pull down to refresh

110 sats \ 1 reply \ @om 21 Mar 2023
I think there needs to be more use of gemini:// browsers exactly because of this crap.
reply
Very interesting
reply
Must haves:
  • Decent browser with some fingerprinting resistance
  • Decent VPN (ivpn, mullvad, proton)
  • libredirect extension (though ideally the Alexa top 500 should have proxied non-JS version)
  • VMs for private browsing (at least some of the time)
reply
any suggstions for the browser?
reply
LibreWolf might be a good option.
reply
librewolf is great. Basically hardened Firefox
reply
Install Librewolf and Firefox. Visit fingerprint.com on both (I'm getting the exact same fingerprint across these browsers, yes with resistFingerprinting=true on both)
I don't know what hardened means anymore.
reply
Interesting, thanks for sharing your experience. Did the same test and have different fingerprints. I wasn't even using a VPN. Its an arms race though. These ad companies are constantly trying to defeat privacy tools.
Are you on Linux btw?
reply
That's interesting. Maybe it depends on the OS?
It's definitely an arms race. Those sneakerbots are some sophisticated shit to constantly get around fingerprinting and bot detection.
I'm hoping that the value-for-value movement will help end this fiat ad monster: https://dergigi.com/2022/12/18/a-vision-for-a-value-enabled-web
reply
Use different browsers (Brave, Firefox, ungoogled chromium) if possible also in disposable VMs, on a VPN with custom DNS to remove trackers.
Have a browser for KYC browsing/logins exclusively.
reply
It's terrible and not taken seriously enough.
Remember that privacy is like a chain, one broken link breaks the whole chain. A history of detectable fingerprints and one single KYC login and your whole history is exposed.
Even when the fingerprint.com demo shows different IDs they can run some basic heuristics and detect manipulated params (in the same way chain analytics companies do with coins). Who knows, they might have private APIs for "special" clients.
An interesting one is https://abrahamjuliot.github.io/creepjs/ , try it out in a regular window and in a private window with resistFingerprinting=true.
Unfortunately two of the most promising anti-fingerprinting approaches seem abandoned now:
Regular web browsing these days (because of the browser APIs increasing attack surface) requires far more trust than what it seems. It's like calling a plumber to fix the toilet but he enters the house with a GoPro on his head and records your living room.
We visit a website for one purpose but we have no idea what purposes they have and by the nature of the web it's practically impossible to verify releases like with an open source desktop program.
A good browser is necessary, a VPN as well, but it's definitely not enough.
reply
I hate web browsers. They are the "throw a handfull of darts one is sure to hit the bullseye" philosophy of software engineering, that leads to a steady bloat of features and security vulnerabilities multiply upon each other.
In general, if there is a dedicated app, choose that, don't use a web browser. Unfortunately people make too many mobile apps and not enough desktop apps for my needs. I don't use the web for much other than searching for programming info and shopping but it pains me every time I see an EU mandated cookie message.
reply
More gemtext less HTML :)
Agreed, more desktop apps are needed: easier to verify releases, no cookies or fingerpints (?), easier to block or inspect outgoing traffic, much better offline support.
reply
There is countermeasures in some browsers, Brave has it built in. But the web browser all singing all dancing everything application platform is so friggin complex that leaking data around is basically impossible to completely avoid. It's a total dumpster fire of a security model. Give me open source, signed releases and native applications on all platforms from one codebase!!!!!1
reply
Check the following list https://privacytests.org/
reply