• Mighty Orbot
    link
    fedilink
    026 days ago

    @misk I think your federation software is broken. In Mastodon, the urls in your posts just lead back to themselves every time, not out to an external article.

    • sunzu2
      link
      fedilink
      126 days ago

      Mbin will now load pictures within the comment?!

        • @misk@sopuli.xyzOP
          link
          fedilink
          English
          526 days ago

          I’m aware but the degree of compatibility differs. Lemmy to Mastodon is pretty smooth but subOP is using some different microblogging platform it seems.

      • Mighty Orbot
        link
        fedilink
        026 days ago

        @OpenStars That was my point. I can open the post on its own server and see it as intended. But the federation part of the Lemmy (?) software is clearly not generating the right data.

        • @OpenStars@discuss.online
          link
          fedilink
          English
          326 days ago

          @mighty_orbot@retro.pizza

          What I mean is, the link in a Lemmy community when viewed from a Lemmy instance works just fine. So it’s not broken at that level.

          I can’t speak to how it comes across to Mastodon, or your particular method of access to that, as you showed in your screenshot. In general, instances running the Mbin software seem to work better to access both Lemmy and Mastodon, but overall communication between Mastodon and Lemmy seems not perfect, as you said.

        • @sem@lemmy.blahaj.zone
          link
          fedilink
          English
          125 days ago

          What is it like, reading Lemmy on Mastodon? Is it like one post with many replies? Or do they nest like in Lemmy?

    • dsilverz
      link
      fedilink
      526 days ago

      @mighty_orbot @misk I’m using Friendica. From here, the links are normal. As it’s also not Lemmy, I guess it’s a Mastodon-specific (or even instance-specific) problem.

  • @Zarxrax@lemmy.world
    link
    fedilink
    English
    7326 days ago

    Would it be possible for a browser or extension to just provide false metadata in order to subvert this type of fingerprinting?

    • @JackAttack@lemmy.dbzer0.com
      link
      fedilink
      English
      61
      edit-2
      26 days ago

      So from what I understand, theres 2 common ways that browsers combat this. Someone add to or correct me if I’m wrong.

      1. Browsers such as Mull combat this by looking the same as every other browser. If you all look the same, it’s hard to tell you apart. I believe this is why people recommend using default window size when using Tor.

      Ex: Everyone wearing black pants and hoodies with the facemasks. Extremely hard to tell who is who.

      1. Browsers such as Brave randomize metadata that fingerprinting collects so that it’s more difficult to piece it all together and build a trend/profile on someone.

      Ex: look like a dog in one place, a cat in another place. They get data for a dog but that doesn’t help build anything if the rest of the data is a cat, hamster, whatever. No way to piece it together to be useful.

      In both my examples, there are caveats. Just because everyone dressed the same doesn’t mean someone isn’t taller or shorter, or skinnier or fatter. There can still be tells to help narrow down. Or a cat that barks like a dog suddenly is more linkable to a dog if that makes sense lol.

      In other words it still depends user behavior that can contribute to the effectiveness of these tools.

      EDIT: got distracted. To answer your question I don’t think so. I think it’s more about user behavior blending in or being randomized. I think the only thing an extension would be able to do is possibly randomize the data but I’m unsure of such an extension yet. These aren’t the only options, these are just ones I’ve read about recently. Online behavior, browswr window size, and I’m sure so much more also goes into it. But every little bit helps and is better than nothing.

      EDIT2: Added examples for each for clarity.

        • sunzu2
          link
          fedilink
          1626 days ago

          Fennec is similar and is maintained

          There is a fork of mull too

          • @sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            2
            edit-2
            25 days ago

            I went back to Fennec. We’ll see if a fork survives long term.

            I just want Firefox on F-Droid, and Fennec has been that for years. I only switched because I got a new phone and figured I’d try Mull.

          • Ulrich
            link
            fedilink
            English
            1226 days ago

            Mullvad browser and Mull were not affiliated.

