Hacker News new | comments | show | ask | jobs | submit login
Don’t Let Facebook, or Any Tracker, Follow You on the Web (torproject.org)
318 points by jerheinze 4 months ago | hide | past | web | favorite | 143 comments



It's kinda weird, that some of the greatest minds in the world, are gathered in Silicon Valley, solely working on how to make us click on more advertisements on the internet.

As far as hiding your online fingerprint, I feel that having a clean-slate browser container[1], while certainly a hassle, can go some way towards protecting yourself, but...these great minds will find another way.

[1] https://tpaschalis.github.io/sandboxed-browser-with-docker/


The fact that these minds have decided to solely work on superfluous things seems like a hint that they might not be our greatest minds.


"The best minds of my generation are thinking about how to make people click ads," he says. "That sucks." - Jeff Hammerbacher (who built the original Data Analysis team at Facebook)

https://www.fastcompany.com/3008436/why-data-god-jeffrey-ham...


I saw the best minds of our generation writing spam filters. - Neal Stephenson

We wanted flying cars, instead we got 140 characters. - Peter Thiel


> We wanted flying cars, instead we got 140 characters. - Peter Thiel

Damn you Twitter, damn you to hell, for hiring all those flying car specialists.


> We wanted flying cars, instead we got 140 characters. - Peter Thiel

Well, don't forget mass surveillance.


> greatest minds in the world

I wouldn't be so generous.


Yeah, a lot of these individuals are "just people" at the end of the day.


It's hyperbole, sure, but there is a kernel of truth (as is often the case)

It seems entirely plausible from where I sit that some of the technology companies with the highest average talent (for some hand-wavy) in engineering are spending a ton of that talent , and wealth, and time focusing on problems that don't have very compelling value in a broader societal sense. While at the same time some interesting and clearly important problems are severely under-resourced.

I suppose that's part of free-ish market capitalism's feature set - if above is right it should eventually re-balance but nothing says that has to happen in one generation, or even several.


It’s always baffled me that the top 1% of the top 1% of MIT grads get scouted by Wall St and user data companies like Google and Facebook. What a waste of a brain


Do you really need the Tor browser to do this?

I just sign into Facebook, Google, &c services using one browser, and do everything else in another — all of which all have µBlock Origin, Privacy Badger, whitelist-based cookie managers and the like installed.

EDIT: One advantage of this approach is potentially significantly raising the noise floor in Tor traffic. That, by itself, is a win.

EDIT 2: Also IP-level tracking and fingerprinting. See below...


In that setup your browser fingerprint alone is enough to uniquely identify you, and it doesn't protect you from tracking by the first-party domains themselves. See as well: https://www.torproject.org/projects/torbrowser/design/

> Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.

> Implementing filter-based blocking directly into the browser, such as done with Firefox' Tracking Protection, does not alleviate the concerns mentioned in the previous paragraph. There is still just a list containing specific URLs and hosts which, in this case, are assembled by Disconnect and adapted by Mozilla.

> Trying to resort to filter methods based on machine learning does not solve the problem either: they don't provide a general solution to the tracking problem as they are working probabilistically. Even with a precision rate at 99% and a false positive rate at 0.1% trackers would be missed and sites would be wrongly blocked.

> Filter-based solutions in general can also introduce strange breakage and cause usability nightmares. For instance, there is a trend to observe that websites start detecting filer extensions and block access to content on them. Coping with this fallout easily leads to just whitelisting the affected domains, hoping that this helps, defeating the purpose of the filter in the first place. Filters will also fail to do their job if an adversary simply registers a new domain or creates a new URL path. Worse still, the unique filter sets that each user creates or installs will provide a wealth of fingerprinting targets.


In practice IP address is the most important component of browser fingerprinting. Browser fingerprinting can tell advertisers things like: person x has a 2011 MacBook Pro, is running Firefox, and has installed these 3 plugins. If that person visits a coffeeshop, clears their cookies, then revisits the same coffeeshop they will be easy to identify because they're linked by an IP address and a fairly unique configuration. Once you take IP address and city out of the equation browser fingerprinting becomes much harder, because the chances that someone else in the world has the same configuration becomes much higher.


> Once you take IP address and city out of the equation browser fingerprinting becomes much harder

That's not true, see all the values that can be used to fingerprint a browser: https://fpcentral.tbb.torproject.org/fp https://browserprint.info https://www.torproject.org/projects/torbrowser/design/#finge...


There is also Panopticlick

https://panopticlick.eff.org/

My only complaint is that if you have canvas fingerprint randomization turned on it still counts as unique.


> My only complaint is that if you have canvas fingerprint randomization turned on it still counts as unique.

It's not a good idea to randomize it, see the Tor Browser design document for more details https://www.torproject.org/projects/torbrowser/design/#finge...


