privacy

This magazine is from a federated server and may be incomplete. Browse more on the original instance.

WhatAmLemmy, in Is brave the only browser with fingerprint randomization?

You don’t want a randomised fingerprint, as that is relatively unique among a sea of fingerprints [1]. What you want is a fingerprint that’s as similar to everyone else (generic) as possible; that’s what Firefox’s resist fingerprinting setting aims to do, and what the Tor browser does.

[1] There are many values you can’t change, so the randomisation of the ones you can change could end up making you more unique … think of it like having your language set to french but are based in the USA — that language setting can’t uniquely identify the French in france, but will stick out like a sore thumb if set in shitsville Idaho. It’s likely the same if you use firefox but have your user agent set to chrome; that’s more rare and unique than not changing the user agent at all.

linearchaos,
@linearchaos@lemmy.world avatar

No, that’s absolutely incorrect. You want a new fake fingerprint every single time someone asks your browser for your information. You want it to lie about your plugins, user agent, your fonts and your screen size. Bonus if you use common values, but not necessary.

The randomized data they’re providing isn’t static and it isn’t the same from session to session.

100% White noise is a far better obfuscation than a 40% non-unique tracking ID. Yes, your data is lumped in with 47 million other users, but used in conjunction with static pieces of your data you become uncomfortably identifiable.

ryannathans,

The whole point of the poster above is that you can’t ramdomise 100%

WhatAmLemmy,

Yeah… I don’t know why a bunch of privacy bros think they know better than the CS and cryptography PhD’s of the Tor project; the most advanced and complex privacy and anonymity preserving project in computing history.

Rez,
@Rez@sh.itjust.works avatar

But isn’t randomization supposed to give you a different unique fingerprint each time? So yes, you would be unique and easily tracked but only until your fingerprint changes

Rose,

So what’s the benefit of this over blending in each time?

random65837,

That was addressed above, you ever see “identical” twins? They look exactly the same if you see then once, twice, 3 times, but if you see both of them constantly, you’ll start seeing the small difference in them and then be able to identify who’s who. Same exact thing.

virtualbriefcase, (edited )

I don’t think there is any proven results, but I think the reason the EFF prefers Braves decision is the philosophy that there are so many data points that it could be possible to link you to it using the ones not standardized by anti fingerprinting.

Like ways to incorrectly describe someone. One describes a guy correctly but generically. One describes a guy with a lot of detail but the wrong race and two feet too short.

linearchaos,
@linearchaos@lemmy.world avatar

Yes it is, and that’s why the EFF recommends it.

WhatAmLemmy, (edited )

Where do the EFF recommend randomisation? From the EFF’s surveillance self defence course.

This can be an effective method for breaking persistence, but it is important to note that a tracker may be able to determine that a randomization tool is being used, which can itself be a fingerprinting characteristic. Careful thought has to go into how randomizing fingerprinting characteristics will or will not be effective in combating trackers.

They don’t directly recommend either… But then on coveryourtracks.eff.org/learn

In practice, the most realistic protection currently available is the Tor Browser, which has put a lot of effort into reducing browser fingerprintability. For day-to-day use, the best options are to run tools like Privacy Badger or Disconnect that will block some (but unfortunately not all) of the domains that try to perform fingerprinting, and/or to use a tool like NoScript( for Firefox), which greatly reduces the amount of data available to fingerprinters.

So the EFF seem to recommend generic over randomisation…

Maybe ask yourself why the Tor project decided against randomisation?

LemmyHead, in Next smartphone I buy, which one do you recommend?

Another vote for fairphone here, but for reasons others failed to mention: replaceable battery, so even after 2 years, it can feel like new and keep most of its value (to resell if wanted); 5 years of updates + warranty; support for after market roms. Then there’s also the fair ethics part of it

Blackmist,

How are you killing your battery after two years?

Even my cheapshit Honor 9 lasted six before it started getting random shutoffs.

krimsonbun,

old phones have batteries that are meant to last

LemmyHead,

Not killing, but degrades in performance because batteries have a limited amount of charge cycles. The more intensive you use your phone, the faster the battery degrades

TheAnonymouseJoker, in Nothing pulls its iMessage app from the Play Store following privacy disaster
@TheAnonymouseJoker@lemmy.ml avatar

Oh Nothing…

Anyway

FriendBesto, in Are libreddit frontends for reddit already non functional?

Some of them still work. But as you edited in, they are likely rate limited.

kixik,

very few, and one has to try so many times… I gave up. I guess RSS feeds whenever possible. though that consumes disk if local, so I’m really reluctant…

XTL, in Media Backups

I don’t nas, but I suggest a combination of offline drives, cloud services or remote hosts, and just ignoring data that is easy to recreate like builds and software installs.

