NotHereToPlayGames

I was going to screencap where Mypal 27.9.4 logs the MSFN reply box but the reply box no longer even works in Mypal 27.9.4. Did not try NM27, Mypal 28, or NM28. I've basically abandoned them due to finding waayyy tooo many web sites where they simply do not work.

In my humble view, a shout-from-the-rooftops NO, this test can NOT be trusted. I say that because I can get THREE DIFFERENT RESULTS all in the same exact web browser from the same exact computer on the same exact wi-fi network. Change a NoScript or uMatrix setting and the test "result" CHANGES. So that is NOT a "unique fingerprint", plain and simple. HOWEVER, just narrowing a "fingerprint" from thousands down to THREE does still basically have you "identified". So I guess the answer is "yes and no".

ALL browsers are KEYLOGGING your replies in this MSFN reply box. I'll demonstrate using 360Chrome but again, ALL browsers have a KEYLOGGER for this MSFN reply box. Most likely in other forums also, especially if using the same "forum software". For my 360Chrome profile, that KEYLOGGER is being saved here -- <root folder>\360ChromePortable\Chrome\User Data\Default\Local Storage\leveldb\000022.log My 360Chrome loader deletes this file each and every time that I exit, otherwise this 000022.log file would have text from "years ago". Please note that username and password input fields are NOT being keylogged, only this MSFN reply box. I don't see this as "nefarious", you have to be a member here and you have to be logged in, but it is still a "feature" that is "concerning" to some.

Spectre was public knowledge in January 2018 and even "grandma" knew what it was by May through July of 2018. Chrome v69 was released in September 2018. Chrome addressed Spectre and Meltdown vulnerabilities with the release of Chrome v64 in January 2018 -- https://www.express.co.uk/life-style/science-technology/900606/Google-Chrome-update-patch-Meltdown-Spectre-Intel-fix-version-64 Firefox releases also addressed Spectre and Meltdown in January 2018 -- https://support.mozilla.org/bm/questions/1198249 I would keep the 360Chrome v11 (Chrome v69) flag at DEFAULT and not change it at all.

Does this help -- https://developers.google.com/search/blog/2021/03/sharedarraybuffer-notes ?

lol, too funny. You could always use Stylus to move the "mole". Or use Stylus to not even display the "mole". I actually use Stylus to not only not display the "mole", but to not even display that profile "face" AT ALL. No face for Dave-H. No face for D.Draker. No face for Dixel. No blobfish for whoever used to use a blobfish. etc...

Good News (for those that have expressed concerns). Proxomitron blocks MSFN's "keylogger" without any added filters. The "base config" (2019-01-26b1) already blocks the "keylogger" by default (I've only tested in Advanced Mode and not in Standard, Light, or Minimal Mode). Disregard. We will need to add a filter to break the "keylogger". The "base config" (2019-01-26b1) affects the "timer" but where the keylogger is in the duration of that timer may cause the keylogger to still work. My goal is to break it "completely". I don't see anything "nefarious" with that keylogger, but I do see it as a good example to demonstrate why I've used Proxomitron for 18 years and why I'm returning it to my web browser after ~2yrs away from it.

But the Dev Tools will display as present even when I block the font from being fetched -

Here is where uMatrix logs the incoming FontAwesome -

When NoScript, HOSTS file, uMatrix, UBO, you name it, blocks a font, it is still displayed in the .css element. So I still think you have something blocking FontAwesome from being "fetched". What extensions are you using?

Looks like I found something. I found three different Instagram "click here to follow" web pages that only contain a description but all three of those web pages are displaying "squares". I don't have an account so that's all the futher I can get. But all three use a font for emojis called Twemoji Mozilla. Which to me wreaks of a web master that only cares how Firefox renders the emojis, but I digress. Here's a github if interested in compiling Twemoji - https://github.com/twitter/twemoji Other than that, I'm not finding a way to "install" Twemoji on XP.

Sorry, I don't have an Instagram account. So hopefully somebody else may be able to offer assistance.

But I really really really prefer my Stylus view. No "face icons". Sorry, just a "pet peeve" of mine.

As far as that "shield" font, it's a font called "FontAwesome".

For the "sheild" in the corner of Dave-H's profile pic, you have to allow external fonts from msfn.org which I block by default in NoScript. But I also block any-and-all profile pics via Stylus so I was never aware of that "square".

We kind of need a test URL to see what's going on. I don't do Instagram so have zero reference on what it is "supposed" to look like.

Can your right-click on top of one of the emoji rectangles, select Inspect, and see what font family is being declared?

That usage is not my intended audience. I believe you will be better served with something else, unbeknownst to me what that actually is, but I'm sure it's out there.

I do think that Proxomitron will solve those "tactics". But that's also "cart before the horse" - I would prefer to start "simple" then work up to that sort of "tactic". I once ran a church forum and technology has changed drastically since then, our church forum software was quite limited on how it "banned" users. It would ban fairly wide IP Address Ranges so in order to ban various users, the net was cast too wide and it banned users that we did not intend to ban (ie, our own Youth Group Minister). We were able to use Proxomitron for the Youth Group Minister to regain access to the church forum.

You may find that you might be making the Instagram "block" more difficult than it might be. I say "might" because I've never in my entire life visited Instagram (or Facebook) -- BUT speaking from Proxomitron experience, I have used Proxomitron to access otherwise "blocked" web sites. So I do think Proxomitron will have a "way" to do what you want it to do -- although circumnavigating Instagram "blocks" is not my primary focus in creating a Proxomitron thread here at MSFN.

It can be configured to route through proxies, yes. It can also be configured to 'spoof' being routed through a proxy without actually routing through a proxy. It uses "lists" extensively but you have to create the lists manually, I don't recall any method where it "fetches IP lists from countries".

(this space reserved for in-process documentation...)

(this space reserved for in-process documentation...)

In order for Proxomitron to function correctly, these settings need applied to extensions which would otherwise block javascript or css being injected by Proxomitron. I use NoScript and uMatrix as examples but other extensions with similar functions would require a similar setting. NoScript - (note that we trust http://local.ptron and https://local.ptron) - uMatrix -

This post for Mypal only - Next we need to resolve this Mozilla-based error - Follow these steps to generate and install a new SSL Certificate (I just accept the default entries for all dialogs) - Part 1 - Download and extract this file to the folder of your choice -- make-proxcert.zip Execute the proxcert-MakeCert.bat file contained within the extracted folder and follow the prompts (I just accept the default entries). This will create a new proxcert.pem file in the same folder as the proxcert-MakeCert.bat file that you just executed. EXIT Proxomitron if you have it running and then copy/paste/replace the new proxcert.pem file to the folder that contains Proxomitron.exe. Part 2 - Launch Proxomitron.exe with the new proxcert.pem file already in place and follow the below - I intentionally select Cancel here otherwise the config thinks that a Save/Exit/Relaunch is required when we do not need to do a Save/Exit/Relauch until after the next step - You should now have a proxcert_certonly.pem file in your Proxomitron directory. Part 3 - At this point I had to EXIT and Relaunch both Proxomitron and Mypal. You have done everything correctly if https://www.google.com/ now looks like this -