0

Winston Tweaking and Tuning Guide

Winston Tweaking and Tuning Guide

If you just received your Winston, you’re probably pretty excited to get it set up and working optimally for your particular needs. We’ve done our best to provide a couple of default setups that work for most people, but we know from chatting with new customers that these settings aren’t always ideal.

This guide is intended to quickly walk you through the major settings you can change to get things working the way you like.

Initial Configuration

During setup, you are given the option to activate Aggressive Filtering and the Privacy Mesh Network. Let’s go over what each one does and the options.

 

Filtering

Winston is configured to High Compatibility Filtering by default, but for those who want even more online privacy, you can activate Aggressive Filtering. Here’s the difference: 

  • High Compatibility Filtering Mode: Installs a number of recommended privacy filters that block most ads, trackers, and bloat from your network with little to no impact on compatibility with your favorite devices. This Filtering Mode is ideal for new Winston users, those who want a more "hands-off" experience, and those who are more concerned with improving their browsing speed.
  • Aggressive Filtering Mode: Installs additional privacy filters that block even more ads, trackers, and bloat. There are relatively few compatibility problems, but you should still set up Modules (described next) and the browser extension to resolve any problems with sites or services which act up due to blocking. The Aggressive Filtering Mode is ideal for users who want the highest amount of privacy and don't mind tweaking their setting occasionally to resolve any compatibility problems with websites and services.

Tip 1: You can activate these settings from the dashboard or go back to the setup pages at any time while on your Winston network (on the setup pages, your change will take place immediately after clicking the “Next” button).

Tip 2: You can view the actual filters that are activated by each mode by visiting your privacy settings. You can also customize which filters are active.

    Privacy Mesh Network

    The Privacy Mesh Network hides your physical location and cloaks your identity by scrambling your internet traffic with up to 30 other anonymous Winston devices (known as “connected peers”). 

    When activated, Winston will automatically route both inbound and outbound traffic through numerous other Winston devices, selecting new devices every 10 minutes. Your traffic is mixed anonymously with that of other users, making it impossible for trackers to connect individual users with their IP addresses.

    We recommend new users skip activating the privacy mesh network during setup until they are comfortable using Winston. If you do activate the Privacy Mesh Network during setup, it is set to High Risk Sites Only (more on this below). You can always change this setting directly from the dashboard or in advanced settings.

     The Privacy Mesh Network has 4 available settings: 

    • Disabled – All participation in the private network is disabled. You will not receive the benefit of having random traffic injected on your network, nor will your requests or IP address be cloaked. This is the fastest setting. Users with slow uplink speeds may wish to choose this setting.
    • Ignore – Your local activity will never be scrambled over the private mesh network but you will still receive the benefit of having traffic randomly scrambled over your local IP, which obscures your internet activity. This is generally just as fast as the “Disabled” setting, unless you have a very slow uplink speed on your network.
    • High Risk Sites Only  – Sites deemed by Winston to pose the greatest privacy risk will be scrambled over the mesh network. Other sites will connect locally. You will also receive the benefit of having traffic randomly scrambled over your local IP, further obscuring your actual internet activity.
    • Enable – All traffic goes over the private mesh network. Generally recommended only for the paranoid as the private mesh network will be a little slower than routing locally.


      Choosing Compatibility Modules

      If you’re running in Standard mode, it’s important to review Winston’s compatibility modules and install any which might be applicable in your home.

      Compatibility modules are curated sets of rules that are designed to make specific apps and websites work without the need to manually troubleshoot and whitelist them.

      For instance, Winston aggressively blocks data leaks so you might notice that Google Calendar and Gmail have trouble making scheduling and invite suggestions. You can readily fix that while not revealing everything about your personal life to Google by selecting the “Gmail and Google Calendar” module:
       
      Another really common use case we encounter is that the Facebook app on iOS requires access to its social graph in order to view comments. So if you can’t convince your family to stop using the Facebook app on their iPhones, the “Facebook and Instagram” app will let it through.

      Tip: The setup website will quietly analyze your network traffic in the background and attempt to make some recommendations. Often, setup is so fast that there’s not enough time to gather data, so you can return to this page a day or two after initial setup to see if there are some new recommendations available. You can toggle these on at any time.

      http://setup.winstonprivacy.com/modules

      If you prefer to browse through all available modules, you can do this from our dashboard at Privacy Settings > Modules or just click the following URL:

      https://my.winstonprivacy.com/modules

      Our team is always adding new modules to our library and we welcome feedback from users! If you find a particular domain that you have to whitelist to make some app work that is not in our modules library, let us know and we can potentially share it with other users.

      Note: Module recommendations are not available in the current version of the dashboard. We’re working on a new version and they will be there soon.

      Update: You can also access modules from our new mobile app, coming very soon.

      Advanced Tweaks

      Winston used to offer an “Advanced” setup option but we found that many users were accidentally shooting themselves in the foot with it. This mode turned all privacy protection options to their highest settings, which then required a lot of up front tuning to get things working properly on the local network.

      Some people like this but it isn’t suitable for most of our users. If you're in the former group, we’ll walk through the effects of individual settings so you can tweak things exactly how you want them.

