Now this is Scarey
- TwoTankAmin
- Keeps coming back
- Posts: 777
- Joined: 2014-07-23, 13:56
- Location: New York
Now this is Scarey
I just finished reading this article. The result is I now wonder why it really matters what browser any of us use? What might make any of the alternative browsers any safer or protective of ones privacy if what this Ars Technica article says is true?
Now sites can fingerprint you online even when you use multiple browsers
Online tracking gets more accurate and harder to evade.
Dan Goodin - 2/13/2017, 8:01 PM
https://arstechnica.com/security/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/
I guess what I am asking, is what defense against the above would be possible using Pale Moon, if there is any defense possible. Who among us has never changed a single default setting in a browser?
Now sites can fingerprint you online even when you use multiple browsers
Online tracking gets more accurate and harder to evade.
Dan Goodin - 2/13/2017, 8:01 PM
https://arstechnica.com/security/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/
I guess what I am asking, is what defense against the above would be possible using Pale Moon, if there is any defense possible. Who among us has never changed a single default setting in a browser?
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
Re: Now this is Scarey
TwoTankAmin wrote:I guess what I am asking, is what defense against the above would be possible using Pale Moon
Disable JavaScript. But that, in turn, will break a lot of sites, so it's not exactly a practical solution.Ars Technica wrote:The new tracking technique relies on JavaScript code that's compact enough to run quickly in the background while visitors are focused on a specific task
Nichi nichi kore ko jitsu = Every day is a good day.
- TwoTankAmin
- Keeps coming back
- Posts: 777
- Joined: 2014-07-23, 13:56
- Location: New York
Re: Now this is Scarey
I figured out the Java part. And since the "only use the browser default settings" solution is not practical either, we, the users, are once again forked.
However, I wonder about the Java part. Not being knowledgeable, I wonder if there is a way to identify the Java thingie that runs and then create a block for that? What if one sets Java to ask to run, would one be able see what it is asking to run and block it when it is that?
What I also wonder about is this, I have been online (vie the internet) since late 1998. I do make an effort to block ads and to make tracking me as much work as i am able. I know that I cannot succeed in this effort. However, either I am not worth directing ads at or else my efforts have worked. The one clear trail that relates to me on the net since early 2001 relates to keeping tropical fish. But I never get directed ads related them. Maybe what is known about me is that I never ever click on ads or that all my history usually shows is visits to fish related sites. I also assume that the fewer add-ons and/or apps one has, the less unique you look.
I must be doing something right since my bank regularly requires that I re-identify myself as my device configuration is unfamiliar to them. It happens less than it used to, but it still happens.
However, I wonder about the Java part. Not being knowledgeable, I wonder if there is a way to identify the Java thingie that runs and then create a block for that? What if one sets Java to ask to run, would one be able see what it is asking to run and block it when it is that?
What I also wonder about is this, I have been online (vie the internet) since late 1998. I do make an effort to block ads and to make tracking me as much work as i am able. I know that I cannot succeed in this effort. However, either I am not worth directing ads at or else my efforts have worked. The one clear trail that relates to me on the net since early 2001 relates to keeping tropical fish. But I never get directed ads related them. Maybe what is known about me is that I never ever click on ads or that all my history usually shows is visits to fish related sites. I also assume that the fewer add-ons and/or apps one has, the less unique you look.
I must be doing something right since my bank regularly requires that I re-identify myself as my device configuration is unfamiliar to them. It happens less than it used to, but it still happens.
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
Re: Now this is Scarey
Alas, Java != JavaScript. Setting the Java plugin to "ask to activate" won't prevent JavaScript from running.
PM Commander gives you an easy option to completely disable JavaScript, but the warning there says that "will cripple your browsing experience and make many websites dysfunctional."
If the particular script can be identified, an extension like NoScript should be able to block it. Unless, of course, they incorporated this new tracking technique into a script that is required to run to make the website functional.
PM Commander gives you an easy option to completely disable JavaScript, but the warning there says that "will cripple your browsing experience and make many websites dysfunctional."
If the particular script can be identified, an extension like NoScript should be able to block it. Unless, of course, they incorporated this new tracking technique into a script that is required to run to make the website functional.
Nichi nichi kore ko jitsu = Every day is a good day.
Re: Now this is Scarey
At least, PM's 'canvas.poisondata' feature completely destroys their canvas test.
This alone will ensure a different browser fingerprint ID string every time.
This alone will ensure a different browser fingerprint ID string every time.
Re: Now this is Scarey
I think it underlines that what I've always said comes out to be a smarter approach: By all means, be unique in your fingerprints, and be unique every time -- it works much better than trying to erase your fingerprints to "blend in".