The key is to keep the data organized in such a way that you know which parts deserve which strategy.

halfempty, in Is brave the only browser with fingerprint randomization?

I believe that Firefox has a mechanism where millions of users all have the same fingerprint, which makes the whole concept of browser fingerprinting useless.

ryannathans,

Catch is you have to enable it manually

Tosti, (edited )
@Tosti@feddit.nl avatar

deleted_by_author

  • Loading...
  • Vash63,

    It’s under the shield on the left of the address bar, better protection against tracking enables this and a bunch of other features. Also on by default in private mode.

    stepanzak, in Privacy friendly search alerts?

    Doesn’t RSS do the trick?

    otter,

    I’m not familiar with how I’d set that up. I usually find an existing RSS feed and follow it

    edit: haven’t used Google Alerts in a while. Looks like you can have it send an email without tying it to your account. That should work fine

    chimay,
    @chimay@blendit.bsd.cafe avatar

    some mail clients, like thunderbird, can also handle rss feed, you then have an all-in-one solution.

    virtualbriefcase, in Is brave the only browser with fingerprint randomization?

    Yes. Brave focuses on providing random data points each time it’s asked (e.g. screen size). A hardened Firefox will try to provide a generic fingerprint.

    Apples to oranges more or less, I’m unaware of any proof that one or the other is considerably better across the board. Though my gut does tell me that randomization is a lot better in the specific situation of regularly signing in and out of accounts.

    random65837, in Next smartphone I buy, which one do you recommend?

    Pixel with GrapheneOS. Only one that will give you the complete control, as well as the privacy (and) security done right. Also the only one that will let you have a fully functional phone, have things like working bank apps, and let you beat the Goog out of the benefits of the play services, while at the same time not allowing them to have privileged access on your phone. They’re just normal apps that you are in control of.

    I’m not going to affiliate with any conglomerate like Verizon or AT&T or Sprint or T-Mobile etc, I prefer to go rogue somehow,

    Yes, you will. Because that’s who has the mobile networks. There is no such thing as going rogue. Going with an MVNO isn’t avoiding them, that’s a mind game. If you can save money going with one cool, but don’t kid yourself that you’re not on one of the 3 carriers, because you will be.

    LemmyKnowsBest,

    I’m just trying to avoid getting bloatware installed on my phone every time they run a mandatory software update. that was probably a Samsung thing and had nothing to do with Verizon but whatever the case,

    It’s time to upgrade.

    I’mma get starlink.

    AzureRT,
    @AzureRT@reddthat.com avatar

    I have never heard of phone updates installing bloatware. The only time bloatware is present is when you first use the phone

    LemmyKnowsBest,

    Yup, I’m telling you, when I first got this phone, first thing I noticed was fucking candy crush et al, and immediately uninstalled all that junk. And every time it runs a software update, i kid you not, within a couple days I’m looking through my phone and I notice more shit they installed. Monopoly, Candy crush, block stacking games, I didn’t ask for any of this! delete delete delete.

    Wes_Dev,

    As cool as the technology is, I wouldn’t trust Starlink to handle my breakfast order. It’s leadership is corrupt, arrogant, and evil. You can find all sorts of news stories about it online.

    PanaX, in Next smartphone I buy, which one do you recommend?

    Just a tip, you can debloat your galaxy without rooting it with adb tools. You can remove any apps you want this way fairly easily.

    Not a long term solution, and all the other comments are great options for replacement. Until then, you can remove almost anything you want until you’re ready to switch.

    lemmyingly,

    The none root method that you mentioned is just removing the application from your profile. It’s still present in the OS.

    PanaX,

    I don’t think that’s true. From XDA forums, you can choose to disable the app or completely remove it. I have completely destroyed the system from uninstalling critical apps. I have had to do a complete factory reset due to uninstalling core apps. No root whatsoever.

    lemmyingly,

    I’ve read it a few times over the years. Maybe I keep reading people say the same misinformation. I suppose without root we’ll never know.

    Your anecdotal evidence could just be that you’ve ruined your profile; although of course, you could be entirely correct.

    I’ve only used it to remove annoying apps, e.g. Facebook. I’ve never gone crazy with it as I don’t care about the manufacturer’s pre-installed apps as they’ve remained silent for me.

    FrostyCaveman, (edited ) in Privacy friendly search alerts?

    This sounds like the kind of thing you could use Huginn for… I’m still picking up how to use it expediently but it does sound possible.

    Update: I have since abandoned Huginn due to an incredible amount of instability when using it with an external Postgres instance. Can’t say I would recommend it unfortunately

    Asudox, in Next smartphone I buy, which one do you recommend?
    @Asudox@lemmy.world avatar

    Google Pixel with GrapheneOS.

    omnissiah,
    @omnissiah@iusearchlinux.fyi avatar

    Im going to do this and leave every social media except some federated instances.

