As far as hiding your online fingerprint, I feel that having a clean-slate browser container, while certainly a hassle, can go some way towards protecting yourself, but...these great minds will find another way.
We wanted flying cars, instead we got 140 characters. - Peter Thiel
Damn you Twitter, damn you to hell, for hiring all those flying car specialists.
Well, don't forget mass surveillance.
I wouldn't be so generous.
It seems entirely plausible from where I sit that some of the technology companies with the highest average talent (for some hand-wavy) in engineering are spending a ton of that talent , and wealth, and time focusing on problems that don't have very compelling value in a broader societal sense. While at the same time some interesting and clearly important problems are severely under-resourced.
I suppose that's part of free-ish market capitalism's feature set - if above is right it should eventually re-balance but nothing says that has to happen in one generation, or even several.
I just sign into Facebook, Google, &c services using one browser, and do everything else in another — all of which all have µBlock Origin, Privacy Badger, whitelist-based cookie managers and the like installed.
EDIT: One advantage of this approach is potentially significantly raising the noise floor in Tor traffic. That, by itself, is a win.
EDIT 2: Also IP-level tracking and fingerprinting. See below...
> Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.
> Implementing filter-based blocking directly into the browser, such as done with Firefox' Tracking Protection, does not alleviate the concerns mentioned in the previous paragraph. There is still just a list containing specific URLs and hosts which, in this case, are assembled by Disconnect and adapted by Mozilla.
> Trying to resort to filter methods based on machine learning does not solve the problem either: they don't provide a general solution to the tracking problem as they are working probabilistically. Even with a precision rate at 99% and a false positive rate at 0.1% trackers would be missed and sites would be wrongly blocked.
> Filter-based solutions in general can also introduce strange breakage and cause usability nightmares. For instance, there is a trend to observe that websites start detecting filer extensions and block access to content on them. Coping with this fallout easily leads to just whitelisting the affected domains, hoping that this helps, defeating the purpose of the filter in the first place. Filters will also fail to do their job if an adversary simply registers a new domain or creates a new URL path. Worse still, the unique filter sets that each user creates or installs will provide a wealth of fingerprinting targets.
That's not true, see all the values that can be used to fingerprint a browser: https://fpcentral.tbb.torproject.org/fp https://browserprint.info https://www.torproject.org/projects/torbrowser/design/#finge...
My only complaint is that if you have canvas fingerprint randomization turned on it still counts as unique.
It's not a good idea to randomize it, see the Tor Browser design document for more details https://www.torproject.org/projects/torbrowser/design/#finge...
At any rate, a randomized canvas or WebGL fingerprint shouldn't be very useful for tracking a particular browser.
After all if they know it is a residential IP, they probably know that no matter the user-agent, traffic belongs to the family. And I assume they know who all your family members are.
layout.css.visited_links_enabled set to false;
geo.enabled set to false;
media.navigator.enabled set to false;
media.peerconnection.enabled (WebRTC) set to false;
network.http.sendRefererHeader set to 0;
privacy.resistFingerprinting set to true;
privacy.firstparty.isolate set to true;
network.dns.disablePrefetch set to true;
network.prefetch-next set to false;
webgl.disabled set to true
Don't forget to also use something like uBlock Origin, Token Tracker Stipper, and Decentraleyes. Pass is all through a Pi-hole and VPN and you're pretty safe. Make sure your VPN does not expose your NAT'd IP with WebRTC. Both uBlock Origina and ScriptSafe can help with this, as FF will sometimes crap all over its about:config settings with updates.
Have been using it since it was called HTTPS switchboard. Uorigin is my go to install on all of my customers fresh installs or people who don't want to break their web experience. Works great.
- I am not sure whether privacy badger and decentraleyes are mutually exclusive.
For example, you can choose to enable a Google-hosted library (say, jQuery) on a certain domain, because you want it to work, and then decentraleyes will do its part.
Last night, my wife has Facebook adverts for chicken coops pop up on her laptop. We've not spoken about chicken coops since, I've not searched for chicken coops since the original search, she's not searched for chicken coops on her laptop and she's not used my work laptop.
