Unlock Origin, Ghostery, and what else? Scriptmonkey maybe?
They’ll stop it.
Ooooh, no they won’t stop this. It’s the workaround for tracking with all the things you just mentioned.
You have to either mask the fingerprint like how Brave does, or spoof the headers and block JS to make the fingerprint useless.
If that’s what it takes. It’s worth it.
Nope. Try Creep.js. It is real creepy.
Daily plug for Cromite, which is explicity built for anti-fingerprinting (through not just blocking, but spoofing and stripping systems out) and de-Googling:
Just in time for their prophet, Curtis Yarvin, to be pushing a full-scale surveillance state!
Googlers aren’t on our side. They want to rule. They think being a fucking admin on a server makes them cut out to run society.
They want to tear down democracy and basically replace it with administrator rules and access control lists.
Googlers aren’t on our side
They never were, out interests just aligned while they were growing market share. They have that now, so there’s no more reason to stay aligned.
Corporations aren’t your friend, but they can be momentary allies. People should’ve bailed once IE was dethroned, but here we are…
Great read from Tuta on thia topic. It’s been an issue for a while but Google going full force publicly on it causes this issue to grow greater.
I left a comment replying to someone further down about how this can be at least a little combatted and how it is with browsers. (At least to my minimal knowledge of it)
I just wish Tuta put more effort into their product than their marketing.
I noped out because of them not letting me have any control over my emails outside of asking them for a dump. But reading the support reddit is just brutal.
Do you have a link for those reviews of Tuta email?
I personally have never used them. I use Proton myself (despite some news) and haven’t had any issues. I’ve heard Tuta is also great but I think one of the cons of privacy mail is that they’re not going to be nearly as polished as the big players like Gmail or outlook.
@misk I think your federation software is broken. In Mastodon, the urls in your posts just lead back to themselves every time, not out to an external article.
I’m not sure if you’ll get this reply @mighty_orbot@retro.pizza, but here’s the link visible from Lemmy itself: https://tuta.com/blog/digital-fingerprinting-worse-than-cookies.
Your method of accessing this Lemmy community seems not to be working on your side somehow. You might try a different app - I’ve never used Mastodon so I don’t know what might work.
@OpenStars That was my point. I can open the post on its own server and see it as intended. But the federation part of the Lemmy (?) software is clearly not generating the right data.
@mighty_orbot@retro.pizza
What I mean is, the link in a Lemmy community when viewed from a Lemmy instance works just fine. So it’s not broken at that level.
I can’t speak to how it comes across to Mastodon, or your particular method of access to that, as you showed in your screenshot. In general, instances running the Mbin software seem to work better to access both Lemmy and Mastodon, but overall communication between Mastodon and Lemmy seems not perfect, as you said.
@mighty_orbot @misk I’m using Friendica. From here, the links are normal. As it’s also not Lemmy, I guess it’s a Mastodon-specific (or even instance-specific) problem.
@mighty_orbot@retro.pizza @misk@sopuli.xyz same thing happens for me, i use sharkey on my instance (misskey fork) and i have to go to that linked post and click the link there to access it
Sir, this is a Lemmy’s.
It’s all Fediverse. You can follow things on lemmy on mastodon and vice versa and so on.
I’m aware but the degree of compatibility differs. Lemmy to Mastodon is pretty smooth but subOP is using some different microblogging platform it seems.
I loled
PiHole
AdAway
Burn the ads down.
Sadly, neither will truly protect you from fingerprinting.
Like, why not? The article says:
“And this is exactly why Google wants to use digital fingerprinting: It is way more powerful than cookie-based tracking, and it can’t be blocked for instance by switching to a privacy-first browser.”
If I use Firefox and Firefox doesn’t send any fingerprint to the website, then how is it identifying me?
I get that if you use Android (which is normally tied to Google), you’re still subject to see it on Google websites, but how will it work otherwise?
This website explains it: https://pixelprivacy.com/resources/browser-fingerprinting/
Basically you send your user agent, browser and OS configuration like screen resolution, your primary system language, timezone, installed plugins and so forth as you browse the internet. Not so easy to block. In fact, avoiding fingerprinting 100% is almost impossible, because there are so many configurations. It is hard not be somewhat unique. Still there are ways to minimize the identifying information. Using Firefox, this is what you might want to read: https://support.mozilla.org/en-US/kb/resist-fingerprinting. Note, though, that even there it says that such techniques can “help prevent websites from uniquely identifying you”, not prevent it entirely.
