XPerceniol Posted October 26, 2021 Share Posted October 26, 2021 From the hacker news. https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html Any thoughts? Link to comment Share on other sites More sharing options...
Nokiamies Posted October 26, 2021 Share Posted October 26, 2021 I wonder how script and element blocking will affect to that. I block everything by default for safety reasons. As for fingerprinting feels whole HTTP (and HTTPS) is designed it on mind. User agent is good example. There is never use case to it. It is only used to part of fingerprinting, block you from accessing sites that are done by soydevs and other. Only real reason would be to use it detect what platform you try download program for but hey if you are dumb enough to choose from dropdown menu why are you downloading stuff to begin with? I guess I go to gopher or gemini protocols for good 1 Link to comment Share on other sites More sharing options...
Tripredacus Posted October 27, 2021 Share Posted October 27, 2021 The article talks about things involved in this fingerprinting that is beyond the User Agent, so likely the method being used to get this information from the client is going to be javascript. Obviously the answer here is to whitelist sites for javascript, meaning unless the known good site you visited is compromised (such as from ads or external includes) then you are more likely to be safe. 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted October 27, 2021 Share Posted October 27, 2021 (edited) Usually a hard setting of the browser for privacy prevents you from taking full advantage of the websites, that are broken. The latest studies show that a compromise must be sought in normal browsing. It is also advisable to install few extensions in the browser. In the test below: https://coveryourtracks.eff.org/ the ideal is to get the block of tracking ads + block invisible trackers without any extension or at the limit with only one extension. Edited October 27, 2021 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
Nokiamies Posted October 27, 2021 Share Posted October 27, 2021 (edited) 4 hours ago, Sampei.Nihira said: Usually a hard setting of the browser for privacy prevents you from taking full advantage of the websites, that are broken. The latest studies show that a compromise must be sought in normal browsing. It is also advisable to install few extensions in the browser. In the test below: https://coveryourtracks.eff.org/ the ideal is to get the block of tracking ads + block invisible trackers without any extension or at the limit with only one extension. decentraliseye, ublock origin, nss + umatrix on palememe based browser is good combination. Decentraliseye moves Content delivery networks into local system and can fight against this too is CND is used on attack Edited October 27, 2021 by Mr.Scienceman2000 1 Link to comment Share on other sites More sharing options...
Tripredacus Posted October 27, 2021 Share Posted October 27, 2021 I don't think that link is working for me. Just in case I'll go home and see if it has completed before I come back in the morning. 1 Link to comment Share on other sites More sharing options...
XPerceniol Posted October 27, 2021 Author Share Posted October 27, 2021 (edited) 7 hours ago, Sampei.Nihira said: Usually a hard setting of the browser for privacy prevents you from taking full advantage of the websites, that are broken. The latest studies show that a compromise must be sought in normal browsing. It is also advisable to install few extensions in the browser. In the test below: https://coveryourtracks.eff.org/ the ideal is to get the block of tracking ads + block invisible trackers without any extension or at the limit with only one extension. This is With Serpent 52. However, unless its chrome on windows 7 (I think) we're gonna be unique. Same results with New Moon, but FF52.9.1 wont load results - just keep going and going? I've stopped using Do Not Track as @ArcticFoxie recommends against using it when discussed previously in the 360 thread. I have my browsers heavily disabled and I've been experimenting all day trying to tighten up JavaScript, but it slows things down pretty badly. I do have the following disabled: user_pref("javascript.options.asmjs", false); user_pref("javascript.options.shared_memory", false); user_pref("javascript.options.wasm", false); user_pref("javascript.use_US_english_locale", true); However, when I disable ion and baselinejit, it slow things down to a crawl, so I left those alone. @Roytam1 already has javascript.options.asyncstack; defaulted to false. Setting javascript.options.strict to true also caused site issues, so I left that as is. Edited October 27, 2021 by XPerceniol Link to comment Share on other sites More sharing options...
XPerceniol Posted October 27, 2021 Author Share Posted October 27, 2021 (edited) 3 hours ago, Mr.Scienceman2000 said: decentraliseye, ublock origin, nss + umatrix on palememe based browser is good combination. Decentraliseye moves Content delivery networks into local system and can fight against this too is CND is used on attack Thank you for those recommendations. Sad to admit, I don't much (anything at all) about CND. How would I disable that? Edited October 27, 2021 by XPerceniol Link to comment Share on other sites More sharing options...