If they want to track you with a "normal" browser, they'll find a way of doing it.
This is exactly what browsing via tor is trying to make harder. To fingerprint you.
You are right that fingerprinting can not be avoided completely. See the recent thread about FB tracking your mousemoves. Advertisers can use anything you do as a fingerprinting signal. It's not possible to use the web without interacting with it.
But your experience is not an example of why using the tor browser would not work. It's an example of why it is developed in the first place. To make fingerprinting harder.
It's also worth turning on Firefox's built-in tracking protection if you haven't already:
I have it set to "always". I find it catches some things that uBlock Origin misses.
I use uBlock Origin + uMatrix currently.
Your tracking situation doesn't seem out of the realm of possibility though.
1. You searched for Chicken Coops at a place.
2. That same laptop connects to your home Wi-Fi.
3. The user (you) who searched for chicken coups is connecting from a new IP.
4. Some ad engine rule says that IP belongs to a household (this probably doesn't matter; makes me wonder if people in a Starbucks get ads intended profiled against other customers).
5. Now let's just advertise chicken coupes to everyone in that house.
So in theory, this tracking attempt can be done with just a cookie and selling sets of IP+search word data, right?
Indeed. That's what's so invasive about tracking - anything that can be done to track you, will be done.
What if my search had been something more personal? Something I didn't want my wife to know about?
There's no way to opt-out of all this. We're being force fed this for the benefit of some corporation, somewhere.
The controversial thing was that you could opt-in to sending Ghostery data about what things it blocked, and Ghostery would then sell statistics about what things got blocked most often so publishers could update their website to replace the blocked items.
unlikey, at your home location, usually it is just the same few people all the time.
At a coffee shop there might a couple of the same people every time, but also lots of other random people. So would be easy to ID home location / office location / public space location.
Or perhaps they know the location is a coffee shop from their facebook location ID.
but they will know somehow
Imagine for a moment though that they can't serve you ads directly. I wonder if anyone has done research into saturating adds in a coffee shop for all the patrons? Everyone sees the same add for the Dallas Cowboys and triggers a conversation about football. Now you didn't see the add but everyone around you is talking about football.
That was another adblocker. I'm not 100% sure which one, so I'm not going to name them.
Given all this information how I am supposed to disconnect from all of this? Cause surely simply having something blocking tracking of you in a desktop browser is not enough? Also, I really enjoy services provided by Google, why should I give it all up and replace everything with "safe" alternatives? I know I am a product and my personal info and preferences are all of over the place. But I always understood this to be the price I pay for using this services ( taking about Google mainly ).
What is the impact of IPv6 on regular users privacy?
The only part of your address that doesn't change is the same part that is unchanged in the IPv4 case.
Unless you have CGNAT of course, but I don't think anyone would argue that that thing is a good thing to have.
They also have a more precise way to track you without a browser fingerprint.
Oddly enough it's always (in my experience) the tech types that have argued against IP addresses being personal, forgetting that we might one day switch to IPv6
That is very unusual traffic, of course, and others connecting from my inet-facing IP probably make it even more so: Steam after school, missus hitting the foreign news sites in the AM, the traffic peaks and troughs at certain times of day... we're fucked.
Privacy on the web is an information theoretic arms race with tremendously deeply asymmetric stockpiles of information.
It tracks not only by cookie or fingerprints, also by 1x1 pixel. And with the phone app even more, but nobody in his privacy aware mind should use the 2 apps anyways. Their constant recording of audio drains the battery too much, and their m. and mbasic. web urls are good enough.
"blog.torproject.org normally uses encryption to protect your information. When Google Chrome tried to connect to blog.torproject.org this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be blog.torproject.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit blog.torproject.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."
2. uBlock Origin in medium mode - kills 3p scripts and 3p frames
3. Private windows/tabs by default - kills 3p cookies and storage
That's all kids :)
And a separate browser with just ad blocker and blocked 3rd party cookies.
Do I really need Tor?
But let's dream, what would your protocol be?