I was referring to WebGL and Canvas fingerprinting there, which the document seems to be in favor of, although they return a single value instead of a randomized value--presumably so all TOR browsers will look the same and muddy the data.

At any rate, a randomized canvas or WebGL fingerprint shouldn't be very useful for tracking a particular browser.


Read the "Strategies for Defense: Randomization versus Uniformity" part.


Most of their drawbacks to randomization apply to uniformity too, other than sites changing behavior due to your randomization. Uniformity has the big drawback of making it apparent that you're using the Tor browser, which is a red flag in some cases. At the very least it invites extra scrutiny. It's a strange design decision in my opinion to announce to loudly that a visitor is using the Tor browser when they presumably want to attract as little attention as possible.



Is browser fingerprinting without IP address really feasible, given that 80% of users use a smartphone, which is always fullsize and usually hasn’t any plugins?


Just look at phone browser's User agent and you will be up for a surprise.


Do they not try to match you based on your IP?

After all if they know it is a residential IP, they probably know that no matter the user-agent, traffic belongs to the family. And I assume they know who all your family members are.


When you use tor it says not to maximize the window because sites can use your screen resolution to track you. More realisticly they could match operating system from the user agent with other data. I remember chrome being acused of putting serial number like strings in the user agent. Why would they not?


These are the basic basics for tweaking FF's about:config. There are many more. Try these and see how you fare...

layout.css.visited_links_enabled set to false; geo.enabled set to false; media.navigator.enabled set to false; media.peerconnection.enabled (WebRTC) set to false; network.http.sendRefererHeader set to 0; privacy.resistFingerprinting set to true; privacy.firstparty.isolate set to true; network.dns.disablePrefetch set to true; network.prefetch-next set to false; webgl.disabled set to true

Don't forget to also use something like uBlock Origin, Token Tracker Stipper, and Decentraleyes. Pass is all through a Pi-hole and VPN and you're pretty safe. Make sure your VPN does not expose your NAT'd IP with WebRTC. Both uBlock Origina and ScriptSafe can help with this, as FF will sometimes crap all over its about:config settings with updates.


FF also has an extension for always opening Facebook in an isolated container: https://github.com/mozilla/contain-facebook


Note that this also has some insane side effects, eg setting resist fingerprint also breaks anything that assumed JavaScript date objects actually reflect local time. Like Gmail. Surprise!


A VPN does not offer privacy-by-design, it's at best a privacy-by-policy product.


Wouldn't a randomly sized window be more unique than a fullscreen resolution (of which there are probably only a handfull of common ones)?


The idea is to keep the same standard unmaximized window size across all TOR Browser users. Yes, a randomly sized window is worse than full screen, which is worse than the TOR-standard size.


Completely agree. And moreover they don’t need to match you with 100% level of confidence. Even something as low as 10% is probably enough.


That's also a good reason, thanks! If I'm blocking trackers from those sites in all of my browsers, though, are they ever even seeing my IP outside the traffic I deliberately send them?


Not all trackers are client-side


And people wonder why some of us talk about the unclean hands of the online ad/tracking/modeling/&c industry...


I also use the two browser approach, plus a vpn, to get some tracking protection.



Umatrix (same guy) + privacy badger (eff)

Have been using it since it was called HTTPS switchboard. Uorigin is my go to install on all of my customers fresh installs or people who don't want to break their web experience. Works great.


- I tried Umatrix but it was too much configuration for me. ublock provides me with a sane out of the box experience.

- I am not sure whether privacy badger and decentraleyes are mutually exclusive.


I don't think they are.

For example, you can choose to enable a Google-hosted library (say, jQuery) on a certain domain, because you want it to work, and then decentraleyes will do its part.


Those add-ons provide some privacy, but they have a different effect than Tor. As examples, despite using the above add-ons, your ISP still knows which domains you visit, as anyone else who can see the network traffic and as does your DNS provider; and the domains you visit know who you are.


I use Pi-hole, a DNS level blocker, + uBlock Origin. This combo should provide a much better protection against tracking.


How does that protect you against trackers and against identifying you based on your IP address and browser fingerprint?


4 weeks ago I found an injured pidgeon, took it a rescue place and got chatting to the owner about chickens. I came home, searched for chicked coops on my business laptop. This laptop runs Firefox, uBlock and Ghostery.

Last night, my wife has Facebook adverts for chicken coops pop up on her laptop. We've not spoken about chicken coops since, I've not searched for chicken coops since the original search, she's not searched for chicken coops on her laptop and she's not used my work laptop.

Creepy.

If they want to track you with a "normal" browser, they'll find a way of doing it.


Your fingerprint and her fingerprint are stored as highly related by advertisers. Because you shared so many things in the past. IP, Location etc.

