Ancestors

Toot

Written by jeffhykin@lemm.ee on 2024-09-22 at 15:21

Question: Random Browsing Tools (Dilute and Confuse)

https://lemm.ee/post/42959859

=> More informations about this toot | More toots from jeffhykin@lemm.ee

Descendants

Written by refalo@programming.dev on 2024-09-22 at 15:39

Just FYI You would have to be using the same exact browser configuration you normally browse with, otherwise the fingerprint it uses will be different.

=> More informations about this toot | More toots from refalo@programming.dev

Written by jeffhykin@lemm.ee on 2024-09-22 at 16:00

Yeah, cookies, account logins, and other stuff make it hard too. Ex: randomly exploring gmail emails at different times of day, but not actually marking emails as read.

=> More informations about this toot | More toots from jeffhykin@lemm.ee

Written by refalo@programming.dev on 2024-09-22 at 16:40

Right, even the most secure/private browser cannot help opsec failures… if only one person visits the same website(s) at the same time every day, you are not anonymous.

=> More informations about this toot | More toots from refalo@programming.dev

Written by Lemongrab on 2024-09-22 at 22:08

Except for shared unique similarities. Fingerprinting designers know “not all data is good data” and will then filters for hardware or software similarities cross-browser.

=> More informations about this toot | More toots from Lemongrab@lemmy.one

Written by refalo@programming.dev on 2024-09-22 at 22:28

What is a “shared unique similarity”? Sounds a lot like something that isn’t unique to me…

=> More informations about this toot | More toots from refalo@programming.dev

Written by Lemongrab on 2024-09-22 at 23:15

Unique to you, shared between your different browsers.

=> More informations about this toot | More toots from Lemongrab@lemmy.one

Written by The 8232 Project on 2024-09-22 at 16:25

Having your browser lie about every detail is anonymous, but not k-anonymous. i.e. Nobody will know who you are, but your browser fingerprint is unique and so you will not blend in with everyone else. The Tor Browser and Mullvad Browser try to be k-anonymous, so everyone looks the same. Brave Browser is an interesting case where all fingerprint data is randomized, so you are not by definition k-anonymous, but you do blend in with all other Brave users in that it is all randomized in the same way for everyone.

=> More informations about this toot | More toots from Charger8232@lemmy.ml

Written by refalo@programming.dev on 2024-09-22 at 16:38

I would be very careful about saying Tor/Mullvad/Brave are anywhere near approaching k-anonymity… Tor Browser cannot even hide your real OS when queried from javascript, and there are current ways to detect all of those browsers independently.

I think one problem is that most people’s (general non-tech population) browser setups are completely bone-stock, and so by definition “random like everyone else” is likely already excluding all the stock users and placing you in a much smaller box to compare against.

=> More informations about this toot | More toots from refalo@programming.dev

Written by The 8232 Project on 2024-09-22 at 16:43

I would be very careful about saying Tor/Mullvad/Brave are anywhere near approaching k-anonymity

I agree, but it’s the best we have so far. If you take some time to sit down and think about it, a lot of the problems with internet privacy can’t be fixed without a complete overhaul of our existing systems.

Tor Browser cannot even hide your real OS when queried from javascript

This is true, but the exception is Tails which lies about being Windows.

=> More informations about this toot | More toots from Charger8232@lemmy.ml

Written by refalo@programming.dev on 2024-09-22 at 17:47

Are you saying Tails has a custom fork of TBB that spoofs the OS? Do you have a link to that patch?

=> More informations about this toot | More toots from refalo@programming.dev

Written by The 8232 Project on 2024-09-22 at 17:50

Tails is an operating system. Try booting into Tails yourself and use various websites to see what I’m talking about: All of them report your operating system to be Windows, despite Tails being based on Debian.

=> More informations about this toot | More toots from Charger8232@lemmy.ml

Written by refalo@programming.dev on 2024-09-22 at 22:11

Tails is an operating system

Yes, and it comes with Tor Browser, which normally does not spoof your OS when probed via javascript (only the user-agent), that is why I asked if you had a patch to the source code, which is what they would have to be using in order to do what you’re saying.

But as it stands, I am not able to verify your claims, as Tor Browser on Tails 6.7 is still showing the true OS via javascript queries for me:

0x0.st/XYZF.png

=> More informations about this toot | More toots from refalo@programming.dev

Written by Deckweiss@lemmy.world on 2024-09-22 at 18:18

I wish I knew how tails does it so that I could make my Linux do it as well.

=> More informations about this toot | More toots from Deckweiss@lemmy.world

Written by Lemongrab on 2024-09-22 at 22:06

Lying about your host OS does nothing to protect against OS fingerprinting. Your OS can still he determined through the differences in how each OS renders and handles the Browser, and underlying architectural differences between browsers on each OS.

=> More informations about this toot | More toots from Lemongrab@lemmy.one

Written by guillem@aussie.zone on 2024-09-23 at 00:19

There’s a page somewhere that, if you allow it to, opens hundreds of tabs in the background pointing to a bunch of lifestyle and commercial sites so your shadow profile ends up looking nothing like you. I will try to find it again.

=> More informations about this toot | More toots from guillem@aussie.zone