For some reason I have always had a hang up on the headers. The lack of real concrete specs, forging clients, and now the ugly monstrosity of CSP. I love the effect, but in my dream new protocol we have to opt into features during some kind of app / client handshake.
Let's strap some sockets to HTTP and run them through a web server. We'll call them Web Sockets.
Chat? I have this crazy idea called WebRTC. .. although our original idea was a huge security hole and now it's pretty much just used for games .. because browsers don't do Datagrams so let's just do some more hacking with WebRTC.
Anyone remember when Firefox was the lightweight version of Mozilla and web browsers were used to browse the web?
1. No more "any device can talk to any device" it won't work. It leads to horrible hacks like half the internet relying on cloudflare and email centralizing in an oligopoly. We need a web-of-trust at the connection layer robust enough to be embeddable in our network gear.
2. No more "I'm a packet from xyz because I say so" and of course no more untrusted, unsigned, unencrypted streams (ie, no plain UDP).
3. No more third party connections. We don't really need them. Just put whatever data you want in the URL like we do with OAuth. Everything else is adware or malware or trackware. I'm not blaming people, I understand how incentives shape behaviour. They shape mine too. We exist in the paradigm that we find ourselves in. But I envision a better world.
4. Simplified character sets within contexts. No more zero-width characters where we don't expect them (see zachaysan.com/zero for more info) or any of that shit.
6. No stupidness with PDFs. It's not worth it. There will be 0days in PDFs for as long as we use them. They're too fucking complicated. Just use HTML, SVG, or images. CSS is smart enough to make print formats for A4 and Letter.
7. Ideally either make a new HTML that is JSON based instead of XML based and either way make the web-of-trust default to downgrading trust on entities that pass malformed documents. Parsing broken XML is bug prone.
8. DNS is so fucking dumb it's painful. Just use the WoT and fallback trust nodes for when calamity hits (someone steals your keys).
There is more to it, but I'm just getting back from a comedy show and I've had a couple and I already feel like I'm not being as coherent as this topic deserves so I'll end it there. If you're interested in being part of a beta group contact me.
In practice, this might mean the end of net neutrality, and could entrench the Googles of the world -- "shoot, I can't send a packet to them, but they trust Google, so I guess I will too."
> No stupidness with PDFs
I hold out hope for sandboxing. WASM could kill browser PDF plugins easily enough. Hell, JS probably could already...
Could you say a little more about "third party connections"? Do you mean no loading resources from other domains? No CORS? Or something else?
I'm a bit confused with this. Are you talking about deprecating CORS? How would putting information in a URL mean that you didn't need a third party request anymore?
I may also be misunderstanding here, but are you talking about getting rid of clientside scripting? Or moving all scripting serverside? If that's the case, do you have any plans on how to get businesses, devs, and users on board with that?
I understand that there's a sizable population on HN that would prefer if the web be a static document service and not an app platform, but even if they're right they have almost zero chance of getting anyone else to agree with them.
If that's not what you're talking about and you just hate JS, then you should look into web assembly as a compile target.
> We need a web-of-trust at the connection layer robust enough to be embeddable in our network gear.
This just screams vendor lock-in to me. It's very important that connection information and permissions be user-configurable.
It also seems at first glance like it might be problematic for security. Baking trust models into firmware means that it's a lot harder to patch them when the models need to be updated.
> no more untrusted, unsigned, unencrypted streams
I'm pretty sure Chrome is already heading in this direction. Archivists are mad about it, but I suspect HTTP will be deprecated sometime in the future.
> DNS is so f---- dumb it's painful.
Completely agreed. I would love to see DNS put out of its misery.
I'm saying there is no real need, technically, to have third party at _all_. If you want an image you can host an image or you can link to it. Same with fonts. I have yet to see a CORS request that couldn't have been done with a user clicking on a link and having a page load. All of this stuff is bleeding data to third parties. And again, I'm not blaming third parties making money within the system we have. If it's legal it's fine with me, but when we have governments around the world starting to figure out how bad it is they're going to try to legislate this problem away and it both wont work and it will also quadruple the costs of doing anything.