This is exactly what browsing via tor is trying to make harder. To fingerprint you.

You are right that fingerprinting can not be avoided completely. See the recent thread about FB tracking your mousemoves. Advertisers can use anything you do as a fingerprinting signal. It's not possible to use the web without interacting with it.

But your experience is not an example of why using the tor browser would not work. It's an example of why it is developed in the first place. To make fingerprinting harder.


It might not have happened through the work laptop. Did you give the bird rescue your contact info, or even just call them before showing up? If their phone has the facebook app on it, then facebook knows you were in touch with them the other day. They already know your phone number, because by now several of your friends and relatives (if not you or your wife) have given facebook permission to import all their contacts.


The rescue place is really just a private house and a old woman who loves animals... she doesn't take contact info and I'm not sure she has a Facebook account or any social presence.


> This laptop runs Firefox, uBlock and Ghostery.

It's also worth turning on Firefox's built-in tracking protection if you haven't already:

https://support.mozilla.org/en-US/kb/tracking-protection

I have it set to "always". I find it catches some things that uBlock Origin misses.


Doesn't Ghostery allow in certain trackers if they're paid? I remember there was some controversy about their funding model.

I use uBlock Origin + uMatrix currently.

Your tracking situation doesn't seem out of the realm of possibility though.

1. You searched for Chicken Coops at a place. 2. That same laptop connects to your home Wi-Fi. 3. The user (you) who searched for chicken coups is connecting from a new IP. 4. Some ad engine rule says that IP belongs to a household (this probably doesn't matter; makes me wonder if people in a Starbucks get ads intended profiled against other customers). 5. Now let's just advertise chicken coupes to everyone in that house.

So in theory, this tracking attempt can be done with just a cookie and selling sets of IP+search word data, right?


"Your tracking situation doesn't seem out of the realm of possibility though."

Indeed. That's what's so invasive about tracking - anything that can be done to track you, will be done.

What if my search had been something more personal? Something I didn't want my wife to know about?

There's no way to opt-out of all this. We're being force fed this for the benefit of some corporation, somewhere.


> Doesn't Ghostery allow in certain trackers if they're paid? I remember there was some controversy about their funding model.

The controversial thing was that you could opt-in to sending Ghostery data about what things it blocked, and Ghostery would then sell statistics about what things got blocked most often so publishers could update their website to replace the blocked items.


> makes me wonder if people in a Starbucks get ads intended profiled against other customers)

unlikey, at your home location, usually it is just the same few people all the time.

At a coffee shop there might a couple of the same people every time, but also lots of other random people. So would be easy to ID home location / office location / public space location.

Or perhaps they know the location is a coffee shop from their facebook location ID.

but they will know somehow


Two ways I'm aware of. If your time at the coffee shop is regular (arrive at 3:15 because that's when your break is from work) they can place you with other regulars (you go there with your wife every day after work, you get dark roast and she gets a tea). Second if you're a black hole of privacy features and everyone else around you is not... well you get identified that way. Like herd immunity there is a risk if your behavior makes you an outlier.

Imagine for a moment though that they can't serve you ads directly. I wonder if anyone has done research into saturating adds in a coffee shop for all the patrons? Everyone sees the same add for the Dallas Cowboys and triggers a conversation about football. Now you didn't see the add but everyone around you is talking about football.


> Doesn't Ghostery allow in certain trackers if they're paid?

That was another adblocker. I'm not 100% sure which one, so I'm not going to name them.


That's Adblock Plus and Acceptable Ads.

https://adblockplus.org/acceptable-ads


Yes, Ghostery was bought out. Regardless of what they say I wouldn't trust the current model. I currently use Privacy Badger instead.


I just wish more web sites would provide official TOR and/or i2P addresses (so we wouldn't need exit-nodes) yet nobody among them seems interested in visitors they can't track. Both the fact there are hardly any non-illegal websites maintaining native TOR/i2P presence and the fact every major WWW site demands you to agree to be tracked now as GDPR doesn't allow this to be done silently suggests this.


FYI Facebook, NYTimes, Wikipedia, and a few other prominent sites operate hidden services: https://en.m.wikipedia.org/wiki/List_of_Tor_hidden_services


I need a genuine advice. I own Google Pixel 2 because I needed a good mobile camera, I also have a Chromebook with Cruton as I needed a cheap Linux notebook. I use Google Maps, Gmail, WhatsUp, Google Photos, Google Drive, Messenger ( the only thing I don't have is a FB app).

Given all this information how I am supposed to disconnect from all of this? Cause surely simply having something blocking tracking of you in a desktop browser is not enough? Also, I really enjoy services provided by Google, why should I give it all up and replace everything with "safe" alternatives? I know I am a product and my personal info and preferences are all of over the place. But I always understood this to be the price I pay for using this services ( taking about Google mainly ).