            • masterofn001
              link
              fedilink
              English
              126 days ago

              That’s why I said (from the actual vpn folk)

              The two were often conflated because “mull” in the name. They also used many of the same resources for the prefs.js and other tweaks. (Arkenfox, tor uplift, etc)

      • Dr. Moose
        link
        fedilink
        English
        526 days ago

        The first point is flawed and even TOR doesn’t execute javascript because it’s impossible to catch everything when you give the server full code running capabilities.

        The second point is more plausible but there’s an incredible amount of work to do to fix this. Like, needing to rework browser engines from ground up and removing all of the legacy cruft. Brave is not capable of this and never will be no matter what they advertise because it doesn’t have it’s own engine.

        That being said, these tools will get you quite far against commercial fingerprint products especially ones used for Ads but that will also ruin your browser experience as now you’re just solving captchas everywhere 🫠

    • fmstrat
      link
      fedilink
      English
      226 days ago

      Others have mentioned what Firefox/etc do, but another option is a PiHole. If you can’t look up the IP for an advertiser URL, you don’t load the JavaScript to begin with.

    • Ulrich
      link
      fedilink
      English
      326 days ago

      Yes but that metadata is also used to serve you the webpage, so if you spoof it, the page may not load properly.

    • Dr. Moose
      link
      fedilink
      English
      1026 days ago

      No. Anything that executes Javascript will be fingerprinted.

      That being said it depends who are you fighting. For common commercial tools like Cloudflare fingerprinter it might work to some extent but if you want to safeguard against more sophisticated fingerprinting then TOR and no JS is the only way to combat this.

      The issue is that browsers are so incredibly complex that it’s impossible to patch everything and you’ll just end up getting infinite captchas and break your browsing experience.

    • @kipo@lemm.ee
      link
      fedilink
      English
      826 days ago

      Yes. There is a firefox extension called Chameleon that does this.

  • @WorldsDumbestMan@lemmy.today
    link
    fedilink
    English
    -2125 days ago

    I don’t bother. I know they know everything about me already, and that I’m not an important person. As such, I wonder why it matters.

  • Phoenixz
    link
    fedilink
    English
    5325 days ago

    Yeah, I have an anti fingerprint extension installed in Firefox, and immediately no Google site will work anymore, all google sessions break with it while most other sites just continue to work.

    I’m working to rid myself completely from Google, my target being that I will completely DNS block all google (and Microsoft and Facebook) domains within a year or so. Wish I could do it faster but I only have a few hours per weekend for this

      • ᴀᴍʙɪᴠɪᴏʟᴇɴᴛ
        link
        fedilink
        English
        29
        edit-2
        25 days ago

        Hi, here are the extensions I use in FireFox/Librewolf (all will work in Chromium too, but I don’t recommend Chromium browsers):

        Privacy and Security-focused

        uBlock Origin: A lightweight and efficient wide-spectrum content blocker.

        Decentraleyes: Protects you from tracking through free, centralized content delivery. (not recommended alongside uBlock Origin; see the reply below)

        CanvasBlocker: Protects your privacy by preventing websites from fingerprinting you using the Canvas API.

        Ghostery Tracker & Ad Blocker - Privacy AdBlock: Blocks trackers and ads to protect your privacy and speed up browsing. Also has a handy feature that automatically rejects cookies for you. (not recommended alongside uBlock Origin; see the reply below. You can disable the ad blocking functionality and keep the cookie rejection function).

        KeePassXC-Browser: Integrates KeePassXC password manager with your browser.

        NoScript: Blocks JavaScript, Flash, and other executable content to protect against XSS and other web-based attacks (note: you will be required to manually activate javascript on each web page that you visit, but this is a good practice that you should get used to).

        Privacy Badger: Automatically learns to block trackers based on their behavior. (not recommended alongside uBlock Origin; see the reply below)

        User-Agent Switcher and Manager: Allows you to spoof your browser’s user-agent string (avoid creating a unique configuration; opt for something common, such as Chrome on Windows 10).

