Jump to content

The wretched Chrome Client Hints, another Doomsday of privacy: ways out of it.


Recommended Posts

Posted
4 minutes ago, Dixel said:

I know you were not directing that to me.  But as for me, yes, I did see that.  But I hold no credence whatsoever in that "report" until the web site being cited is PUBLICLY DISCLOSED.

I've not yet witnessed any "login denial" based on ClientHint "data" !!! !!! !!!

I have witnessed "Please update your browser" banners that do go away when the ClientHint "data" is SPOOFED.

But I was still able to create an account and login WITHOUT spoofing my ClientHint "data".

I personally want to WITNESS THIS FOR MYSELF.  Claims of it happening without providing a PUBLICLY DISCLOSED web site where I can WITNESS IT FOR MYSELF is essentially USELESS to me (and you).

Without a publicly disclosed web site where each and every one of us can WITNESS the claimed theory, then it's nothing but "hype and propaganda".

Please do not misread, I'm not trying to play both sides, I'm honestly not.  I do spoof Client Hints via Proxomitron.  But I've NEVER witnessed a "login denial" and I would like to WITNESS ONE.


Posted
20 minutes ago, Dixel said:

Thanks for your opinion, unfortunately people wouldn't agree, and one the cases is documented here. probably you didn't see it yet.

https://github.com/win32ss/supermium/issues/779

 

It is not an opinion it is a lesson.
To forge client hints from the browser development tools, you must first disable the default UA.
So you have 2 options to follow recommended by me.
And 1 option recommended by @NotHereToPlayGames
Your choice.

Posted
8 minutes ago, Dixel said:

I'm looking for a simple solution like modifying headers on the fly and make them switchable from presets

That's EXACTLY what Proxomitron does!

But sure, we'll see if alternative solutions present themselves.

I know you were following the discussion between D.Draker and I where I showed him screencaps of Proxomitron spoofing Client Hints.

It CAN be done.  Just how much that does or does not affect the end user's "privacy" is up for debate.  But if you want to know if it can be done, the answer is YES.

I'll sit back now and see if alternative solutions come forth.

Posted
On 8/5/2024 at 3:57 AM, Sampei.Nihira said:

This is a false problem.

No, it's not.

"I will change the default for Sec-Ch-Ua to "Google Chrome". I think this may also help with some other website compatibility issues and reduce the fingerprinting surface of Supermium. And also introduce the option from ungoogled-chromium to disable UACH altogether, as well as options to report as Windows 11, iOS 17, Android latest version or macOS 15."

https://github.com/win32ss/supermium/issues/779#issuecomment-2269497358

 
Posted
On 8/5/2024 at 8:07 AM, NotHereToPlayGames said:

what Proxomitron does!

Can I use my proxy servers (paid, encrypted with a pass) for downloading from insta with it?

Those proxies need to be changed via script 'cause insta blocks IPs after a couple dozens of pics were downloaded. 

I'm scrapping accounts with sports food.

Posted

We are doomed:

"Unfortunately there are issues passing the site-specific UACH override to the renderer (specifically, the URL information that is available at HTTP header creation is not available at renderer creation), which means that it is only reliable for UACH information transferred by the HTTP header and not by JavaScript. With this in mind, I can only implement one default override."

https://github.com/win32ss/supermium/issues/779#issuecomment-2282871131

Posted
On 8/12/2024 at 8:23 PM, Saxon said:

ask win32 to reimplement the flag from the ready made Ungoogled patch?

... The Supermium author notified that the "old" --disable-features=UserAgentClientHint cmdline switch will be applicable to his next release, either a third (and final) M124-based one, or the first of an M126-based series (Chromium 126 ESR branch): 

https://github.com/win32ss/supermium/issues/779#issuecomment-2282969891

https://github.com/win32ss/supermium/issues/779#issuecomment-2287764156

Posted
11 hours ago, NotHereToPlayGames said:

I would look at SSL Certificate in that example.  It doesn't appear to be related to Client Hints.

How then you explain it works on Win7?

Posted

I can't even test the captcha, on Vista it blocks me immediately, that said, I'm certain it wants to see the "good" CH result. Why?
Because if I block CH via --disable-features=UserAgentClientHint, I immediately get the same result on 7, too!

OlderOSResult.png

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...