XPerceniol Posted October 27, 2021 Author Share Posted October 27, 2021 8 hours ago, Tripredacus said: The article talks about things involved in this fingerprinting that is beyond the User Agent, so likely the method being used to get this information from the client is going to be javascript. Obviously the answer here is to whitelist sites for javascript, meaning unless the known good site you visited is compromised (such as from ads or external includes) then you are more likely to be safe. That is pretty much as I suspected ... just visiting a malicious or compromised site could cause this to happen. Thank you for your advice. Link to comment Share on other sites More sharing options...
Nokiamies Posted October 28, 2021 Share Posted October 28, 2021 (edited) 4 hours ago, XPerceniol said: I don't much (anything at all) about CND. How would I disable that? you cant. Content delivery networks are from big companies like google and exist on many sites. Blocking connection to them with umatrix helps partially but decentraliseye does better job by redirecting code running on CND into local browser cache. In short CND is (from cloudflare) Quote A content delivery network (CDN) refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content. A CDN allows for the quick transfer of assets needed for loading Internet content including HTML pages, javascript files, stylesheets, images, and videos. The popularity of CDN services continues to grow, and today the majority of web traffic is served through CDNs, including traffic from major sites like Facebook, Netflix, and Amazon. ironic they say improve security when it can risk someone site if main CDN is compromised. Instead of being compromised all does Edited October 28, 2021 by Mr.Scienceman2000 1 Link to comment Share on other sites More sharing options...
j7n Posted October 28, 2021 Share Posted October 28, 2021 Cover Your Tracks somehow maxes out the information content in its elements at 17.85 bits. It read a long list of unique fonts I have installed myself, the unique browser versions of 77.7 and 6.6.6, and the existence of PDF-Xchange plugin, which together are globally unique. I'd think that would be more information. Link to comment Share on other sites More sharing options...
Tripredacus Posted October 28, 2021 Share Posted October 28, 2021 Well it is 16 hours later and it still didn't change from the "Testing your browser" screen. I doubt it will ever return and show me the results. Now this doesn't particularly mean that the site didn't work on their end. It may well have recorded information and just isn't showing me the results screen. Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted October 28, 2021 Share Posted October 28, 2021 (edited) 13 hours ago, j7n said: Cover Your Tracks somehow maxes out the information content in its elements at 17.85 bits. It read a long list of unique fonts I have installed myself, the unique browser versions of 77.7 and 6.6.6, and the existence of PDF-Xchange plugin, which together are globally unique. I'd think that would be more information. This information is incorrect as you can see from the image below: Firefox is also not set to achieve maximum privacy, because my daughter does not like to maximize the browser window at the opening. Another example Android Opera without VPN: _________________________________________________________________________________________________ In non-legacy Firefox-based browsers it is better to replace Decentraleyes with LocalCDN. Edited October 28, 2021 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
Nokiamies Posted October 28, 2021 Share Posted October 28, 2021 (edited) 10 minutes ago, Sampei.Nihira said: This information is incorrect as you can see from the image below: Firefox is also not set to achieve maximum privacy, because my daughter does not like to maximize the browser window at the opening. _________________________________________________________________________________________________ In non-legacy Firefox-based browsers it is better to replace Decentraleyes with LocalCDN. i do not trust firefox anymore since funded by big g and out of box it is pretty spyware. https://spyware.neocities.org/articles/firefox.html compare that with Palememe https://spyware.neocities.org/articles/palemoon.html and there is browser called Webbrowser on linux that removes palememe antifeatures and for windows I use tweaked mypal. I disabled WASM and Webgl totally Edited October 28, 2021 by Mr.Scienceman2000 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted October 28, 2021 Share Posted October 28, 2021 (edited) 8 minutes ago, Mr.Scienceman2000 said: i do not trust firefox anymore since funded by big g and out of box it is pretty spyware. https://spyware.neocities.org/articles/firefox.html compare that with Palememe https://spyware.neocities.org/articles/palemoon.html and there is browser called Webbrowser on linux that removes palememe antifeatures and for windows I use tweaked mypal. I disabled WASM and Webgl totally I am perfectly capable of removing Telemetry,Pocket.......etc...... and whatnot in Firefox. Edited October 28, 2021 by Sampei.Nihira Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now