        Violentmonkey: A user script manager for running custom scripts on websites (allows you to execute your own JavaScript code, usually to modify how a website behaves or block behavior that you don’t like. VERY useful. Check out greasyfork for UserScripts).

        Other useful extensions (non-privacy/security)

        Firefox Translations: Provides on-demand translation of web pages directly within Firefox.

        Flagfox: Displays a flag depicting the location of the current website’s server.

        xBrowserSync: Syncs your browser data (bookmarks, passwords, etc.) across devices with end-to-end encryption.

        Plasma Integration: Integrates Firefox with the KDE Plasma desktop environment (for linux users).

        • @helloyanis@jlai.lu
          link
          fedilink
          English
          1225 days ago

          Thanks for the list! Although most of the time it’s advised to not use multiple adblocker in tandem, because they might conflict with each other and get detected by the website. For example, uBlock origin has, in its settings, an option to disable JavaScript and in the filter list, an option to block cookie banners “Cookie notices”. But if all of these work for you that’s great!

        • @aceshigh@lemmy.world
          link
          fedilink
          English
          3
          edit-2
          25 days ago

          How do these extensions work with ubo?

          On a different note. Your name used to be my nickname lol thanks for that memory.

          • ᴀᴍʙɪᴠɪᴏʟᴇɴᴛ
            link
            fedilink
            English
            225 days ago

            They work well on desktop and mobile (firefox). As the other replier stated, you may want to avoid using multiple ad blockers (decentraleyes, privacy badger, and ghostery) alongside UBlock; and NoScript’s functionality can be achieved with UBlock.

            Lol the name came from a ironscape clan member from my osrs days. I don’t suppose that’s you?

  • @Ledericas@lemm.ee
    link
    fedilink
    English
    626 days ago

    its captcha v3, its the same thing reddit uses to catch bots and ban evaders, apparently its expensive for reddit so they only mostly use it for ban waves.

  • @9point6@lemmy.world
    link
    fedilink
    English
    5026 days ago

    Further evidence that a Republican government in the USA results in private organisations pushing the bar as far as they can.

    In Reagan’s time it was Wall Street. Now it’s Silicon Valley.

    You want private organisations working for your benefit and not that of their shareholders? You need a government that actually has the gumption to challenge them. The current US government is 4 years of a surrender flag flying on the white house.

    Or we could bin off this fucking failed neoliberal experiment, but that’s apparently a bit controversial for far too many people

    • @One_Blue_Shoe@lemmynsfw.com
      link
      fedilink
      English
      726 days ago

      Having the gall to suggest we not allow less than 3000 people to own all of the worlds supply lines, media platforms, institutional wealth, construction companies, dissemination platforms, politicians, private equity firms and the single largest interconnected (private or otherwise) espionage and social engineering plot known to mankind?

      You fucking tanky you! Go back to Russia!!!

    • @sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      125 days ago

      Republicans aren’t the problem here, they’re a natural result of a two party system. If you have a coin, half the time you’ll get the “good” side, and half the time you’ll get the “bad.”

      And this isn’t to say either side is consistently “good” or “bad,” parties rarely stick anything. The deregulation you’re complaining about started under Jimmy Carter, affectionately called “the great deregulator.” In fact, many (most?) of Carter’s changes took effect during Reagan’s term, and it was incredibly successful.

      However, for some reason Democrats are now against deregulation, probably because Republicans took the credit and Democrats needed to rebrand.

      That doesn’t imply that Trump’s deregulation is “good,” it just means deregulation isn’t inherently “bad.”

  • lost_screwdriver
    link
    fedilink
    English
    2725 days ago

    Time for a user agent switcher. Like “Yeah, I swear, I’m a PS5, that has only monospaced comic sans insrelled”

    • ᴀᴍʙɪᴠɪᴏʟᴇɴᴛ
      link
      fedilink
      English
      1425 days ago

      Jokes aside, keep in mind that the idea of fingerprinting is that your computer’s configuration is as unique as a fingerprint (e.g., your monitor is x resolution, you are on this operating system, you are using these following extensions in this browser, you have these fonts on your system).

