A "potentially devastating and hard-to-detect threat" - "Gummy Browsers,"

[Mr.Scienceman2000]

22 minutes ago, Sampei.Nihira said:

I am perfectly capable of removing Telemetry,Pocket.......etc...... and whatnot in Firefox.

for me it is more why I should bother. If I install FF to someone I remove them, but personally no longer use Firefox. Still recommend hardened firefox over ms edgy or Brave that should be called coward browser since it has nothing brave

[XPerceniol]

2 hours ago, Mr.Scienceman2000 said:

... and there is browser called Webbrowser on linux that removes palememe antifeatures and for windows I use tweaked mypal. I disabled WASM and Webgl totally

I also have wasm and webgl disabled along with dom storage (only enable it when needed) and websocket, beacon and cache disabled. I've not heard of Webbrowser, does this work on xp?

It was actually you @Sampei.Nihira that educated me on how to use ccleaner properly; so I clean my tracks pretty well (html storage).

EDIT: What the heck ... I just ran the test again and I went from unique to Your browser has a nearly-unique fingerprint and I didn't change anything?! I won't look a 'gift horse' in the mouth .. suddenly I'm less unique. Ha!

I guess the real (Important) question, is.. should one look any horse in the mouth?

Edited October 28, 2021 by XPerceniol

[Mr.Scienceman2000]

46 minutes ago, XPerceniol said:

I've not heard of Webbrowser, does this work on xp?

 

it is linux fork that fixes palememe antifeatures like addon blocking and allows install any ff52 compatible addon that new palememe cannot.

48 minutes ago, XPerceniol said:

It was actually you @Sampei.Nihira that educated me on how to use ccleaner properly; so I clean my tracks pretty well (html storage).

i already disabled history, web cache and other and I prefer bleachbit over ciacleaner since avast made it adware

If you want know which bleachbit works on XP 3.0.0 portable is latest. It claims wont but runs just fine and so far had no system breakage. Just be careful with it since it can break stuff but it allows clean traces pretty well.

[NotHereToPlayGames]

5 hours ago, Sampei.Nihira said:

I am perfectly capable of removing Telemetry,Pocket.......etc...... and whatnot in Firefox.

I personally have zero doubt that you are capable of such.

But I also do strongly feel that "most" Firefox users (MSFN members excluded!) flock to Firefox not because they possess such capabilities but rather a BLIND TRUST towards Firefox.

I have always found much more telemetry crap in Firefox browsers then I've ever found in Chromium browsers - though BOTH have TONS by "default".

I have always found it very interesting how some folks (again, MSFN members excluded!) will 'pledge an allegiance' toward any one browser yet be totally clueless on the shenanigans that their own "trusted for years" beloved browser is doing behind their backs.

 

edit:  I should point out that I've always used ungoogled-chromium and never use "official" Chrome.  Likewise, I've always used Pale Moon, Mypal, and New Moon and never use "official" Firefox.

Edited October 28, 2021 by ArcticFoxie

[NotHereToPlayGames]

4 hours ago, Mr.Scienceman2000 said:

https://spyware.neocities.org/articles/firefox.html  https://spyware.neocities.org/articles/palemoon.html

Cool links.

I chuckle at their writeup on Iridium  --  https://spyware.neocities.org/guides/iridium.html

I mean, in so far as those "settings" are always touted as "protection" and I wonder how many less-informed users enable them "in blind trust".

[Mr.Scienceman2000]

6 hours ago, ArcticFoxie said:

I chuckle at their writeup on Iridium  --  https://spyware.neocities.org/guides/iridium.html

I mean, in so far as those "settings" are always touted as "protection" and I wonder how many less-informed users enable them "in blind trust".

For me safebrowsing always been obsolete. Back in day it sorta worked because lot of bad sites had same domain for long example being goggle, youareanidiot and spysheriff. Nowadays sites keep changing domain all the time so blocking is obsolete. I have followed some scam sites and they had like 20+ different domains with same contect.

Even worse is some antivirus companies are including "block forbidden sites" feature which is av company predefined list from bad sites that includes lot of rom sites, modding sites and other. Many turn that on for protection

PS. Am I only who has been able block domains they want before safebrowsing was even a thing?

[j7n]

Oh I see it now that the number of "bits" is simply the count of people that have tested themselves on CYT. 256K people = 18 bits.