    Already went with Linux and FOSS years ago. Finally time to say good riddance to everything that doesnt align for what I stand for. I like it better anyway

    unexpectedteapot,

    I keep seeing this idea everywhere. Buy a Google phone and install another OS.

    It is completely absurd to fund the exact adversaries you are running away from, while consuming, without contributing a dime, merely a piece of free software. (It is only a small piece of freedom because none of the hardware is free, and some binary blobs [incl. potential backdoors] will still be present in the alternative OS no matter which one it is.)

    This is unsustainable, terrible, damaging advice. Stop giving it.

    mihor,

    Well, the only viable alternative then seems to be some sort of Linux phone, then.

    unexpectedteapot, (edited )

    Fairphone, Librem, PinePhone, f(x)tec, etc. are available alternatives, yes.

    Even a OnePlus is better than directly funding and supporting the adversary organisation that is one of the biggest surveillance capitalism corporations on earth.

    mihor,

    Fair point, I suppose the only thing preventing me from going for Linux phone are banking apps which want to run on unrooted android. 🤷🏼‍♂️

    Boring,

    Buy a pixel off marketplace then. You can brag about saving e-waste.

    Google isn’t a bad company, just a product of poor regulation. They have amazing engineers and produce valuable hardware and that should be praised.

    Its the business side of things which needs massive regulation and an ethics check.

    unexpectedteapot, (edited )

    It is not about “bragging” or whatever. Nor is it about “bad” or “good”.

    By funding or promoting the use of Google products, you would be funding litigation and influence such as lobbying to keep poor regulation as it is, if not worse. You would be funding their acquisitions of great tech and startups that might offer a more ethical and/or free technology. You would be funding their poaching of said engineers and valuable hardware intellectual property.

    Simply put, it is a counterproductive and an unsustainable practice.

    That being said, their amazing engineers, and technical value of their hardware are irrelevant to this community, post and comment. That simply doesn’t excuse their entire business model being built on breaches of privacy and other forms of curbing user freedoms.

    thayer,

    The bottom line is that GrapheneOS is the most security-focused mobile operating system available, and the Google Pixel is pretty well the only mainstream phone with an unlockable bootloader.

    If Alphabet were to ever lock down the Pixel’s bootloader, the GOS devs would undoubtedly jump ship to a lesser available platform in order to continue the project. But until then, no other hardware comes close with respect to embedded security.

    Imprint9816, in Michael Bazzell's Irish Exit

    A little bummed as I enjoyed the podcast, oh well.

    Unsubscribed from the podcast and added the blog to my rss reader.

    Lemongrab, in private browsers wiki im working on
    @Lemongrab@lemmy.one avatar

    Add cromite (the main bromite fork) which is on Windows and Android, and Mull by DivestOS (like arkenfox for Android). If you want to make a mobile section I would recommend Mull, Cromite, Fenix (fdroid). The thing with privacy browsers is they differ from security centric browsers. Vandium and Mulch are chromium security browsers for Graphene and Divest respectively, Cromite is a privacy chromium browser with good security as well. Ungoogled is designed as a drop in replacement for vanilla Chromium, and has custom flags for hardenning that must be enabled manually.

    Spider89, (edited )

    Isnt chromite obsolete?

    EDIT: Nevermind…

    Lemongrab,
    @Lemongrab@lemmy.one avatar

    How

    Spider89,

    Whopps, Had bromite and cromite backwards.

    UprisingVoltage,

    That one’s bromite, which is discontinued. Cromite is the successor to that project

    Spider89, (edited )

    Opps. Got them backwards…

    Templa, (edited )

    Will Cromite be able to keep blocking ads when Manivest v3 roll out? I currently refuse to use Chromium browsers and I am trying to run Mull on my newly acquired Pixel with Graphene, but I’ve been having a few issues with it (constant crashes and such). I am aware the Graphene team doesn’t recommend Gecko based browsers but Vanadium is a nono for me since there’s no ad blocking on it so I am really struggling on which mobile browser to use.

    Lemongrab,
    @Lemongrab@lemmy.one avatar

    Iirc Manifest v3 effect extensions. Chromium mobile doesnt support extensions in the first place (except kiwi which isnt great for privacy). Cromite uses imported blocklists in the settings and therefore should be alright.

    Templa,

    Chromium mobile doesnt support extensions in the first place

    I completely forgot about that! Thank you for the reply

    LWD, (edited ) in Is it better to use a non-FOSS email and phone number forwarder or to use one of each for everything?

    deleted_by_author

  • Loading...
  • _s10e,

    Which of those work for phone numbers (SMS validation)? Email is easy.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • localhost
  • All magazines
  • Loading…
    Loading the web debug toolbar…
    Attempt #