Sure, but look at it this way. Fingerprints are benefiting the advertisers, and their purpose is to better target ads. Well I say fingerprint the hell out of everything, but I’ll make sure no ads get through. If we all do that, what’s the added value of fingerprinting then?
Sure. You can still be profiled, though. That can open doors for discrimination or other unsavory agendas. One also loses a measure of anonymity. Users don’t clearly see how and know that they are tracked, meaning there’s a loss of transparency.
It’s not just about ads.
And yet the normie still has nothing to hide…
Adult People accepting these material conditions disgust me.
But as society we got what we deserve, get fucked by daddy and asking for secondd because convenience and you can’t expect a pleasant to have any agency
Not sure why youre being downvoted your not wrong. The peasants need to sack up and help dismantle this shit
These statements appear to be insulting to them?
However, clearly politely explaining shit to them doesn’t work so I am just shit posting until I am dead or we hit critical mass of freedom enjoyers which one comes first.
Good thing I erased Google out of my life a decade ago meaning I can much easier block even more of their everywhere present garbage and not have issues.
Dropped your 👑, king
Beware, the current administration might send you to Gitmo if you don’t kneel to King Trump!
Ditching gmail remains one of the best choices I’ve made in years.
What did you switch to?
Our work is switching from them and god damn they are so good at things though. I always disliked labels but the layout is top tier.
But yeah they are awful people
You’d THINK the article would link to a source about the fingerprinting in question instead of 90% filler slop and ads for their own service… Anyone got a link?
What is it you’re looking for? Do you want to know what kinds of information is used for fingerprinting?
If so, check out coveryourtracks.eff.org and amiunique.org.
I’m aware of fingerprinting techniques, thank you. The article is claiming that Google will start using some of those and I’m looking for the source for that claim, hopefully with specifics about which techniques are involved. Confusingly, the article does not appear to provide such a source.
Thanks – that’s an announcement about policy updates. I already read it and it says nothing about fingerprinting. The only change to underlying technologies it mentions is the use of e.g. trusted execution environments (the doc for which, per a further link, is in fact on github). Those seem to claim that they let announcers run ad campaigns through Google ads while keeping their campaign data provably locked away from Google. So, basically, all these links are about purported “privacy-enhancing” techs, and you’d be forgiven for taking that with an enormous grain of salt, but either way, nothing in there about fingerprinting.
The Guardian article basically paraphrases the Tuta one – or it’s the other way around, maybe – but does also not provide actual sources.
I just want a source on what fingerprinting Tuta is claiming Google will start using. I feel like the details of the purported fingerprinting techniques should be front and center to this discussion and I’m frustrated that the article entirely fails to provide that info.
Yeah I also looked into it and there seems no concrete information on that, just speculation about the policy change, like this one:
“While Google doesn’t explicitly state that IP addresses and other fingerprint methods are now allowed, the Privacy Disclosure section of Google’s February 16th Platforms Program Policies now explicitly mentions ‘cookies, web beacons, IP addresses, or other identifiers.’”
When you dive into it, it does look more like companies that sell encryption and VPNs taking some potential danger and blowing it out to get more subscribers.
Further evidence that a Republican government in the USA results in private organisations pushing the bar as far as they can.
In Reagan’s time it was Wall Street. Now it’s Silicon Valley.
You want private organisations working for your benefit and not that of their shareholders? You need a government that actually has the gumption to challenge them. The current US government is 4 years of a surrender flag flying on the white house.
Or we could bin off this fucking failed neoliberal experiment, but that’s apparently a bit controversial for far too many people
Having the gall to suggest we not allow less than 3000 people to own all of the worlds supply lines, media platforms, institutional wealth, construction companies, dissemination platforms, politicians, private equity firms and the single largest interconnected (private or otherwise) espionage and social engineering plot known to mankind?
You fucking tanky you! Go back to Russia!!!
Digital fingerprinting is a method of data collection – one that in the past has been refused by Google itself because it “subverts user choice and is wrong.” But, we all remember that Google removed “Don’t be evil” from its Code of Conduct in 2018. Now, the Silicon Valley tech giant has taken the next step by introducing digital fingerprinting.
Oh, forgot to mention - we’re evil now. Ha! Okay, into the chutes.
Google removed “Don’t be evil”
Still parading that lie around? It’s easily verified as false. Their code of conduct ends with:
And remember… don’t be evil, and if you see something that you think isn’t right – speak up!
So I guess for Firefox users it’s time to enable the resist fingerprinting option ? https://support.mozilla.org/en-US/kb/resist-fingerprinting
Why does it do this?