      Setting your user agent to something super unique is basically shining a spotlight on yourself.

      I recommend this user agent switcher extension (firefox)

      • @Huschke@lemmy.world
        link
        fedilink
        English
        8
        edit-2
        25 days ago

        It’s way worse than that.

        Even if you somehow magically have the same settings as everyone else, you’re mouse movement will still be unique.

        You can even render something on a canvas out of view and depending on your GPU, your graphics driver, etc the text will look different…

        There is no real way to escape fingerprinting.

        • ᴀᴍʙɪᴠɪᴏʟᴇɴᴛ
          link
          fedilink
          English
          525 days ago

          I have a novice coding question using the mouse tracking as an example: Is it possible to intercept and replace mouse tracking data with generic inputs? For example, could you implement an overlay that blocks mouse interactions, and instead of physically clicking on elements, send a direct packet to the application to simulate selecting those elements?

          • @BradleyUffner@lemmy.world
            link
            fedilink
            English
            825 days ago

            Yes, it’s possible. That’s the way a lot of automated web UI testing tools work. The problem with doing it during normal browser use is that your intentional actions with the real mouse wouldn’t work right, or the page would start acting like you clicked on things you didn’t click on.

    • @shortrounddev@lemmy.world
      link
      fedilink
      English
      27
      edit-2
      25 days ago

      Fingerprinting unfortunately uses more than useragent strings. It takes hashes of data in your browser from a javascript context that is not easily masked or removed. For example, it might render a gradient of colors projected onto a curved 3d plane. The specific result of this will create a unique hash for your GPU. They can also approximate your geolocation by abusing the time-to-live information within a TCP packet, which is something you can’t control on the clientside at all. If you TRULY want to avoid tracking by google, you need to block google domains in your hosts file and maybe consider disabling javascript on all sites by default until you trust them. Also don’t use google.

      • JackFrostNCola
        link
        fedilink
        English
        223 days ago

        How must it feel being clever enough to come up with these ideas and then implement them for companies invading everyones privacy for advertisement revenue and malicious information serving or stealing.
        I guess they sleep soundly on a fat bank account.

  • RejZoR
    link
    fedilink
    English
    3826 days ago

    Good thing I erased Google out of my life a decade ago meaning I can much easier block even more of their everywhere present garbage and not have issues.

      • @perfectly_boiled_pizza@lemmy.world
        link
        fedilink
        English
        1426 days ago

        It’s a nice feature for those that actively enable it and know that it’s enabled, but not for the average user. Most people never change the default settings. Firefox breaking stuff by default would only decrease their market share even further. And this breaks so much stuff. Weird stuff. The average user wants a browser that “just works” and would simply just switch back to Chrome if their favourite website didn’t work as expected after installing Firefox. Chrome can be used by people who don’t even know what a browser is.

    • @pHr34kY@lemmy.world
      link
      fedilink
      English
      1526 days ago

      I’ve used this. The only annoyance is that all the on-screen timestamps remain in UTC because JS has no idea what timesone you’re in.

      I get that TZ provides a piece of the fingerprint puzzle, but damn it feels excessive.

      • @treadful@lemmy.zip
        link
        fedilink
        English
        1326 days ago

        And automatic darkmode isn’t respected, and a lot of other little annoyances. That’s why this is so difficult. These are all incredibly useful features we would have to sacrifice for privacy.

        • @unwarlikeExtortion@lemmy.ml
          link
          fedilink
          English
          125 days ago

          Dark mode can be recreated using extensions, although the colors most likely won’t be as legible as “native support”.

          I don’t see why a similar extrnsion couldn’t change the timezones of clocks.

