You don’t want a randomised fingerprint, as that is relatively unique among a sea of fingerprints [1]. What you want is a fingerprint that’s as similar to everyone else (generic) as possible; that’s what Firefox’s resist fingerprinting setting aims to do, and what the Tor browser does.
[1] There are many values you can’t change, so the randomisation of the ones you can change could end up making you more unique … think of it like having your language set to french but are based in the USA — that language setting can’t uniquely identify the French in france, but will stick out like a sore thumb if set in shitsville Idaho. It’s likely the same if you use firefox but have your user agent set to chrome; that’s more rare and unique than not changing the user agent at all.
No, that’s absolutely incorrect. You want a new fake fingerprint every single time someone asks your browser for your information. You want it to lie about your plugins, user agent, your fonts and your screen size. Bonus if you use common values, but not necessary.
The randomized data they’re providing isn’t static and it isn’t the same from session to session.
100% White noise is a far better obfuscation than a 40% non-unique tracking ID. Yes, your data is lumped in with 47 million other users, but used in conjunction with static pieces of your data you become uncomfortably identifiable.
Yeah… I don’t know why a bunch of privacy bros think they know better than the CS and cryptography PhD’s of the Tor project; the most advanced and complex privacy and anonymity preserving project in computing history.
But isn’t randomization supposed to give you a different unique fingerprint each time? So yes, you would be unique and easily tracked but only until your fingerprint changes
That was addressed above, you ever see “identical” twins? They look exactly the same if you see then once, twice, 3 times, but if you see both of them constantly, you’ll start seeing the small difference in them and then be able to identify who’s who. Same exact thing.
I don’t think there is any proven results, but I think the reason the EFF prefers Braves decision is the philosophy that there are so many data points that it could be possible to link you to it using the ones not standardized by anti fingerprinting.
Like ways to incorrectly describe someone. One describes a guy correctly but generically. One describes a guy with a lot of detail but the wrong race and two feet too short.
This can be an effective method for breaking persistence, but it is important to note that a tracker may be able to determine that a randomization tool is being used, which can itself be a fingerprinting characteristic. Careful thought has to go into how randomizing fingerprinting characteristics will or will not be effective in combating trackers.
In practice, the most realistic protection currently available is the Tor Browser, which has put a lot of effort into reducing browser fingerprintability. For day-to-day use, the best options are to run tools like Privacy Badger or Disconnect that will block some (but unfortunately not all) of the domains that try to perform fingerprinting, and/or to use a tool like NoScript( for Firefox), which greatly reduces the amount of data available to fingerprinters.
So the EFF seem to recommend generic over randomisation…
Maybe ask yourself why the Tor project decided against randomisation?
Another vote for fairphone here, but for reasons others failed to mention: replaceable battery, so even after 2 years, it can feel like new and keep most of its value (to resell if wanted); 5 years of updates + warranty; support for after market roms. Then there’s also the fair ethics part of it
Not killing, but degrades in performance because batteries have a limited amount of charge cycles. The more intensive you use your phone, the faster the battery degrades
very few, and one has to try so many times… I gave up. I guess RSS feeds whenever possible. though that consumes disk if local, so I’m really reluctant…
I don’t nas, but I suggest a combination of offline drives, cloud services or remote hosts, and just ignoring data that is easy to recreate like builds and software installs.
The key is to keep the data organized in such a way that you know which parts deserve which strategy.
I believe that Firefox has a mechanism where millions of users all have the same fingerprint, which makes the whole concept of browser fingerprinting useless.
It’s under the shield on the left of the address bar, better protection against tracking enables this and a bunch of other features. Also on by default in private mode.
Yes. Brave focuses on providing random data points each time it’s asked (e.g. screen size). A hardened Firefox will try to provide a generic fingerprint.
Apples to oranges more or less, I’m unaware of any proof that one or the other is considerably better across the board. Though my gut does tell me that randomization is a lot better in the specific situation of regularly signing in and out of accounts.
Pixel with GrapheneOS. Only one that will give you the complete control, as well as the privacy (and) security done right. Also the only one that will let you have a fully functional phone, have things like working bank apps, and let you beat the Goog out of the benefits of the play services, while at the same time not allowing them to have privileged access on your phone. They’re just normal apps that you are in control of.
I’m not going to affiliate with any conglomerate like Verizon or AT&T or Sprint or T-Mobile etc, I prefer to go rogue somehow,
Yes, you will. Because that’s who has the mobile networks. There is no such thing as going rogue. Going with an MVNO isn’t avoiding them, that’s a mind game. If you can save money going with one cool, but don’t kid yourself that you’re not on one of the 3 carriers, because you will be.