Think of it this way: most browsers try to evade fingerprinting by "putting on the same clothes as others", trying to make one blend in to the masses. The problem is, the people recognizing you as an individual will just ignore the clothes and look for other distinguishing marks instead, like a hat. Which becomes pretty easy if the rest is all the same.
Now compare this with changing your fingerprint every time, meaning you put on different clothes each time (and so do others). Looking over a crowd of people, how easy will it be to spot that unique individual now, even if they wear the same hat as last time?
I hope the analogy makes sense.
So yes, ultimately, making yourself unique, and making yourself unique every time is going to be the best way to fool trackers. How exactly you do that without crippling yourself is a different question, of course, but not in any way more difficult to answer than the question how to blend in without crippling yourself (because using nothing but default settings is crippling too).
Think of it this way: most browsers try to evade fingerprinting by "putting on the same clothes as others", trying to make one blend in to the masses. The problem is, the people recognizing you as an individual will just ignore the clothes and look for other distinguishing marks instead, like a hat. Which becomes pretty easy if the rest is all the same.
Now compare this with changing your fingerprint every time, meaning you put on different clothes each time (and so do others). Looking over a crowd of people, how easy will it be to spot that unique individual now, even if they wear the same hat as last time?
I hope the analogy makes sense.
So yes, ultimately, making yourself unique, and making yourself unique every time is going to be the best way to fool trackers. How exactly you do that without crippling yourself is a different question, of course, but not in any way more difficult to answer than the question how to blend in without crippling yourself (because using nothing but default settings is crippling too).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Now this is Scarey
This is actually nothing new. The crux of what these academics did was WebGL (3D graphics library that's part of PM and other browsers) fingerprinting.
In about:config disable known types of graphics fingerprinting:
webgl.disabled = true
canvas.poisondata = true
Then use this simple Webgl test page to verify it's enabled/disabled.
In about:config disable known types of graphics fingerprinting:
webgl.disabled = true
canvas.poisondata = true
Then use this simple Webgl test page to verify it's enabled/disabled.
Re: Now this is Scarey
WebGL is, however, useful.
Depending on how they read back the rendered image, using canvas.poisondata might already be enough (if it's WebGL in a canvas (which would be the most straightforward way of using WebGL) and the fingerprinter reading out the canvas data to see how it's rendered, poisoning that data will effectively destroy the hashing by making every visit unique).
Depending on how they read back the rendered image, using canvas.poisondata might already be enough (if it's WebGL in a canvas (which would be the most straightforward way of using WebGL) and the fingerprinter reading out the canvas data to see how it's rendered, poisoning that data will effectively destroy the hashing by making every visit unique).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
- TwoTankAmin
- Keeps coming back
- Posts: 777
- Joined: 2014-07-23, 13:56
- Location: New York
Re: Now this is Scarey
I just took a quick look in about:config. I almost never go there and even less often will I try to change, delete or add things. I did a search for both those settings. The canvas.poisondata one is set to true by default and webGl.disable one is set to false.
If I am understanding this all, I should not want to change either of those settings?
Using the internet used to be fun, now it it is becoming mostly a challenge
If I am understanding this all, I should not want to change either of those settings?
Using the internet used to be fun, now it it is becoming mostly a challenge
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
Re: Now this is Scarey
WebGL enable/disable is a personal decision. I have zero need for it, so it's a no-brainer for me to disable it and thus have the peace of mind knowing graphics fingerprinting is blocked.
If any site I come across in the future needs WebGL I can simply paste the URL into Chrome; my recent 27.1 review describes my dual-browser usage.
If any site I come across in the future needs WebGL I can simply paste the URL into Chrome; my recent 27.1 review describes my dual-browser usage.
Re: Now this is Scarey
'Give a man a fish and you feed him for a day; Teach him security on the Internet, and he will be protected against phishing!' - Pale Moon proverb
Yes TTA, You have understood right. You are safe!
Yes TTA, You have understood right. You are safe!
Re: Now this is Scarey
There is something scarier than this. Human chipping.TwoTankAmin wrote:I just finished reading this article. The result is I now wonder why it really matters what browser any of us use? What might make any of the alternative browsers any safer or protective of ones privacy if what this Ars Technica article says is true?
Now sites can fingerprint you online even when you use multiple browsers
Online tracking gets more accurate and harder to evade.
Dan Goodin - 2/13/2017, 8:01 PM
https://arstechnica.com/security/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/
I guess what I am asking, is what defense against the above would be possible using Pale Moon, if there is any defense possible. Who among us has never changed a single default setting in a browser?