          Additionally, I don’t see why the server should bother with either (pragmatically) - Dark mode is just a CSS switch and timezones could be flagged to be “localized” by the browser. No need for extra bandwidth or computing power on the server end, and the overhead would be very low (a few more lines of CSS sent).

          Of course, I know why they bother - Ad networks do a lot more than “just” show ads, and most websites also like to gobble any data they can.

      • slax
        link
        fedilink
        English
        326 days ago

        Wait is that why my Firefox giving me errors when I try to log into websites with 2FA?

    • @fossphi@lemm.ee
      link
      fedilink
      English
      125 days ago

      Please don’t enable this blindly. A lot of modern websites depend on a bunch of features which will simply not work with that flag enabled. Only do it, if you’re willing to compromise and debug things a bit

    • @sem@lemmy.blahaj.zone
      link
      fedilink
      English
      1826 days ago

      Why does it do this?

      • Math operations in JavaScript may report slightly different values than regular.

      PS grateful for this option!

    • Ulrich
      link
      fedilink
      English
      13
      edit-2
      26 days ago

      I mean it doesn’t hurt but as far as I can tell, it doesn’t actually block fingerprinting, it blocks domains known to collect and track your activity. The entire web is run on Google domains so that would be nearly impossible to block.

      The crazy part about fingerprinting is that if you block the fingerprint data, they use that block to fingerprint you. That’s why the main strategy is to “blend in”.

      • Schadrach
        link
        fedilink
        English
        425 days ago

        The crazy part about fingerprinting is that if you block the fingerprint data, they use that block to fingerprint you. That’s why the main strategy is to “blend in”.

        So, essentially the best way to actually resist fingerprinting would be to spoof the results to look more common - for example when I checked amiunique.org one of the most unique elements was my font list. But for 99% of sites you could spoof a font list that has the most common fonts (which you have) and no others and that would make you “blend in” without harming functionality. Barring a handful of specific sites that rely on having a special font, that might need to be set as exceptions.

        • Ulrich
          link
          fedilink
          English
          125 days ago

          No, the best way is to randomly vary fingerprinting data, which is exactly what some browsers do.

          Font list is just one of a hundred different identifying data points so just changing that alone won’t do much.

          • Schadrach
            link
            fedilink
            English
            225 days ago

            I wasn’t suggesting it as “font list and you’re done”. I was using it as an example because it’s one where I’m apparently really unusual.

            I would think you’d basically want to spoof all known fingerprinting metrics to be whatever is the most common and doesn’t break compatibility with the actual setup too much. Randomizing them seems way more likely to break a ton of sites, but inconsistently, which seems like a bad solution.

            I mean hypothetically you could also set up exceptions for specific sites that need different answers for specific fields, essentially telling the site whatever it wants to hear to work but that’s going to be a lot of ongoing work.

    • masterofn001
      link
      fedilink
      English
      88
      edit-2
      26 days ago

      You can also use canvas blocker add-on.

      Use their containers (firefox multi-account container add-on) feature and make a google container so that all google domains go to that container.

      If you want to get crazy, in either set in about:config or make yourself a user.is file in your Firefox profile directory and eliminate all communication with google. And some other privacy tweaks below.

      google shit and some extra privacy/security settings

      Google domains and services:

      user_pref(“browser.safebrowsing.allowOverride”, false);
      user_pref(“browser.safebrowsing.blockedURIs.enabled”, false);
      user_pref(“browser.safebrowsing.downloads.enabled”, false);
      user_pref(“browser.safebrowsing.downloads.remote.block_dangerous”, false);
      user_pref(“browser.safebrowsing.downloads.remote.block_dangerous_host”, false);
      user_pref(“browser.safebrowsing.downloads.remote.block_potentially_unwanted”, false):
      user_pref(“browser.safebrowsing.downloads.remote.block_uncommon”, false);
      user_pref(“browser.safebrowsing.downloads.remote.enabled”, false);
      user_pref(“browser.safebrowsing.downloads.remote.url”, “”);
      user_pref(“browser.safebrowsing.malware.enabled”, false);
      user_pref(“browser.safebrowsing.phishing.enabled”, false);
      user_pref(“browser.safebrowsing.provider.google.advisoryName”, “”);
      user_pref(“browser.safebrowsing.provider.google.advisoryURL”, “”);
      user_pref(“browser.safebrowsing.provider.google.gethashURL”, “”);
      user_pref(“browser.safebrowsing.provider.google.lists”, “”);
      user_pref(“browser.safebrowsing.provider.google.reportURL”, “”);
      user_pref(“browser.safebrowsing.provider.google.updateURL”, “”);
      user_pref(“browser.safebrowsing.provider.google4.advisoryName”, “”);
      user_pref(“browser.safebrowsing.provider.google4.advisoryURL”, “”);
      user_pref(“browser.safebrowsing.provider.google4.dataSharingURL”, “”);
      user_pref(“browser.safebrowsing.provider.google4.gethashURL”, “”);
      user_pref(“browser.safebrowsing.provider.google4.lists”, “”);
      user_pref(“browser.safebrowsing.provider.google4.pver”, “”);
      user_pref(“browser.safebrowsing.provider.google4.reportURL”, “”);
      user_pref(“browser.safebrowsing.provider.google4.updateURL”, “”);

      Privacy and security stuff:

      user_pref(“dom.push.enabled”, false);
      user_pref(“dom.push.connection.enabled”, false);

      user_pref(“layout.css.visited_links_enabled”, false);
      user_pref(“media.navigator.enabled”, false);

      user_pref(“network.proxy.allow_bypass”, false);
      user_pref(“network.proxy.failover_direct”, false);
      user_pref(“network.http.referer.spoofSource”, true);

      user_pref(“security.ssl.disable_session_identifiers”, true);
      user_pref(“security.ssl.enable_false_start”, false);
      user_pref(“security.ssl.treat_unsafe_negotiation_as_broken”, true);
      user_pref(“security.tls.enable_0rtt_data”, false);

      user_pref(“privacy.partition.network_state.connection_with_proxy”, true);

      user_pref(“privacy.resistFingerprinting”, true);
      user_pref(“privacy.resistFingerprinting.block_mozAddonManager”, true);
      user_pref(“privacy.resistFingerprinting.letterboxing”, true);
      user_pref(“privacy.resistFingerprinting.randomization.daily_reset.enabled”, true);
      user_pref(“privacy.resistFingerprinting.randomization.enabled”, true);

      user_pref(“screenshots.browser.component.enabled”, false);

      user_pref(“privacy.spoof_english”, 2);

      user_pref(“webgl.enable-debug-renderer-info”, false); user_pref(“webgl.enable-renderer-query”, false);

      • @oaklandnative@lemmy.world
        link
        fedilink
        English
        125 days ago

        I use (and love) Firefox containers, and I keep all Google domains in one container. However, I never know what to do about other websites that use Google sign in.

        If I’m signing into XYZ website and it uses my Google account to sign in, should I put that website in the Google container? That’s what I’ve been doing, but I don’t know the right answer.

        • Krik
          link
          fedilink
          English
          2426 days ago

          Or you just switch to LibreWolf where all these settings are already set. It even comes with uBlock preinstalled.

          • Refurbished Refurbisher
            link
            fedilink
            English
            726 days ago

            Or Mullvad Browser, which is just the Tor Browser without Tor.

            There’s also IronFox on Android which is more similar to LibreWolf than MV Browser.

      • @Chulk@lemmy.ml
        link
        fedilink
        English
        926 days ago

        I’m still trying to wrap my head around fingerprinting, so excuse my ignorance. Doesn’t an installed plugin such as Canvas Blocker make you more uniquely identifiable? My reasoning is that very few people have this plugin relatively speaking.

        • @RecallMadness@lemmy.nz
          link
          fedilink
          English
          225 days ago

          Iirc, Websites can’t query addons unless those addons manipulate the DOM in a way that exposes themselves.