Tor is too slow for general browsing. I only use it for security related stuff. I wish it was faster.


It's a tradeoff. You can't easily have both.


Related question:

What is the impact of IPv6 on regular users privacy?


Less NAT means less household/workplace/etc-level traffic mixing means less plausible deniability for users.


Address randomisation should give you the same level of deniability.

The only part of your address that doesn't change is the same part that is unchanged in the IPv4 case.

Unless you have CGNAT of course, but I don't think anyone would argue that that thing is a good thing to have.


A random address may make it harder to track individual devices over time, but if two sites see the same IPv6 it will be harder to argue that it's two different devices.


In theory you can track individual devices in a household instead of grouping everyone in one house, small business, building, etc. as one IP.

Currently, even with the limitations of IPv4, most trackers can use cookies and browser fingerprints (your browser's headers, fonts, etc.) to individually identify you even behind NAT. But with IPv6, ad engines could potentially identify that you're running two different browsers on the same laptop or device, and associate both of those browsers to _you_ (some type of single targeting profile).

They also have a more precise way to track you without a browser fingerprint.


Note that 95% of people browsing with IPv6 are probably using SLAAC with privacy extensions, so all your devices IPs should be frequently changing (at least every day, but you can lower the timeout). Only the subnet would stay the same, similar to a NAT’ed IP.


As it's evident from NAT they can track even behind a single IPv4. As long they know your prefix the privacy extensions don't really help. Of course one could have a dynamic prefix similar to dynamic IPs residential ISPs use. It's funny, in the past a static IP was considered a valuable feature for a residential internet connection. Nowadays, I'm wondering if dynamic IPs are more viable from a privacy perspective.


This is likely why the GDPR considers IP addresses as personal data.

Oddly enough it's always (in my experience) the tech types that have argued against IP addresses being personal, forgetting that we might one day switch to IPv6


The same as ipv4.


Use of NAT to cope with IPv4 issues has an unintended privacy benefit. IPv6 obviates NAT and the privacy benefits.


But IPv6 also adds IPv6 privacy extensions (used by default by many systems).


On the totem pole of tech nous, I am very close to the bottom. So can someone explain to me "remote browsing" is not a thing? Login to your VPS (or whatever), start and encrypted X session, and browse away.

That is very unusual traffic, of course, and others connecting from my inet-facing IP probably make it even more so: Steam after school, missus hitting the foreign news sites in the AM, the traffic peaks and troughs at certain times of day... we're fucked.


They can identify you a number of ways without your knowledge or consent. One is timezone allocation. Another effective way is browser fingerprinting. IP addresses. Browsing patterns. Device screen size.

Privacy on the web is an information theoretic arms race with tremendously deeply asymmetric stockpiles of information.


Take a look at this library:

https://github.com/Valve/fingerprintjs2


There are many chrome extensions disabling Facebook tracking. I use "Disconnect Facebook™ pixel & FB™ tracking".

It tracks not only by cookie or fingerprints, also by 1x1 pixel. And with the phone app even more, but nobody in his privacy aware mind should use the 2 apps anyways. Their constant recording of audio drains the battery too much, and their m. and mbasic. web urls are good enough.


its an irony that on accessing the link in Chrome, it warns me about privacy error,

"blog.torproject.org normally uses encryption to protect your information. When Google Chrome tried to connect to blog.torproject.org this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be blog.torproject.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit blog.torproject.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."


1. Always-on VPN - kills main tracking feature, your IP

2. uBlock Origin in medium mode - kills 3p scripts and 3p frames

3. Private windows/tabs by default - kills 3p cookies and storage

That's all kids :)


How good is Brave browser at blocking tracking?


I have a portable browser just for Twitter/Facebook etc.

And a separate browser with just ad blocker and blocked 3rd party cookies.

Do I really need Tor?


Tor isn't the answer, it's broken. What's needed is a replacement for the modern web. At the protocol level it's busted in so many ways it isn't salvageable. The sooner we recognize that the sooner we'll be able to create its replacement.


Completely agree about broken protocol. Unfortunately, I doubt their will ever be a real impetus to abandon it; we will just keep muddling along strapping ever more duct tape.

But let's dream, what would your protocol be?

For some reason I have always had a hang up on the headers. The lack of real concrete specs, forging clients, and now the ugly monstrosity of CSP. I love the effect, but in my dream new protocol we have to opt into features during some kind of app / client handshake.


> muddling along strapping ever more duct tape

Let's strap some sockets to HTTP and run them through a web server. We'll call them Web Sockets.

Chat? I have this crazy idea called WebRTC. .. although our original idea was a huge security hole and now it's pretty much just used for games .. because browsers don't do Datagrams so let's just do some more hacking with WebRTC.