- Math operations in JavaScript may report slightly different values than regular.
PS grateful for this option!
Some math functions have slightly different results depending on architecture and OS, so they fuzz the results a little. Here’s a tor issue discussing the problem: https://gitlab.torproject.org/legacy/trac/-/issues/13018
But one question I’ve been asking myself is : then, wouldn’t I be fingerprinted as one of the few nerds who activated the resist fingerprinting option?
Just use Tor browser if you want to blend in. Some sites will probably not work, and I don’t suggest accessing banks with it, but it works well for regular browsing.
Yes. But it’s better than being identified as a unique user which is much more likely without it. You can test it yourself on https://amiunique.org/fingerprint
Does ublock do this?
No
I’ve used this. The only annoyance is that all the on-screen timestamps remain in UTC because JS has no idea what timesone you’re in.
I get that TZ provides a piece of the fingerprint puzzle, but damn it feels excessive.
And automatic darkmode isn’t respected, and a lot of other little annoyances. That’s why this is so difficult. These are all incredibly useful features we would have to sacrifice for privacy.
Dark mode can be recreated using extensions, although the colors most likely won’t be as legible as “native support”.
I don’t see why a similar extrnsion couldn’t change the timezones of clocks.
Additionally, I don’t see why the server should bother with either (pragmatically) - Dark mode is just a CSS switch and timezones could be flagged to be “localized” by the browser. No need for extra bandwidth or computing power on the server end, and the overhead would be very low (a few more lines of CSS sent).
Of course, I know why they bother - Ad networks do a lot more than “just” show ads, and most websites also like to gobble any data they can.
Wait is that why my Firefox giving me errors when I try to log into websites with 2FA?
You can also use canvas blocker add-on.
Use their containers feature and make a google container so that all google domains go to that container.
If you want to get crazy, in either set in about:config or make yourself a user.is file in your Firefox profile directory and eliminate all communication with google. And some other privacy tweaks below.
google shit
user_pref(“browser.safebrowsing.allowOverride”, false); user_pref(“browser.safebrowsing.blockedURIs.enabled”, false); user_pref(“browser.safebrowsing.downloads.enabled”, false); user_pref(“browser.safebrowsing.downloads.remote.block_dangerous”, false); user_pref(“browser.safebrowsing.downloads.remote.block_dangerous_host”, false); user_pref(“browser.safebrowsing.downloads.remote.block_potentially_unwanted”, > user_pref(“browser.safebrowsing.downloads.remote.block_uncommon”, false); user_pref(“browser.safebrowsing.downloads.remote.enabled”, false); user_pref(“browser.safebrowsing.downloads.remote.url”, “”); user_pref(“browser.safebrowsing.malware.enabled”, false); user_pref(“browser.safebrowsing.phishing.enabled”, false); user_pref(“browser.safebrowsing.provider.google.advisoryName”, “”); user_pref(“browser.safebrowsing.provider.google.advisoryURL”, “”); user_pref(“browser.safebrowsing.provider.google.gethashURL”, “”); user_pref(“browser.safebrowsing.provider.google.lists”, “”); user_pref(“browser.safebrowsing.provider.google.reportURL”, “”); user_pref(“browser.safebrowsing.provider.google.updateURL”, “”); user_pref(“browser.safebrowsing.provider.google4.advisoryName”, “”); user_pref(“browser.safebrowsing.provider.google4.advisoryURL”, “”); user_pref(“browser.safebrowsing.provider.google4.dataSharingURL”, “”); user_pref(“browser.safebrowsing.provider.google4.gethashURL”, “”); user_pref(“browser.safebrowsing.provider.google4.lists”, “”); user_pref(“browser.safebrowsing.provider.google4.pver”, “”); user_pref(“browser.safebrowsing.provider.google4.reportURL”, “”); user_pref(“browser.safebrowsing.provider.google4.updateURL”, “”);
I use (and love) Firefox containers, and I keep all Google domains in one container. However, I never know what to do about other websites that use Google sign in.
If I’m signing into XYZ website and it uses my Google account to sign in, should I put that website in the Google container? That’s what I’ve been doing, but I don’t know the right answer.
Yes, that’s right. Also seriously consider ditching Single
StalkSign On entirely.
This is why I like Lemmy, never knew canvas blocker was a thing. Thank you.
Or Mullvad Browser, which is just the Tor Browser without Tor.
There’s also IronFox on Android which is more similar to LibreWolf than MV Browser.