      Find these settings here:

      Privacy Settings >> Advanced Settings

      https://my.winstonprivacy.com/advanced

       

      • Enable Winston – this is a master kill switch which effectively takes Winston offline. If you encounter a problem, there’s no need to unplug the device. This should make everything work the way it was originally intended.
      • WAN Address – If running Winston in front of your wireless router, this will usually be your public IP address. It will be the IP which was assigned to Winston if it’s running behind the router.
      • LAN Address – (read only) the IP which Winston assigned to your local wireless router, or the IP which was assigned to Winston if it’s running behind the router.
      • Passthrough Mode – If Winston has only a single IP behind it (ie: a wireless router will have one IP but a switch will have multiple) then Winston will automatically passthrough IP traffic to it. If passthrough mode is not enabled, then you’ll have to manually set up port forwarding rules if needed (found in Advanced Settings).
      • Intercept HTTP/S Traffic – These two toggles enable Winston to intercept traffic on port 80 and 443. This enables Winston to log traffic, analyze it and display it in “Live View”. If turned off, then HTTP/S traffic will not route over P2P. These toggles should generally be on unless you are temporarily turning them off for debugging purposes.
      • Filtered DNS – This enables network wide ad blocking on devices that don’t support the web extension (ie: most of them). This generally should be on. If turned off, the web extensions will continue to function but other devices will be unprotected. Note that your local DNS activity will still be encrypted and hidden from your local ISP, even if disabled.
      • Enable Extensions - Deactivates all Winston browser extensions on the local network. Can take a few minutes to take effect.
      • Smart Blocking – This enables rate limiting of connections made to websites which pose a lesser degree of privacy risk. It essentially enables those websites to occasionally connect for a short period of time in any 24 hour period but then shuts them down the rest of the time. This greatly improves compatibility with mobile apps and connected devices. Only the truly paranoid who don’t mind manually troubleshooting should disable it.
      • Encrypt HTTP Requests – If enabled, will encrypt normally encrypted data (HTTP) and route it over the distributed privacy mesh network. This prevents the data from being inspected and/or modified by your local ISP.

      Privacy Mesh Network

      As mentioned above, there are several choices for this setting (you can also change this setting directly from the dashboard):

      • Disabled – All participation in the private network is disabled. You will not receive the benefit of having random traffic injected on your network, nor will your requests or IP address be cloaked. This is the fastest setting. Users with slow uplink speeds may wish to choose this setting.
      • Ignore – Your local activity will never be scrambled over the private mesh network but you will still receive the benefit of having traffic randomly scrambled over your local IP, which obscures your internet activity. This is generally just as fast as the “Disabled” setting, unless you have a very slow uplink speed on your network.
      • High Risk Sites Only (recommended setting) – Sites deemed by Winston to pose the greatest privacy risk will be scrambled over the mesh network. Other sites will connect locally. You will also receive the benefit of having traffic randomly scrambled over your local IP, further obscuring your actual internet activity.
      • Enable – All traffic goes over the private mesh network. Generally recommended only for the paranoid as the private mesh network will be a little slower than routing locally.

      Web Extensions

      During the setup process, you will be prompted to install the web extensions. If you didn’t install them at the time, you can always go back and do so here:

      http://setup.winstonprivacy.com/extensions

      The extensions are strongly recommended if running in “Standard” mode.If you're in "Fast" mode, they are only useful in helping you click through ads that would otherwise be blocked (ie: Google or Facebook ads that you might actually want to see).

      Here’s what the web extensions do:

      • Easily whitelist a site that’s acting up due to being blocked by Winston. This will enable the website to work as well as all of the subrequests made on that page. Just click the icon in your browser toolbar and flip the purple toggle switch at the lower right of the popup.




      • AI smart cookie filtering - Unlike your browser, which will block third party cookies only, our AI is clever and blocks tracking cookies hidden in first party requests. It will do so with an eye towards maintaining compatibility by selectively rewriting suspicious cookies to expire more quickly. For instance, instead of Youtube following you around for 5 years, Winston expires the tracking ids after 24 hours.
      • Blocks hidden tracking ids – Even if you have multiple ad blockers installed, Chrome still sneakily sends a unique identifier for your browser back to Google. Winston blocks this as well as many other types of hidden identifiers which are injected into URLs, HTTP headers and URL parameters.
      • Enables automated Captchas to work – Many pihole and ad block users report issues with Captchas. Winston’s web extension enables them to work properly so browsing the web doesn’t become a constant annoyance.
      • Stops Browser Fingerprinting – The constant war on cookies has forced many advertisers to resort to cookieless fingerprinting techniques. These techniques can even track you in Incognito mode. Winston’s web extension injects a powerful anti-fingerprinting library into every page. This library introduces data entropy into the API calls used by fingerprinting algorithms, tricking them into thinking they have uniquely identified you when in fact they are simply receiving random noise.
      • Website Benchmarking – The upper left icon of the web extension offers a benchmarking option to compare filtered and unfiltered site speed. It’s a fun way to see the real cost of time and data you’re paying to let companies spy on you.



      Have tips, suggestions or questions about tweaking your Winston? Reach out to our support team for answers!