Anyone remember when Firefox was the lightweight version of Mozilla and web browsers were used to browse the web?

I feel like all modern web browsers are in a pretty sad state of bloat, are pretty much mini operating systems, and Javascript is taking over the world. It's frighteningly like that parody talk about "Yavascript"


I answered elsewhere. I completely agree on CSP; which is essentially saying: "Oh shit, we fucked up, but lets leave the default as horrible because ¯\_(ツ)_/¯ the nerds that care about this will think they have a solution."


Why is the Tor protocol broken?


How would you design a replacement for the modern web then?


I'm working on a prototype. It's (obviously) hard. But there are a couple must haves:

1. No more "any device can talk to any device" it won't work. It leads to horrible hacks like half the internet relying on cloudflare and email centralizing in an oligopoly. We need a web-of-trust at the connection layer robust enough to be embeddable in our network gear.

2. No more "I'm a packet from xyz because I say so" and of course no more untrusted, unsigned, unencrypted streams (ie, no plain UDP).

3. No more third party connections. We don't really need them. Just put whatever data you want in the URL like we do with OAuth. Everything else is adware or malware or trackware. I'm not blaming people, I understand how incentives shape behaviour. They shape mine too. We exist in the paradigm that we find ourselves in. But I envision a better world.

4. Simplified character sets within contexts. No more zero-width characters where we don't expect them (see zachaysan.com/zero for more info) or any of that shit.

5. I don't know how to fix JavaScript, but it needs fixing. JSON is cool, but it needs a complete / strict formalization to stop some edgecases.

6. No stupidness with PDFs. It's not worth it. There will be 0days in PDFs for as long as we use them. They're too fucking complicated. Just use HTML, SVG, or images. CSS is smart enough to make print formats for A4 and Letter.

7. Ideally either make a new HTML that is JSON based instead of XML based and either way make the web-of-trust default to downgrading trust on entities that pass malformed documents. Parsing broken XML is bug prone.

8. DNS is so fucking dumb it's painful. Just use the WoT and fallback trust nodes for when calamity hits (someone steals your keys).

There is more to it, but I'm just getting back from a comedy show and I've had a couple and I already feel like I'm not being as coherent as this topic deserves so I'll end it there. If you're interested in being part of a beta group contact me.


> We need a web-of-trust at the connection layer

In practice, this might mean the end of net neutrality, and could entrench the Googles of the world -- "shoot, I can't send a packet to them, but they trust Google, so I guess I will too."

> No stupidness with PDFs

I hold out hope for sandboxing. WASM could kill browser PDF plugins easily enough. Hell, JS probably could already...

Could you say a little more about "third party connections"? Do you mean no loading resources from other domains? No CORS? Or something else?


> No more third party connections. We don't really need them. Just put whatever data you want in the URL like we do with OAuth.

I'm a bit confused with this. Are you talking about deprecating CORS? How would putting information in a URL mean that you didn't need a third party request anymore?

> I don't know how to fix JavaScript, but it needs fixing. JSON is cool

I may also be misunderstanding here, but are you talking about getting rid of clientside scripting? Or moving all scripting serverside? If that's the case, do you have any plans on how to get businesses, devs, and users on board with that?

I understand that there's a sizable population on HN that would prefer if the web be a static document service and not an app platform, but even if they're right they have almost zero chance of getting anyone else to agree with them.

If that's not what you're talking about and you just hate JS, then you should look into web assembly as a compile target.

> We need a web-of-trust at the connection layer robust enough to be embeddable in our network gear.

This just screams vendor lock-in to me. It's very important that connection information and permissions be user-configurable.

It also seems at first glance like it might be problematic for security. Baking trust models into firmware means that it's a lot harder to patch them when the models need to be updated.

> no more untrusted, unsigned, unencrypted streams

I'm pretty sure Chrome is already heading in this direction. Archivists are mad about it, but I suspect HTTP will be deprecated sometime in the future.

> DNS is so f---- dumb it's painful.

Completely agreed. I would love to see DNS put out of its misery.


> I'm a bit confused with this. Are you talking about deprecating CORS? How would putting information in a URL mean that you didn't need a third party request anymore?

I'm saying there is no real need, technically, to have third party at _all_. If you want an image you can host an image or you can link to it. Same with fonts. I have yet to see a CORS request that couldn't have been done with a user clicking on a link and having a page load. All of this stuff is bleeding data to third parties. And again, I'm not blaming third parties making money within the system we have. If it's legal it's fine with me, but when we have governments around the world starting to figure out how bad it is they're going to try to legislate this problem away and it both wont work and it will also quadruple the costs of doing anything.

> This just screams vendor lock-in to me.

Don't worry, I'm designing it with this risk in mind.