I only disable advertising servers on sites I visit frequently when I get annoyed by their slow loading. There are too many of them, and they get new random domains to avoid blocking.

Tor Browser suggests not to maximize the window in order not to reveal the screen resolution. The list of fonts has to be unique for everybody. Many programs load a font to display some custom symbols, and it counts as installed while it is loaded.

 

[Mr.Scienceman2000]

9 minutes ago, j7n said:

Tor Browser suggests not to maximize the window in order not to reveal the screen resolution.

newer tor browser uses certain resolution to all users. But even that wont always work and there is ways to find resolution with browser atleast on XORG under linux

[NotHereToPlayGames]

7 hours ago, Mr.Scienceman2000 said:

For me safebrowsing always been obsolete.

Agreed!

And nowadays you actually stand out like a sore thumb and uniquely identify yourself when you falsely think you are "hiding".

Fake a Win10 User Agent and you've added your needle to a gigantic haystack nearly impossible to find.

Fake a cell phone User Agent then play a video four times the resolution of every cell phone on the market, you've told them EXACTLY who you are because you're the only person on the planet viewing such a large video resolution on a "cell phone".

[Sampei.Nihira]

Aside from Windows XP, the most profitable use of a browser depends on many factors.
With Windows, security should be a priority.
If one browser is intrinsically more secure than another, it doesn't mean that your security configuration will be any less efficient than the one who chooses the more intrinsically secure browser.
If with Windows I choose to use a browser firefox-based I renounce to the protection of the IL level untrusted.

To take a next example if you use a chrome-based browser other than MS Edge in an OS like W.10 you forgo the CFG Anti-Exploit protection.

My point of view is, let's think about the security first and then we intervene on privacy.

 

 

[Sampei.Nihira]

8 hours ago, Mr.Scienceman2000 said:

For me safebrowsing always been obsolete. Back in day it sorta worked because lot of bad sites had same domain for long example being goggle, youareanidiot and spysheriff. Nowadays sites keep changing domain all the time so blocking is obsolete. I have followed some scam sites and they had like 20+ different domains with same contect.

Even worse is some antivirus companies are including "block forbidden sites" feature which is av company predefined list from bad sites that includes lot of rom sites, modding sites and other. Many turn that on for protection

PS. Am I only who has been able block domains they want before safebrowsing was even a thing?

 

Try it:

https://phishtank.org/phish_search.php?valid=y&active=y&Search=Search

[Tripredacus]

I tried the EFF site on my second browser (Iron) and it makes it to the white results page with "Our tests indicate that you have some protection against Web tracking, but it has some gaps." with a Yes on blocking tracking ads and a No on blocking invisible trackers... but the "Protecting you from fingerprinting" option just shows an animated gif and never completes.

[NotHereToPlayGames]

I get "Our tests indicate that you have strong protection against Web tracking, though your software isn’t checking for Do Not Track policies."

Looks to me like "propaganda" for "Do Not Track", something everybody in the universe knows doesn't work!  It is VOLUNTARY and the web sites you visit DO NOT HAVE TO LISTEN TO IT  --  https://www.makeuseof.com/tag/not-track-actually-work/

I got nothing against DNT, don't get me wrong.

But it IS a "false sense of security" and users click that setting and think that's all they have to do, that they are not being tracked, and so they don't do anything else above and beyond that predominantly useless DNT.

Edited October 29, 2021 by ArcticFoxie

[NotHereToPlayGames]

Even the EFF site states, "Browsers which set the DNT header to ‘1’ are fairly rare, and this can be an identifying metric."

It is my view, "mileage may vary", that the more RARE you make yourself to be, the more UNIQUE you are to advertisers, they know EXACTLY who you are because of your "uniqueness".

I would much rather be one needle among thousands of needles buried in a haystack, I don't want to be so "unique" that I made myself the ONLY needle in that haystack.

Edited October 29, 2021 by ArcticFoxie

[Sampei.Nihira]

@ArcticFoxie

 

With chrome-based browsers, unless you use several extensions (and here the debate opens as to whether it's better not to install too many extensions), you can't privatize several aspects of the browser subject to fingerprinting.

A few examples:

https://audiofingerprint.openwpm.com/

https://armin.dev/apps/ping-spotter/

https://pazguille.github.io/demo-battery-api/