> This just screams vendor lock-in to me.
Don't worry, I'm designing it with this risk in mind.
> Baking trust models into firmware
As long as the firmware is capable of software update, it should be fine. ASIC-y type of gear may need to push the trust check to other sides of the pipe.
> I understand that there's a sizable population on HN that would prefer if the web be a static document service and not an app platform, but even if they're right they have almost zero chance of getting anyone else to agree with them.
I think it's tricky. We obviously need client side code in some contexts, but I think something could be designed such that things like Reddit wouldn't require arbitrary code execution. As for JS specifically, I don't love the syntax, but it isn't the worst in the world. But there is a long, long, long list of things that need to be removed from it to make it more secure.
I think web assembly is a mistake. If we turn our browsers into operating systems we're going to get all the problems OSes have. Side channel attacks are easier, protected data in JS enclosures is harder, etc.
That's all I'm going to say for now, I try not to talk about my projects before they're kinda functional because before you figure out all the finicky details you can come off sounding like an idiot to someone else that has a more closeup view to one part of it. Take WebAssembly, for example, I haven't closely poured over it and here I am saying that its a mistake. But everything is getting so complicated so quickly its impossible to keep up, so I have to cut things somewhere. This is another problem I have with the modern stack. We keep piling things onto it to support all these crazy use cases, but then we can't stay ahead of all the potential ways people can abuse it.
- No more "any device can talk to any device"
- No more "I'm a packet from xyz because I say so"
- No more third party connections.
I like the opennes of the web and the fact that anyone can connect to anything sans authehtcation.
Jokes aside, the embedded web-of-trust sounds very interesting. Can you elaborate on that?
Would switches and routers be "certified" or "licensed"?
The WoT has a concept of "depth" or "importance" so even if all of your closest friends are angels that live in Toronto and follow the law, and even if you're an upstanding netzien, you can't just call Vladimir Putin's phone number.
That there is some measure of non-connectivity is a feature not a bug. We'll be able to start running our own email servers again! We won't have to worry about telephone calls from awful marketing companies! It won't be a utopia, computers will still get hacked and your keys will be misused until they're detected and replaced, but at least we won't have to worry about Grandma get swindled out of her inheritance.
Now I think it's likely the best weapon available which can be easily wielded by the average user.
I use a heavily-modified Firefox instance over a VPN with uBlock Origin, Privacy Badger, Disconnect, No Coin, Script Safe, Token Tracker Stripper, Neat URL and too many about:config edits to mention.
I do recommend disabling http/s referrer, CSS visited links, and others as can be learned online.
In addition, I pass all of this through a remote computer with a Raspberry Pi/Pi-hole instance. This has worked well for me for a couple of years. As I have no real social media accounts, I'm not building any meaningful profiles. Accounts like HN or Slashdot don't get any real info. I also don't add any apps to my iPhone. The apps that ship with the device are all I need. I can pass all of my phone's traffic through the VPN/Pi-hole instance and keep relatively safe. Being with T-Mobile means I get unlimited data so I don't need to connect to potentially hostile Wi-Fi.
I rather enjoy the "cold war" between the corporations and the security-minded. There are so great add-ons to uBlock and other add-ons that completely bypass the complaint scripts of using adblock.
Another quick way to get past fake paywalls or complaining pages is to use Startpage's proxy or even Google's cached link. I've set up so many people to use this set up and they are thrilled.
I am thinking of setting up remote desktops that can be accessed by friends and family that are VPN'd, Pi-holed, and with other security features that hide their real IPs, etc.
> I use a heavily-modified Firefox instance over a VPN with uBlock Origin, Privacy Badger, Disconnect, No Coin, Script Safe, Token Tracker Stripper, Neat URL and too many about:config edits to mention.
That's faster for you? I guess I'm a bit of a speed freak, but I recall even Disconnect by itself slowed down pages enough to make me uninstall it, let alone that combination...