> Baking trust models into firmware

As long as the firmware is capable of software update, it should be fine. ASIC-y type of gear may need to push the trust check to other sides of the pipe.

> I understand that there's a sizable population on HN that would prefer if the web be a static document service and not an app platform, but even if they're right they have almost zero chance of getting anyone else to agree with them.

I think it's tricky. We obviously need client side code in some contexts, but I think something could be designed such that things like Reddit wouldn't require arbitrary code execution. As for JS specifically, I don't love the syntax, but it isn't the worst in the world. But there is a long, long, long list of things that need to be removed from it to make it more secure.

I think web assembly is a mistake. If we turn our browsers into operating systems we're going to get all the problems OSes have. Side channel attacks are easier, protected data in JS enclosures is harder, etc.

That's all I'm going to say for now, I try not to talk about my projects before they're kinda functional because before you figure out all the finicky details you can come off sounding like an idiot to someone else that has a more closeup view to one part of it. Take WebAssembly, for example, I haven't closely poured over it and here I am saying that its a mistake. But everything is getting so complicated so quickly its impossible to keep up, so I have to cut things somewhere. This is another problem I have with the modern stack. We keep piling things onto it to support all these crazy use cases, but then we can't stay ahead of all the potential ways people can abuse it.


This sounds more distopian than utopian.

- No more "any device can talk to any device" - No more "I'm a packet from xyz because I say so" - No more third party connections.

I like the opennes of the web and the fact that anyone can connect to anything sans authehtcation.


EDI/EBCDIC on leased lines, yes!

Jokes aside, the embedded web-of-trust sounds very interesting. Can you elaborate on that?

Would switches and routers be "certified" or "licensed"?


No, there would be no silly certifications or centralized point(s) of control. If you buy a new phone your trust starts at 0 your mobile provider (that you pay money to) could start you off with a little trust, but start spamming servers / phone numbers / emails and you get locked out. Because the WoT is at the networking layer if you start spamming signal to the tower you're connecting to you're effectively treated the way we treat people that operate jammers now: Jail time.

The WoT has a concept of "depth" or "importance" so even if all of your closest friends are angels that live in Toronto and follow the law, and even if you're an upstanding netzien, you can't just call Vladimir Putin's phone number.

That there is some measure of non-connectivity is a feature not a bug. We'll be able to start running our own email servers again! We won't have to worry about telephone calls from awful marketing companies! It won't be a utopia, computers will still get hacked and your keys will be misused until they're detected and replaced, but at least we won't have to worry about Grandma get swindled out of her inheritance.


Where can I read more about this project?


It's not public yet. Sorry. If you subscribe to my RSS feed you'll be sure to hear about it when I start talking about it.

https://www.zachaysan.com/writing/feed.xml


Do you mind your ISP knowing what sites you are using?


Nope, not really.


Well with https://www.facebookcorewwwi.onion/ Facebook won't even know your IP and hence location (though you're not anonymous to them).


Also consider using obfuscation instead. E.g. AdNauseam and Noiszy are two examples I'm aware of.


I used to feel for smaller companies who buy ads, concerning the damage possible caused by tactics like AdNauseam regarding outragous advertising bills.

Now I think it's likely the best weapon available which can be easily wielded by the average user.


You don't need Tor to do this. Tor is slow and frustrating.

I use a heavily-modified Firefox instance over a VPN with uBlock Origin, Privacy Badger, Disconnect, No Coin, Script Safe, Token Tracker Stripper, Neat URL and too many about:config edits to mention.

I do recommend disabling http/s referrer, CSS visited links, and others as can be learned online.

In addition, I pass all of this through a remote computer with a Raspberry Pi/Pi-hole instance. This has worked well for me for a couple of years. As I have no real social media accounts, I'm not building any meaningful profiles. Accounts like HN or Slashdot don't get any real info. I also don't add any apps to my iPhone. The apps that ship with the device are all I need. I can pass all of my phone's traffic through the VPN/Pi-hole instance and keep relatively safe. Being with T-Mobile means I get unlimited data so I don't need to connect to potentially hostile Wi-Fi.

I rather enjoy the "cold war" between the corporations and the security-minded. There are so great add-ons to uBlock and other add-ons that completely bypass the complaint scripts of using adblock.

Another quick way to get past fake paywalls or complaining pages is to use Startpage's proxy or even Google's cached link. I've set up so many people to use this set up and they are thrilled.

I am thinking of setting up remote desktops that can be accessed by friends and family that are VPN'd, Pi-holed, and with other security features that hide their real IPs, etc.


> Tor is slow and frustrating.

> I use a heavily-modified Firefox instance over a VPN with uBlock Origin, Privacy Badger, Disconnect, No Coin, Script Safe, Token Tracker Stripper, Neat URL and too many about:config edits to mention.

