gear (except the isolated sandbox), usually My cell phones & tablet & laptops. Various SBCs including the main PiHole (or 2…) etc. Isolation Router uplink. One of my personal TVs / monitor so the Roku gets PiHole filtering.

    Isolation Router:

    Used as a sandbox for various testing and play. Sometimes has its own DNS set up. Various experimental boards and boxes.

    That’s the usual set-up. Though with moving and similar changes it is all disrupted right now (and sometimes gets torn down / reconfigured as I play with / test things.)

  25. jim2 says:

    Do you have the Spectrum router set up for subnets? Or do you even have any subnets at this point?

  26. jim2 says:

    Looks like my Netgear router doesn’t do subnets. I need to look into the Spectrum one to see if it will.

  27. another ian says:

    Re satellites and rain

    Our experience is that just when the rain gets interesting is when the signal goes out and you lose the weather radar

  28. E.M.Smith says:

    I don’t have access to the Spectrum router at this time. I think they said I could download an “ap” to manage it. They have moved away from direct login via the IP address.

    I’ve not set up any subnets. (I.E. I don’t really treat the WiFi routers as anything other than an access point). There’s on IP range for the LAN side and one for the WAN side and that’t pretty much it.

    I don’t really have enough gear to justify more subnets than that anyway. IF I wanted more, I’d likely just use one of my White Box computers with multiple interface cards in it and configure it as a router.

  29. E.M.Smith says:

    Oh Wait!

    Both the AT&T boundary router and the NetGear have a “guest network” feature on their WiFi sides. I had both of them set up and used them. They are each on a different network number range that is chosen by the router (and looked to be selected for easy masking off of the main range in use….)

    So that means they do have a very limited subnet capability.

    I presume the Spectrum WiFi router does something similar.

    So it is something like:

    ……. WiFi Guest subnet
    \/ /\ Telco Router -> Telco uplink range
    WiFi & LAN subnet

  30. jim2 says:

    EMS – for some reason I thought you were running subnets. After reading up on it, I realized it requires multiple NICs. Or, it appears an alternative is VLANs. I do have the guest network configured and have restricted connections to a limited set of hosts. So, I guess the only additional piece for me will the the PiHole on the RPi.

  31. Ossqss says:

    @EM, I directly access my spectrum router via IP. I actually set up my own user on it also to avoid the looooonnnnggg password on the admin user. I think if you look on one of the stickers on the unit (mine is an Arris combo box) it will have the login info if needed. They do have an app, but I like the IP better. BTW, if you want an HTTPS connection to it, you will have to create it as it is raw HTTP by default. I did not change much in the router but did enable the DoS protection and some port forwarding for CCTV remote access, and IPv6. I primarily use my ASUS AC unit for wireless connections as it has a much better range than the Arris unit. The ASUS unit also supports 2 USB networked hard drives.

  32. jim2 says:

    As noted previously, I had set up the Netgear router (it’s just after the Spectrum cable modem) to use Cloudflare, then private DNS server, then google for DNS. Then set up Firefox for DoHttps using Cloudflare. I’ve been checking DNS every day using a web site set up for such. Up until today it was using Cloudflare. Today, google was first on the list ?!?

    So, looking at network settings, the proxy setting was changed from no proxy to use system settings. I set it back to No proxy and now Cloudflare is first DNS server once again.

    Creepy.

  33. Taz says:

    @EMSmith

    YMMV

    IPFire supports DOT out of the box, and NextDNS works with it. If you can find an older board without speculative execution, IPFire also tests for all current Spectre flaws. Those flaws keep expanding :(

    Failing that you could always execute the “VPN entire connection” scheme. Personally, I find that creates new unwanted problems – and find multiple VPN proxies through Privoxy easier to use. You just install a proxy switch on your browser.

    Everyone is engaged in DNS fraud these days. Did you ever muzzle your Rokus? Blocking Google DNS is just the first step, there are another 100 sites to block according to some well worn lists.

    It takes a lot of work just to muzzle and prevent TVs from phoning home just at the initial power on. We keep a ready supply of pocket routers onhand just to fool them. They demand an IP address or will nag you constantly. Samsungs have been caught phoning home over a neighbor’s open wifi. They will find a way to call home.

  34. jim2 says:

    I was certain to get a TV that didn’t have to be connected to the internet. Of course the cable company is still monitoring no doubt.

  35. E.M.Smith says:

    I got a couple of TVs (one used as a monitor mostly) that are “Dumb” and then used with an outboard Roku which requires “configuration” to talk to the internet. Normal TV use doesn’t do any internet stuff and the ROKU can be pointed to my private network (that doesn’t always have an uplink to the internet turned on…)

    One TV, an LG, has its own built in LG OS & Apps in addition to the outboard ROKU. I don’t really care if the LG side “phones home” as it doesn’t really know what we are watching / doing (as that is via the ROKU).

    We just got a new TV (presently in the guest room) that has a built in ROKU. It seems more “chatty” with the cable company… During set-up it asked way too few questions for the configuration it did. Seems to “know” that it’s on the same network / location as the other registered Roku devices, so just inherited all their settings / passwords. Very nice and convenient, though a bit of a privacy / security worry…

    I’m generally not worried, though, that the Cable Company and / or ROKU know that we watch a lot of classical Disney, old movies, and YouTube videos of camping or tow trucks (Matt’s Off Road Recovery). Yeah, a real hotbed of revolution there /sarc;

    Mostly what they will find out is that I don’t have time to watch much TV at all, and the spouse likes 1960s & ’70s TV shows… So “Murder She Wrote” and “Mayberry RFD” are biggies, as is Blue Bloods from the newer era… (Her Mom worked in the DA’s Office so she grew up with stories of cops & the DA putting away criminals…)

    Yeah, we’re a largely “Law Enforcement” oriented family. ( I was in a Law Enforcement Eagle Scout troop – we did the “traffic cops” at the Jamboree, for example; plus being White Hat Computer Security for about 35 years keeping Bad Guys out of major corporations…) Since all of that is known and we’re happy to say it in public: not much worry about the “sniffers” finding out we like Cop Shows ;-)

    Oh, and when I have the PiHole set up, it filters a lot of the Roku DNS lookups anyway, and blocks a fair amount of the commercials on some channels too ;-) so between the DNS filtering and putting it on an isolated “TV Network” (guest network) it isn’t like it can see any of the computer traffic going on… even if it wanted to.

  36. The True Nolan says:

    @EM: “Mostly what they will find out is that I don’t have time to watch much TV at all, and the spouse likes 1960s & ’70s TV shows…”

    TLA conversation: “Hey Fred! Gotta a guy here named Smith. Doesn’t seem to be consuming his ration of brainwashing. Think we need to put an extra eye on him?”

    “Don’t know. Might be nothing. Give me a minute. Let me check his social narrative normalcy levels, and nonfiction data input… Looks like… HOLY CRAP! CALL THE BOSS!!”

  37. Taz says:

    @The True Nolan

    You really never know what they will do with information, and over time, that buildup could be used to prove damning things.

    Why it’s so important to insure that information is both withheld AND poisoned.

    Even better if you can give up all of it.

  38. The True Nolan says:

    @Taz: “You really never know what they will do with information, and over time, that buildup could be used to prove damning things.”

    Very true — and yet that does not bother me much. No matter what you say, no matter how non-violent you are, no matter how within the law you are, if they WANT you they will get you. Evidence is only important when the Rule of Law in functioning. The GEBs will frame you if needed, just as they will kill you if needed. They don’t need evidence because they don’t need proof. The only advantage to keeping a low profile is that they are less likely to worry about you. Unfortunately, when too many people keep low, the GEBs win. The big question: How low is too low? How high is too high?

  39. p.g.sharrow says:

    My nature is to attack danger, Get in it’s face!
    In my experience some people will run from danger while others will attack it. This seems to be hard wired / genetic and nothing to do with bravery, might even be foolishness. So in the case of GEBs and their 3 letter agencies I’d rather they waste their time on me and not get around to troubling someone else. Besides , I find in the long run it costs them as much as they hurt me. I ain’t dead yet !

  40. H.R. says:

    If you have a backhoe, TTN, it’s all good.

    “Yeah, they were here a couple of days ago. I answered their questions then they left.”
    😉

  41. E.M.Smith says:

    Backhoe? Sounds like too much work to me… just need a pig pen…

  42. The True Nolan says:

    @EM: ” just need a pig pen…”

    That can’t be right! Pigs can operate a backhoe?! :)

  43. p.g.sharrow says:

    pigs are both disposal and backhoe !

  44. Taz says:

    @The True Nolan

    The value of “surprise” should never be underestimated. If your internet sanitation habits are good, that’s a small investment with high potential yield.

    You only need to be faster than the slowest bear food…..

    Would never suggest that someone test their footprint, but if it happened…say during a job application. “We just can’t find anything about you online” – you’ll know you are living right :)

    Haven’t all of us chuckled at the antics uncovered by employers searching social media sites? “Just who I wanted to hire – an alcoholic!” or “And how many abortions will you expect ME to pay for?”.

    The stupid ones will always volunteer information. Always. A prospect with a small footprint might be a criminal – or an individual you just might kill to hire.

    After all, they have a demonstrated ability to keep their mouth shut. Imagine that ability voluntarily given to YOUR efforts. Everyone wants a Liddy.

  45. E.M.Smith says:

    The basic problem is pretty simple:

    IF you keep a low profile, practice internet “sanitation” well, dirty the trail some, etc. etc. you can avoid being “outed” and “doxed” by amateurs and by mid-skill commercial operations.

    OTOH, a Government TLA can always find you due to required government filings. One Example: As a Smith, my name is functionally anonymous. There were even 5 of me at Apple. However, a Gov. TLA can find the SSN of those five, then look up their addresses from the last tax filing, then figure out which one moved from California to Florida, and come knock on my door. Easy peasy.

    So you can do all the protective behaviour you want, but it will not be enough if a Gov. TLA wants you. (Note that even Silk Road was taken down when they had spent decades protecting EVERY scrap of information and were technically nearly perfect at trail hiding. All it took was one tiny little hint of information from a decade+ back, and then lots of agents pulling on that string…)

    For every risk, there’s a budget needed to overcome it. When the “risk” is a government TLA with $Billions of budget, your needed budget (for time, tech expertise, record expunging, relocations, false IDs, etc.) runs at least into the $Millions; and when you are in that league, you are tracked and known anyway…

  46. jim2 says:

    I don’t know of any examples of this, but … some subsets of religion may take the current anomalous actions by governments and other entities as a sign this is the beginning of the end. They might take a fatalistic outlook that it is God’s will. In that case, they might not put up even a political fight, much less any other kind.

    Thoughts?

  47. E.M.Smith says:

    Buddhism in general tends to a bit of fatalism… / complacency.

    Gang Green seems fixated on a kind of “End Of Days” dystopia, so seem agreeable to “the end is nigh!”…

    Hinduism tends to be fatalistic.

    Shia Islam expects an end of the world kind of holocaust to indicate the triumph of Islam, so would welcome it.

    Don’t know if any of that helps…

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.