I’m still trying to wrap my head around fingerprinting, so excuse my ignorance. Doesn’t an installed plugin such as Canvas Blocker make you more uniquely identifiable? My reasoning is that very few people have this plugin relatively speaking.
Maybe if they can connect you to your other usage but it’s probably more of their resources and such a small % of the population that it isn’t worth the time to subvert? Idk just guessing here
Iirc, Websites can’t query addons unless those addons manipulate the DOM in a way that exposes themselves.
They can query extensions.
Addons are things installed inside the browser. Like uBlock, HTTPS Everywhere, Firefox Containerr, etc.
Extensions are installed outside the browser. Such as Flashplayer, the Gnome extensions installer, etc.
Privacy Badger anyone?
But does privacy badger also act on the canvas APIs & cie. ?
It annoys me that this is not on by default…
It’s a nice feature for those that actively enable it and know that it’s enabled, but not for the average user. Most people never change the default settings. Firefox breaking stuff by default would only decrease their market share even further. And this breaks so much stuff. Weird stuff. The average user wants a browser that “just works” and would simply just switch back to Chrome if their favourite website didn’t work as expected after installing Firefox. Chrome can be used by people who don’t even know what a browser is.
I know nothing, but isn’t some pieces of Google software to be found on many sites that aren’t Google or YouTube?
Yes, mainly Analytics, sometimes Maps.
Yes, a lot of websites embed Google Analytics, or more nefariously Google Fonts.
And recaptcha. And Google-hosted Javascript libraries. And youtube embeds.
Yeah, I have an anti fingerprint extension installed in Firefox, and immediately no Google site will work anymore, all google sessions break with it while most other sites just continue to work.
I’m working to rid myself completely from Google, my target being that I will completely DNS block all google (and Microsoft and Facebook) domains within a year or so. Wish I could do it faster but I only have a few hours per weekend for this
Mind sharing what extension you use?
Hi, here are the extensions I use in FireFox/Librewolf (all will work in Chromium too, but I don’t recommend Chromium browsers):
Privacy and Security-focused
uBlock Origin: A lightweight and efficient wide-spectrum content blocker.
Decentraleyes: Protects you from tracking through free, centralized content delivery.
CanvasBlocker: Protects your privacy by preventing websites from fingerprinting you using the Canvas API.
Ghostery Tracker & Ad Blocker - Privacy AdBlock: Blocks trackers and ads to protect your privacy and speed up browsing. Also has a handy feature that automatically rejects cookies for you.
KeePassXC-Browser: Integrates KeePassXC password manager with your browser.
NoScript: Blocks JavaScript, Flash, and other executable content to protect against XSS and other web-based attacks &**(note: you will be required to manually activate javascript on each web page that you visit, but this is a good practice that you should get used to).
Privacy Badger: Automatically learns to block trackers based on their behavior.
User-Agent Switcher and Manager: Allows you to spoof your browser’s user-agent string.
Violentmonkey: A user script manager for running custom scripts on websites (allows you to execute your own JavaScript code, usually to modify how a website behaves or block behavior that you don’t like. VERY useful. Check out greasyfork for UserScripts).
Other useful extensions (non-privacy/security)
Firefox Translations: Provides on-demand translation of web pages directly within Firefox.
Flagfox: Displays a flag depicting the location of the current website’s server.
xBrowserSync: Syncs your browser data (bookmarks, passwords, etc.) across devices with end-to-end encryption.
Plasma Integration: Integrates Firefox with the KDE Plasma desktop environment (for linux users).
How do these extensions work with ubo?
On a different note. Your name used to be my nickname lol thanks for that memory.
They work well on desktop and mobile (firefox). As the other replier stated, you may want to avoid using multiple ad blockers (decentraleyes, privacy badger, and ghostery) alongside UBlock; and NoScript’s functionality can be achieved with UBlock.
Lol the name came from a ironscape clan member from my osrs days. I don’t suppose that’s you?
Nope. Just a fan of South Park.
Port Authority is a good one too, I think. Need to check that it is still maintained.
Thanks for the list! Although most of the time it’s advised to not use multiple adblocker in tandem, because they might conflict with each other and get detected by the website. For example, uBlock origin has, in its settings, an option to disable JavaScript and in the filter list, an option to block cookie banners “Cookie notices”. But if all of these work for you that’s great!
“Decentraleyes” is such a good game, damn!
What search engine do you use?
So, manifest v3 was all about preventing Google’s competitors from tracking you so that Google could forge ahead.
The fewer of your competitors who have the data the more valuable that data is.