I'm not on slow hardware; you just seem to prefer to just quickly make naive assumptions. First of all, the system naturally clocks down on battery, so I'm not always running at max GHz. Second, I'm not pulling this out of my rear -- I actually sat down in 2014 and measured in detail how much each of my extensions slowed the loading of Gmail, and I even still have the records. AdBlock slowed it down by 1.8 seconds; Disconnect slowed it down by 0.7 seconds (IIRC this was on AC power but I didn't record that part). I found both of these ridiculously unacceptable. Now, I've upgraded my laptop since, and so in response to this discussion right now I just did another quick test on Gmail on my current system (which I can again assure you is not slow hardware). On AC power, Disconnect still adds 120ms. On battery, it adds 400ms. Still neither of which I find acceptable (this is my email I'm talking about, not cat videos), though it's definitely better. Feel free to spend some time doing your own measurements and report them here if you have disputes.
Do you need a modern web browser at that point?
Might as well just browse with Lynx instead of using a standard browser.
I think the average person is better served through Tor even if it’s slow.
Then you make their job even easier since you are the only person within a 500 mile radius of your geolocation to still use Lynx. ¯\_(ツ)_/¯
I've had good experiences with W3M. It's similar to Lynx but much more user friendly and supports images.
So do I and it is slow and frustrating too.
For speed, yes, that's the cost of having your traffic go through a 3 relay circuit, but Tor is much faster now than it used to be.
FWIW, I still use SS on chrome, now that firefox has SS I can hopefully just use purely FF for browsing and just have a different profile with minimal addons. I'd still have to have chrome for development though.
- browsers cache results
If you do neither of these things trackers become much harder to implement.
- HTML5 "local storage"
- Plugin detection
- Hidden frames and/or WebRTC - can scan your local network
There are probably more.
[Edited: Updated to clarify that local network scanning can be done with hidden frames or WebRTC. A followup comment from me gives a public example of how]
It's simultaneously kind of smart and also really stupid. Basically, you give a valid 3rd-party domain multiple IPs, one of them normal and one of them resolving to a local IP. Then you cut off the normal one and the browser just allows you to make calls to whatever local interface you want.
There was a good defcon video about this a while back. It's a much bigger problem than most people realize. This is why it's good practice to have at least some security around devices even if they're only connected to your LAN.
I don't want to be tracked because information gathered can and will be used in ways I don't expect. Websites will game me on pricing, etc based on where I've been on their site and other sites. I could easily fall into a filter bubble, where I am only given results based on previous preferences. I would have zero control over the information gathers regarding my habits, and any conclusions they make based off of this data. And it will get stolen. And it will be used against me.
So I take as many steps as I can to prevent websites from tracking me.
Improved ad targeting may increase revenue for the website, and will improve ad relevance for the end-user. This was historically seen as a win-win; particularly if it allows a service to remain free to use.
I often get ads for programming IDEs, which I don't mind that much. I'd rather have them than beauty products, or other irrelevant items.
Not that it's actually possible to discuss the pros and cons of targeting anymore. It's become a religious issue to too many people.
I hope that addressing these strong feelings may help temper the issue, rather than poison it.
Indeed. I tried to give a very clear and non-provoking answer to a very clear question in a sibling comment but still get downvoted to oblivion.
Do you really believe that people actually care about how relevant they are? Because I'm pretty sure they don't and most of all, that's not what they want while browsing the web.
'Historically' this wasn't seen as possible. Presently, it's become incredibly creepy and intrusive.
I don't want to see any ads, let alone have entire networks of ad providers keep track of everything I do in an attempt to be the first to help themselves to the contents of my wallet.
Different medium, different market.
>The idea that we NEED tracking or the entire advertising ecosystem collapses is stupid.
Nobody made that claim. I said it may increase revenue for the website, and will improve ad relevance for the end-user.
This is exactly the "black and white" arguments I was talking about.
The benefit for me personally is being presented with ads based on retargeting. I have found many interesting products and services I wouldn't otherwise have seen. The ads on Facebook are my personal recommendation system.
Filterbubbles are easy to get out of ( just dont rely on one source) you dont avoid them just because you arent tracked.