I’m just trying to avoid getting bloatware installed on my phone every time they run a mandatory software update. that was probably a Samsung thing and had nothing to do with Verizon but whatever the case,
Yup, I’m telling you, when I first got this phone, first thing I noticed was fucking candy crush et al, and immediately uninstalled all that junk. And every time it runs a software update, i kid you not, within a couple days I’m looking through my phone and I notice more shit they installed. Monopoly, Candy crush, block stacking games, I didn’t ask for any of this! delete delete delete.
As cool as the technology is, I wouldn’t trust Starlink to handle my breakfast order. It’s leadership is corrupt, arrogant, and evil. You can find all sorts of news stories about it online.
Just a tip, you can debloat your galaxy without rooting it with adb tools. You can remove any apps you want this way fairly easily.
Not a long term solution, and all the other comments are great options for replacement. Until then, you can remove almost anything you want until you’re ready to switch.
I don’t think that’s true. From XDA forums, you can choose to disable the app or completely remove it. I have completely destroyed the system from uninstalling critical apps. I have had to do a complete factory reset due to uninstalling core apps. No root whatsoever.
I’ve read it a few times over the years. Maybe I keep reading people say the same misinformation. I suppose without root we’ll never know.
Your anecdotal evidence could just be that you’ve ruined your profile; although of course, you could be entirely correct.
I’ve only used it to remove annoying apps, e.g. Facebook. I’ve never gone crazy with it as I don’t care about the manufacturer’s pre-installed apps as they’ve remained silent for me.
This sounds like the kind of thing you could use Huginn for… I’m still picking up how to use it expediently but it does sound possible.
Update: I have since abandoned Huginn due to an incredible amount of instability when using it with an external Postgres instance. Can’t say I would recommend it unfortunately
Im going to do this and leave every social media except some federated instances.
Already went with Linux and FOSS years ago. Finally time to say good riddance to everything that doesnt align for what I stand for. I like it better anyway
I keep seeing this idea everywhere. Buy a Google phone and install another OS.
It is completely absurd to fund the exact adversaries you are running away from, while consuming, without contributing a dime, merely a piece of free software. (It is only a small piece of freedom because none of the hardware is free, and some binary blobs [incl. potential backdoors] will still be present in the alternative OS no matter which one it is.)
This is unsustainable, terrible, damaging advice. Stop giving it.
Fairphone, Librem, PinePhone, f(x)tec, etc. are available alternatives, yes.
Even a OnePlus is better than directly funding and supporting the adversary organisation that is one of the biggest surveillance capitalism corporations on earth.
It is not about “bragging” or whatever. Nor is it about “bad” or “good”.
By funding or promoting the use of Google products, you would be funding litigation and influence such as lobbying to keep poor regulation as it is, if not worse. You would be funding their acquisitions of great tech and startups that might offer a more ethical and/or free technology. You would be funding their poaching of said engineers and valuable hardware intellectual property.
Simply put, it is a counterproductive and an unsustainable practice.
That being said, their amazing engineers, and technical value of their hardware are irrelevant to this community, post and comment. That simply doesn’t excuse their entire business model being built on breaches of privacy and other forms of curbing user freedoms.
The bottom line is that GrapheneOS is the most security-focused mobile operating system available, and the Google Pixel is pretty well the only mainstream phone with an unlockable bootloader.
If Alphabet were to ever lock down the Pixel’s bootloader, the GOS devs would undoubtedly jump ship to a lesser available platform in order to continue the project. But until then, no other hardware comes close with respect to embedded security.
Add cromite (the main bromite fork) which is on Windows and Android, and Mull by DivestOS (like arkenfox for Android). If you want to make a mobile section I would recommend Mull, Cromite, Fenix (fdroid). The thing with privacy browsers is they differ from security centric browsers. Vandium and Mulch are chromium security browsers for Graphene and Divest respectively, Cromite is a privacy chromium browser with good security as well. Ungoogled is designed as a drop in replacement for vanilla Chromium, and has custom flags for hardenning that must be enabled manually.
Will Cromite be able to keep blocking ads when Manivest v3 roll out? I currently refuse to use Chromium browsers and I am trying to run Mull on my newly acquired Pixel with Graphene, but I’ve been having a few issues with it (constant crashes and such). I am aware the Graphene team doesn’t recommend Gecko based browsers but Vanadium is a nono for me since there’s no ad blocking on it so I am really struggling on which mobile browser to use.
Iirc Manifest v3 effect extensions. Chromium mobile doesnt support extensions in the first place (except kiwi which isnt great for privacy). Cromite uses imported blocklists in the settings and therefore should be alright.
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.