That's faster for you? I guess I'm a bit of a speed freak, but I recall even Disconnect by itself slowed down pages enough to make me uninstall it, let alone that combination...


Tor speed is not is your control. Your hardware is in your control. As a "speed freak", I find it amusing that Disconnect would be slow for you. Interesting to see that a "speed freak" is running slow hardware.


> Tor speed is not is your control. Your hardware is in your control. As a "speed freak", I find it amusing that Disconnect would be slow for you. Interesting to see that a "speed freak" is running slow hardware.

I'm not on slow hardware; you just seem to prefer to just quickly make naive assumptions. First of all, the system naturally clocks down on battery, so I'm not always running at max GHz. Second, I'm not pulling this out of my rear -- I actually sat down in 2014 and measured in detail how much each of my extensions slowed the loading of Gmail, and I even still have the records. AdBlock slowed it down by 1.8 seconds; Disconnect slowed it down by 0.7 seconds (IIRC this was on AC power but I didn't record that part). I found both of these ridiculously unacceptable. Now, I've upgraded my laptop since, and so in response to this discussion right now I just did another quick test on Gmail on my current system (which I can again assure you is not slow hardware). On AC power, Disconnect still adds 120ms. On battery, it adds 400ms. Still neither of which I find acceptable (this is my email I'm talking about, not cat videos), though it's definitely better. Feel free to spend some time doing your own measurements and report them here if you have disputes.


Is that all?

Do you need a modern web browser at that point?

Might as well just browse with Lynx instead of using a standard browser.

I think the average person is better served through Tor even if it’s slow.


> Might as well just browse with Lynx instead of using a standard browser.

Then you make their job even easier since you are the only person within a 500 mile radius of your geolocation to still use Lynx. ¯\_(ツ)_/¯


>Might as well just browse with Lynx instead of using a standard browser.

I've had good experiences with W3M. It's similar to Lynx but much more user friendly and supports images.


>> You don't need Tor to do this. Tor is slow and frustrating. > I use a heavily-modified Firefox instance...

So do I and it is slow and frustrating too.


I don't seem to suffer from slowness with my FF setup. My home connection is 400Mbit/50Mbit unlimited. I surf heavily/code/SlingTV all the time. I also keep a similarly locked-down instance of Vivaldi on hand for email and banking only. Everything else goes through FF or OpenSSH.


As I said earlier in another comment: In that setup your browser fingerprint alone is enough to uniquely identify you, and it doesn't protect you from tracking by the first-party domains themselves.

For speed, yes, that's the cost of having your traffic go through a 3 relay circuit, but Tor is much faster now than it used to be.


I found ScriptSafe a lot easier to use on Chrome, didn't realise Firefox had one too. What are your thoughts on ScriptSafe vs. NoScript + uMatrix?


isn't it a little bit naive to pump all of your internet traffic through a browser created by google if you're interested in restricting online tracking by corporations like google?


Ooh I should have provided more context. I only use Chrome for development and when I can't for the life of me figure out which addon in firefox is breaking the page.

FWIW, I still use SS on chrome, now that firefox has SS I can hopefully just use purely FF for browsing and just have a different profile with minimal addons. I'd still have to have chrome for development though.


What's funny is I've been using Chrome heavily for development, but I'm moving more and more towards Firefox. Not sure why, but Chrome has been chugging really hard on loading GitHub PRs for me, whereas it's smooth as butter on FF...


ScriptSafe is light years better and easier IMHO than NoScript. NS tends to break most sites, whereas SS doesn't.


Where do you host your review Raspberry Pi?


Most of the time in the Netherlands. Sometimes in Texas with IT friends. We do VPN sharing and passthroughs to mix it all up. Hence my wanting to set up more permanent solution like hosted, heavily VPN'd remote desktops with revolving IP addresses changed with a cron job. but one standard set maintenance port that never changes and likewise never used for joyriding. That IP would be accessed via OpenSSH authenticating to Radius/Kerberos.


The innovations that make trackers possible are:

- browsers cache results

- cookies

If you do neither of these things trackers become much harder to implement.


I think this list is missing:

- HTML5 "local storage"

- Plugin detection

- Javascript (particularly xml-rpc)

- fetching embedded content based on a URL (images, movies, css, javascript, ...)

- Hidden frames and/or WebRTC - can scan your local network

There are probably more.

[Edited: Updated to clarify that local network scanning can be done with hidden frames or WebRTC. A followup comment from me gives a public example of how]


It is my impression that most of the tracking happens through "tracking pixels" or 1x1 images, usually with 0 alpha so they're transparent... and cookies.


Do you have any more information on the local network scanning?


Not sure if this is what grandparent is referring to, but DNS rebinding[0] is what springs to mind.

