Skip Navigation

N.E.P.T.R

@ Neptr @lemmy.blahaj.zone

帖子
8
评论
498
加入于
1 yr. ago

I'm the Never Ending Pie Throwing Robot, aka NEPTR.

Linux enthusiast, programmer, and privacy advocate. I'm nearly done with an IT Security degree.

TL;DR I am a nerd.

  • Exe in a bottle

    跳过

  • Yeah okay.

    My logic was that it is much more likely that someone will spoof there useragent already if they are on Linux. If threat actor is targeting not just Windows but also Linux, they probably would understand the very real likelyhood of platform spoofing.

  • Ironfox doesn't have privacy.resistfingerprinting set to true in about:config?

    跳过

  • Maybe consider enabling RFP for private browsing. Is letterboxing enabled?

  • Ironfox doesn't have privacy.resistfingerprinting set to true in about:config?

    跳过

  • Ok, might want to make that more clear under the section about issues inherited from Mull which still mentions RFP.

    Your explaination seems sound.

  • Which browser do you use and why?

    跳过

  • To a slightly lesser extent, Id also suggest avoiding noscript for the same reason. uBlock Origin can do everything that NoScript can and NoScript contributes as a metric to create your overall fingerprint. If need strong protection against fingerprinting, use Mullvad or Tor Browser. Use Librewolf if you need to customize, or want to change the defaults.

  • Exe in a bottle

    跳过

  • That isnt a great defense against malware "imho". Security through assuming the threat actor is lazy is just not security. It doesnt take like any effort on their part to just use some off-the-shelf OS fingerprinting code. It isnt worth it either because it contributes to your overall fingerprint, since normal RFP users have a standardized useragent for Windows and Linux separately.

  • Exe in a bottle

    跳过

  • Firstly there is no need to be condescending.

    Secondly, do you block all JS? NoScript is not a silver bullet and doesnt stop fingerprinting, it is itself identified by the CreepJS test site. It may in this case reduce the chance of OS fingerprinting, but pure CSS methods exist as well.

    Additionally, NoScript is laregly redundant with uBlock Origin since you can do everything that it offers, such as blocking 3rd party scripts/iframes/all, block fonts, block JS, and it is very granular.

    Bottom line, you are fingerpintable.

  • Exe in a bottle

    跳过

  • It is trivial to identify OS platform because browser work differently on each platform. Wjat Librewolf does with useragent on Linux actually is makes users stand out more because it isn't what privacy.resistFingerprinting (RFP) reports on normally.

    Hackers (like the comment scenario i was responding to) are substantially more likely to employ platform fingerprint than trust a fale useragent. And loads general websites employ fingerprinting, meaning deviation from default RFP behaviour makes you stand out (more than you already do by using RFP since it is a small pool already).

  • Exe in a bottle

    跳过

  • You can lie, but that doesnt mean that a website cant still tell your base OS if they use JS platform fingerprinting. Arkenfox, the base config which Librewolf is based off of says the exact same thing. Go to CreepJS and see it get your platform regardless.

  • Exe in a bottle

    跳过

  • Except websites can tell what base OS you run using browser fingerprinting. It os impossible to lie aboit your OS because of the differences in platforms.

  • Which browser do you use and why?

    跳过

  • No, because the Mozilla's new policy doesnt apply to forks.

  • Which browser do you use and why?

    跳过

  • The fingerprint protections in Librewolf already protect against canvas fingerprinting. You actually make ourself stand out even mkre by using it. Even with RFP disable, ETP still protects against canvas fingerprinting.

  • Ironfox doesn't have privacy.resistfingerprinting set to true in about:config?

    跳过

  • Idk why, it doesnt say anything on their gitlab about changing that. Maybe it is a problem with the build process? I remember on Mull a couple months ago i did a clean install and RFP was disabled. You can just enable it if you want.

  • How important is it to verify a signature (of say Mullvad Browser)?

    跳过

  • It is important if you care. They sign releases with the same Tor Browser key. Instructions are found on this page: https://mullvad.net/en/help/verifying-mullvad-browser-signature

    You need 2 files (both are on the download page):

    • Browser file
    • Signature file

    The basic process is as follows:

    1. Obtain signing key.
    2. Verify browser using signature file.

    Note: Ignore warning about the key not being signed with a trusted key (we skip an unnecessary step for a begineer walkthrough)

    You can double check everything I said by looking at their instructions.

  • Which is best at mitigating browser fingerprinting? Firefox (with or without arkenfox)? Librewolf? Mullvad browser?

    跳过

  • Technically, the best way to blend in is to avoid changing the behaviour much from the default. I would still advise the below settings because they do improve your security, and anti-fingerprinting against naive first-party fingerprinting scripts (all 3rd party scripts/iframes should be blocked, see below: uBlock Medium/Hard). If you need protection against advanced fingerprinting use Tor/Mullvad browser.

    uBlock:

    • Change uBlock blocking mode to Medium or Hard using the instructions on their Github wiki. Can cause site breakage on shitty websites (eg sites that import large JS libraries from remote sources). It is a substantial improvement over default, see the wiki for medium mode: https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode
    • Enable filterlist Privacy>Block Outside Intrusion to LAN (Access to LAN is used to fingerprint or by threat actors during reconnaissance phase of hacking)
    • Consider enabling other filterlists included in uBlock. Try to minimize enabling extra lists from the default to avoid further fingerprinting.

    Librewolf:

    • Enable limiting of referrers under LibreWolf Preferences>Privacy>Limit cross-origin referers
    • Enable letterboxing under LibreWolf Preferences>Fingerprinting>Enable letterboxing

  • Which is best at mitigating browser fingerprinting? Firefox (with or without arkenfox)? Librewolf? Mullvad browser?

    跳过

  • For me, no matter how good their browser is, I ain't going to use it. If someone forks it to remove the BAT crypto nonesense id consider using it. I've been tempted to compile chromium from source and just add brave-core content/fingerprint blocking. Ideally, any fork would maintain the same general fingerprint with brave.

    For now, Cromite is the way to go in-terms of hardened Chromium with built-in adblocking and without Google nonesense. The only downside is their choice to use Adblock Plus engine, but this is for the technical reason that engine is inferior to uBlock Origin and Brave Shields. The inclusion of ABP doesn't effect privacy (ik people will understandably mention the ABP scandal) because they forked ABP and use custom filter lists, which is still a very good benefit above vanilla Chromium.

  • I am finally 100% open source

    跳过

  • It is recommended for activists, but it really can be for anyone. It is basically just Android and your grandmother could daily drive it about as well as any other Android OS. It's solid, security hardened, gives extra security toggles, and extends device longevity past being made ewaste by EOL. I was hesitant at first to use it, especially given its cult-ish community, but it really has "just worked".

  • 已删除

    Permanently Deleted

    跳过

  • The ones I liked the most was Kusal and Lessac.

  • 已删除

    Permanently Deleted

    跳过
  • 已删除

    Permanently Deleted

    跳过

  • Small frame phone, privacy respecting

    跳过

  • I do agree that smartphone have gotten too large to be reasonably comfortable.