This would eventually happen along with the fast development of transhumanist technology and the emergence of cashless society.
Re: Now this is Scarey
Similar topic was discussed there viewtopic.php?f=4&t=12525
Hiding only a browser is useless
http://www.momtastic.com/parenting/4712 ... eek-fails/
I consider that problem is not of the fingerprinting, but of the web usage aggregation. In the meantime its relatively easy to break it with the Pale moon and certain extensions, many times discussed here in the forum. I remind it once more: ublock with enabled Anti-ThirdpartySocial list enbled, in addition to other lists, or similar; decentraleyes as well. Of course you have to stop doing likes on facebook or youtube.
Hiding only a browser is useless
http://www.momtastic.com/parenting/4712 ... eek-fails/
I consider that problem is not of the fingerprinting, but of the web usage aggregation. In the meantime its relatively easy to break it with the Pale moon and certain extensions, many times discussed here in the forum. I remind it once more: ublock with enabled Anti-ThirdpartySocial list enbled, in addition to other lists, or similar; decentraleyes as well. Of course you have to stop doing likes on facebook or youtube.
- TwoTankAmin
- Keeps coming back
- Posts: 777
- Joined: 2014-07-23, 13:56
- Location: New York
Re: Now this is Scarey
I am not now, nor have I ever been nor will I ever register on nor have an account with:
Any social media- FaceBook, Twitter, etc.
Google or any of its parts such as Youtube.
Any app store- never visited one.
I do not use messenger programs/apps and never have.
I mostly do not allow Flash player to run.
I do not now nor have I ever owned a smart phone.
I use Win 7 with all telemetry turned off.
I download very little. My 4+ year old HD shows this: Size 931.41 GB (1,000,097,181,696 bytes) -- Free Space 773.09 GB (830,103,756,800 bytes)
My 8 extensions are mostly for anti-tracking and ad blocking, 3 are for making minor changes to restore a few features removed from FF or P M. The last new one I added was P M Commander when I moved to this browser from FF ver 28 in 2014.
I am not sure what more I can do to protect my privacy except to stop going online at all. That is not an option.
Any social media- FaceBook, Twitter, etc.
Google or any of its parts such as Youtube.
Any app store- never visited one.
I do not use messenger programs/apps and never have.
I mostly do not allow Flash player to run.
I do not now nor have I ever owned a smart phone.
I use Win 7 with all telemetry turned off.
I download very little. My 4+ year old HD shows this: Size 931.41 GB (1,000,097,181,696 bytes) -- Free Space 773.09 GB (830,103,756,800 bytes)
My 8 extensions are mostly for anti-tracking and ad blocking, 3 are for making minor changes to restore a few features removed from FF or P M. The last new one I added was P M Commander when I moved to this browser from FF ver 28 in 2014.
I am not sure what more I can do to protect my privacy except to stop going online at all. That is not an option.
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
Re: Now this is Scarey
I think, online life can be actually very scary, on other hand I like it. Probably because there is an element of danger involved.
- TwoTankAmin
- Keeps coming back
- Posts: 777
- Joined: 2014-07-23, 13:56
- Location: New York
Re: Now this is Scarey
Umm- there is no such thing as life online. If you think online is scary, go join the military, become a police officer, be a fireman. Those things are scarey. Online is an excuse for life, not real life. And computer games are not a sport.....
Online is invasive, that is not scarey until it is too late.
Online is invasive, that is not scarey until it is too late.
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
Re: Now this is Scarey
My rule online is simple, I trust everybody.
You can do everything you can to try to stop bad things from happening to you, but eventually things will happen, so the best prevention is a positive attitude.
But, when in doubt poke it with a stick
You can do everything you can to try to stop bad things from happening to you, but eventually things will happen, so the best prevention is a positive attitude.
But, when in doubt poke it with a stick
Re: Now this is Scarey
This is the smartest thing said in this entire thread.kizo07 wrote:when in doubt poke it with a stick
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
- TwoTankAmin
- Keeps coming back
- Posts: 777
- Joined: 2014-07-23, 13:56
- Location: New York
Re: Now this is Scarey
Poke it with a stick??? Give that a try with a hornet's nest and let me know how well that works for you
When I was a lot younger my father often used to comment that. "The road to hell is paved with good intentions."
When I was a lot younger my father often used to comment that. "The road to hell is paved with good intentions."
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson
Re: Now this is Scarey
Somebody, in Denmark, many years ago, said:TwoTankAmin wrote:to comment that
There are not, either angels or devils, but thinking makes it so. For some it is as prison.