It's simultaneously kind of smart and also really stupid. Basically, you give a valid 3rd-party domain multiple IPs, one of them normal and one of them resolving to a local IP. Then you cut off the normal one and the browser just allows you to make calls to whatever local interface you want.

There was a good defcon video about this a while back[1]. It's a much bigger problem than most people realize. This is why it's good practice to have at least some security around devices even if they're only connected to your LAN.

[0]: https://www.twistlock.com/2018/02/28/dear-developers-beware-...

[1]: https://www.youtube.com/watch?v=stnJiPBIM6o


Here is an example. Start at https://mycloud.com/setup.

Load the web inspector, find and read scanner.js. The Javascript isn't minimized and there are some comments.


Evercookie[0] was state of the art in 2009. That's centuries ago in Internet time - and it doesn't even include fingerprinting. Cache and cookies are just a small part.

[0] https://samy.pl/evercookie/


Honest question why wouldnt i let them track me? Arent there a bunch of benefits to being tracked too?


Care to name some benefits?

I don't want to be tracked because information gathered can and will be used in ways I don't expect. Websites will game me on pricing, etc based on where I've been on their site and other sites. I could easily fall into a filter bubble, where I am only given results based on previous preferences. I would have zero control over the information gathers regarding my habits, and any conclusions they make based off of this data. And it will get stolen. And it will be used against me.

So I take as many steps as I can to prevent websites from tracking me.


>Care to name some benefits?

Improved ad targeting may increase revenue for the website, and will improve ad relevance for the end-user. This was historically seen as a win-win; particularly if it allows a service to remain free to use.

I often get ads for programming IDEs, which I don't mind that much. I'd rather have them than beauty products, or other irrelevant items.

Not that it's actually possible to discuss the pros and cons of targeting anymore. It's become a religious issue to too many people.


Not to imply that there aren't strong feelings around the subject, but don't you think calling it a "religious issue" might preemptively poison discussion a bit?


I am being downvoted quite heavily for asking the question so i would say it is pretty religious.


how do you downvote on HN ?


There's a karma threshold before you're granted the ability. 500 karma, maybe?


I agree it might have been too snippy, but I was hoping to offer pause before somebody jumped in to explain how black and white the issue really is.

I hope that addressing these strong feelings may help temper the issue, rather than poison it.


> It's become a religious issue to too many people.

Indeed. I tried to give a very clear and non-provoking answer to a very clear question in a sibling comment but still get downvoted to oblivion.


> will improve ad relevance for the end-user.

Do you really believe that people actually care about how relevant they are? Because I'm pretty sure they don't and most of all, that's not what they want while browsing the web.


> This was historically seen as a win-win;

'Historically' this wasn't seen as possible. Presently, it's become incredibly creepy and intrusive.

I don't want to see any ads, let alone have entire networks of ad providers keep track of everything I do in an attempt to be the first to help themselves to the contents of my wallet.


Websites can fund themselves with ads without having to track everything you do. One idea might be to tailor ads on a particular page to the content on that page. Obviously the reader is interested in the content, else they wouldn't be right there looking at it.


I agree this is a good approach, though it's not always possible. It works great for community's like reddit which are interest-based. It isn't so helpful for news websites that cover local events.


Local news works fine with local ads placed by an editor, sourced by some business folk, etc. I think we have engineered everything to the point where things are just worse from a pleasure perspective, though perhaps better in fiscal terms. Now we are designing ads algorithmically based on huge datasets of previous ads and some hacked together generator code. It’s getting worse.


Newspapers and TV channels have functioned for years without tracking everything you do when they use ads. The idea that we NEED tracking or the entire advertising ecosystem collapses is stupid.


>Newspapers and TV channels have functioned for years without tracking everything you do when they use ads.

Different medium, different market.

>The idea that we NEED tracking or the entire advertising ecosystem collapses is stupid.

Nobody made that claim. I said it may increase revenue for the website, and will improve ad relevance for the end-user.

This is exactly the "black and white" arguments I was talking about.


> Care to name some benefits?

The benefit for me personally is being presented with ads based on retargeting. I have found many interesting products and services I wouldn't otherwise have seen. The ads on Facebook are my personal recommendation system.


So thats just not my experience. I dont care about being tracked as i want things to be as relevant to me as possible. The only downside i can see is getting your identity stolen and missused in ways that hurt me, but other than that i dont know what specific downsides you are talking about.

Filterbubbles are easy to get out of ( just dont rely on one source) you dont avoid them just because you arent tracked.


People fundamentally like their privacy. It's the same reason why you lock the bathroom door or have curtains on your windows.


I don't think that analogy holds cause you are using the internet and your phone and that's certainly easy to track for the isp's and the phone companies and the NSA if you want to get really paranoid there.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: