the default Trisquel DNS server being google's
It was a human error that affected some users of Trisquel 6 and was corrected
in Trisquel 6.0.1. You use Trisquel 7, don't you? If so, you need not worry
about that.
But first, it means that I can forget about using Tor on Icecat, right?
I was told on this forum that Icecat's private mode goes through Tor.
I remember that Tor (through Icecat) can prevent displaying images and
videos.
Is it Tor related? I am not sure (but I am no Tor expert). It looks like an
independent rule that would block third-party content (i.e., content sent by
sites that are not the one you accessed). Third-party content is common.
Advertisement, spyware... but also legitimate content.
But I wonder if using Tails on a non-free machine (with a non-free BIOS)
would prevent keylogging for example.
As lembas said:
If the malware is in firmware directly embedded in the hardware, then the
target is doomed. And yes, it is practical, the "Equation Group" (part of the
NSA) does it:
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
But inserting malware in Linux's blobs (that Tails ships, whereas Trisquel
does not) is an additional hazard and it is technically far easier if the
objective is the surveillance of all Linux users, Android users included.
Oh, and the VPN. Should that be used at all times?
The basic idea behind a VPN is that of a proxy you talk to in an encrypted
way (messages between your computer and the VPN cannot be understood without
the private key of the VPN). The site you are contacting believes it is
ultimately talking to the VPN, not your computer.
It is not perfect though. A secret agency could deanonymized you. For
instance, by listening to what is going in/out of your computer, what is
going in/out of the VPN you use and making correlations (on the timestamps
and the sizes of the packets). Tor solves that problem with a onion structure
that you can see as layers of VPNs: you send messages to a site through,
typically, three VPNs (when you sent a message, you encrypt it with three
their three public keys).
That certainly is a simplified vision (@anyone: please explain better and/or
correct me). Anyway, my point is: if you use Tor, then there is little point
in using an additional VPN... unless you want to hide your use of Tor... but
that is quite easily detectable and you would then be regarded as someone
using Tor and trying to hide it!
Free or paid VPN is another one (in terms of privacy).
There is always a risk that the VPN is under the control of whoever wants to
spy on you. I guess such VPNs usually are gratis to be more attractive.