msfntor Posted November 26, 2021 Share Posted November 26, 2021 PrivacyTests.org No. 6 Open-source tests of web browser privacy. Updated 2021-11-24: https://privacytests.org/ 2 Link to comment Share on other sites More sharing options...
Dixel Posted November 28, 2021 Share Posted November 28, 2021 On 11/25/2021 at 6:08 PM, Mr.Scienceman2000 said: you also should block js with thing like noscriptand set useragent to something generally used. That wont fix fingerprinting fully but reduces it on basic methods These days they fingerprint by the vendor tag and clienthints (this nasty thing still works, even if you disabled java) , so you will most likely just fool yourself . I mean, they will know you real vendor and they will get hints, but won't be able to show you the results of the test because you disabled the java script . I think I explained this to user arcticfroxie (or what his name currently is). I even took a screnshot . There was a debate where he insisted to disable javascript but still was detected by the HTML5 test website , while I wasn't. Later Tripredacus also wrote that he just couldn't see the results , while still being fingerprinted . This all could be foound on this website. 2 Link to comment Share on other sites More sharing options...
Nokiamies Posted November 29, 2021 Author Share Posted November 29, 2021 19 hours ago, Dixel said: These days they fingerprint by the vendor tag and clienthints (this nasty thing still works, even if you disabled java) , so you will most likely just fool yourself . I mean, they will know you real vendor and they will get hints, but won't be able to show you the results of the test because you disabled the java script . I think I explained this to user arcticfroxie (or what his name currently is). I even took a screnshot . There was a debate where he insisted to disable javascript but still was detected by the HTML5 test website , while I wasn't. Later Tripredacus also wrote that he just couldn't see the results , while still being fingerprinted . This all could be foound on this website. I meant it disables some more precise fingerprinting and prevents stealing clipboard and getting your mac address. And I know it is not only way. I have been able extract user window resolution from latest tor browser while js was off. And I wont mean fake reso it uses rather what is monitor actual resolution. And bigger issue with javascript is that it is unauthorised code executed on cpu and it can be anything 1 Link to comment Share on other sites More sharing options...
msfntor Posted November 29, 2021 Share Posted November 29, 2021 (edited) hmm with blocking JS, I use too Ping Blocker and No More Referrer extensions... but all other extensions are only for added security.. Edited November 29, 2021 by msfntor Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted November 29, 2021 Share Posted November 29, 2021 40 minutes ago, msfntor said: but all other extensions are only for added security.. Be sure to read their Privacy Policy. Some extensions claim "security" but it comes at a gigantic invasion on "privacy". So you have to balance "security breach 20% of the time" with "privacy breach 100% of the time". 3 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted November 29, 2021 Share Posted November 29, 2021 It is preferable not to abound with installed extensions. Link to comment Share on other sites More sharing options...
Nokiamies Posted November 29, 2021 Author Share Posted November 29, 2021 4 hours ago, msfntor said: hmm with blocking JS, I use too Ping Blocker and No More Referrer extensions... but all other extensions are only for added security.. I use EMatrix on UXP based browsers that works great and gives me per domain or subdomain control over cookies, css, images, script, xhr, frame. 3 hours ago, NotHereToPlayGames said: Be sure to read their Privacy Policy. Some extensions claim "security" but it comes at a gigantic invasion on "privacy". So you have to balance "security breach 20% of the time" with "privacy breach 100% of the time". I call it lack of privacy policy. They only exist to protect developer/company from being liable from stealing data. Best security is end user and that I why I prefer things like noscript, ematrix and others as they add actual security layer. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted November 29, 2021 Share Posted November 29, 2021 Agreed. But I go one step further, in my opinion. I do NOT let my uMatrix lists "update themselves". Nothing says "telemetry" more than allowing something to "update itself". Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted November 29, 2021 Share Posted November 29, 2021 (edited) Instead, I prefer, whenever possible, to get security directly in the browser. Let's consider the usual javascripts as an attack vector. Only with MS Edge 96 is it currently possible for renderer processes: Quote Renderer processes: These control how websites are rendered in a tab by executing code provided by the website. They handle HTML (Hypertext Markup Language), CSS (Cascading Style Sheets), JavaScript, images, and more. https://blogs.windows.com/msedgedev/2020/09/30/microsoft-edge-multi-process-architecture/ to lower the default level which is "Untrusted" to IL AppContainer. Currently with Process Explorer you will always see an IL "Untrusted" because the function is disabled and to enable it you have to insert a registry key. If I remember correctly Firefox has a "Low" IL.******* It is obvious that a sandbox-escape will have a probability of success that is much lower in Edge (hardened): https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#rendererappcontainerenabled than in Firefox. P.S. ******* Quote ...untrusted content is run in a sandboxed low-rights process..... https://wiki.mozilla.org/Security/Sandbox/Process_model Edited November 29, 2021 by Sampei.Nihira Link to comment Share on other sites More sharing options...
msfntor Posted November 29, 2021 Share Posted November 29, 2021 2 hours ago, Mr.Scienceman2000 said: I use EMatrix on UXP based browsers that works great and gives me per domain or subdomain control over cookies, css, images, script, xhr, frame. Yes, good, I know it well since ages...but uMatrix was too much headache for me... so I don't use it anymore, uBlock is enough for me... Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted November 29, 2021 Share Posted November 29, 2021 I've used uMatrix and uBlock both over the years (not at the same time, though I've heard of a few that have ran both at the same time). The GUI text for uBlock was always horrendous in my opinion, but I am using a frame of reference roughly 2 to 4 years ago, the GUI could be improved in recent builds for all I know. uMatrix has always seemed like a more OCD Approach -- I am OCD and it has served me well over the years, lol. Link to comment Share on other sites More sharing options...
D.Draker Posted November 30, 2021 Share Posted November 30, 2021 On 11/29/2021 at 4:01 AM, Mr.Scienceman2000 said: stealing clipboard and getting your mac address Very interesting ! Would you please create an article about it ? Thank you. Link to comment Share on other sites More sharing options...
e-t-c Posted April 6, 2022 Share Posted April 6, 2022 (edited) My ''new'' portable ''Firefox Security Browser Alternative'' on Win7 is LibreWolf (the best here) https://privacytests.org/ Quote https://librewolf.net/installation/windows/ Currently we also release a portable version of LibreWolf, useful in cases where installation at system level is not possible, or for just testing some aspect of LibreWolf. It's also found on the releases page. https://gitlab.com/librewolf-community/browser/windows/-/releases Quote If you don't have it already, you probably also need the Visual C++ Runtime. https://docs.microsoft.com/en-US/cpp/windows/latest-supported-vc-redist?view=msvc-160#visual-studio-2015-2017-2019-and-2022 Edited April 6, 2022 by e-t-c Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now