          They can query extensions.

          Addons are things installed inside the browser. Like uBlock, HTTPS Everywhere, Firefox Containerr, etc.

          Extensions are installed outside the browser. Such as Flashplayer, the Gnome extensions installer, etc.

          • @RecallMadness@lemmy.nz
            link
            fedilink
            English
            125 days ago

            Further: the Canvas API doesn’t have any requirements on rendering accuracy.

            By deferring to the GPU, font library, etc, tracking code can generate an image that is in most cases unique to your machine.

            So blocking the Canvas API would return a 0. Which is less unique than what it would be normally.

        • @happydoors@lemm.ee
          link
          fedilink
          English
          226 days ago

          Maybe if they can connect you to your other usage but it’s probably more of their resources and such a small % of the population that it isn’t worth the time to subvert? Idk just guessing here

  • @Waldschrat@lemmy.world
    link
    fedilink
    English
    2825 days ago

    It would be nice to hammer a manually created fingerprint into the browser and share that fingerprint around. When everyone has the same fingerprint, no one can be uniquely identified. Could we make such a thing possible?

    • Not really. The “fingerprint” is not one thing, it’s many, e.g. what fonts are installed, what extensions are used, screen size, results of drawing on a canvas, etc… Most of this stuff is also in some way related to the regular operation of a website, so many of these can’t be blocked.

      You could maybe spoof all these things, but some websites may stop behaving correctly.

      • @Waldschrat@lemmy.world
        link
        fedilink
        English
        425 days ago

        I get that some things like screen resolution and basic stuff is needed, however most websites don’t need to know how many ram I have, or which CPU I use and so on. I would wish for an opt-in on this topics: So only make the bare minimum available and ask the user, when more is needed. For example playing games in the browser, for that case it could be useful to know how much ram is available, however for most other things it is not.

      • @OhNoMoreLemmy@lemmy.ml
        link
        fedilink
        English
        1025 days ago

        No it isn’t.

        And this is really important. If you go on Google tracked websites without tor, Google will still know it’s you when you use tor, even if you’ve cleared all your cookies.

        Tor means people don’t know your IP address. It doesn’t protect against other channels of privacy attack.

            • @Canuck@sh.itjust.works
              link
              fedilink
              English
              325 days ago

              Good point, that difference does matter. I guess other browsers like Brave use the Tor Network, and it would be misleading to suggest Brave has good anti-fingerprinting.

              What kind of fingerprint avoidance are you suggesting then that the Tor browser cannot do that makes a difference?

              • @sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                425 days ago

                If you enable JavaScript, you open Pandora’s box to fingerprinting (e.g. tracking mouse movements, certain hardware details, etc). If you don’t, half (or more) of the internet is unusable.

          • @brygphilomena@lemmy.dbzer0.com
            link
            fedilink
            English
            925 days ago

            It’s been a long while since I looked, but I remember it being a thing in tails to specifically not resize your browser window or only have it full screen to match a ton of other fingerprints.

            Plus since it was a live distro that reset on every reboot it would only have the same fonts and other data as other people using tails. Honestly, I hate that all that info is even available to browsers and web sites at all.

              • @sem@lemmy.blahaj.zone
                link
                fedilink
                English
                125 days ago

                I don’t quite understand – does this feature let you resize the window again to the size you want, and you are still sharing the same fingerprint with everyone else? Or do you still have to keep the browser window the default size to minimize your unique fingerprint?

                • Forbo
                  link
                  fedilink
                  English
                  224 days ago

                  It rounds the browser window to the nearest 100x100 window size. Using the default will likely be the biggest dataset to hide yourself in, but maximizing the window will still have some amount of obfuscation.

  • @Snowstorm@lemmy.ca
    link
    fedilink
    English
    1126 days ago

    I know nothing, but isn’t some pieces of Google software to be found on many sites that aren’t Google or YouTube?