SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Rep:
Quote:
Originally Posted by the3dfxdude
Let's ignore the VPN aspect for a minute. If I disable javascript going to ipleak.net in both firefox and chromium, most of the stuff does not work at all. All that is left is standard HTML request advertising and of course your IP address. They look essentially identical.
Since I don't use a VPN, can you answer this: If you load ipleak.net with javascript disabled in both firefox and chromium, are you saying the chromium leaks your local IP anyway? How? If this has to do with the WebRTC leaks, that seems very much addressable, and irrelevant without javascript.
https://noscriptfingerprint.com/
Well most of the sites require javascript to provide decent experience. But javascript is not needed for tracing see example. There are ways to trace user. VPN with Webrtc leakage is just an example showing that if one bought VPN, then chrome based browsers will not cut. Can you manipulate referer settings in chromium for example?
WebRTC can be easily disabled in FF without messing with javascript. So chrome based browsers are not similar to FF. Most have analytics embedded: as Google Chrome derivatives.
If chromium ungoogled is free of analytics, still it leaks information.
If you like konqueror or seamonkey that is fine. If you want to disable javascript, you can but this will cause problems with a lot of sites.
This page is very interesting to analyze the information your browser "leaks" about you. One of the issues with adding security features or enabling security settings, is that those features makes you more unique. The "goal" should be to look as generic as possible, while having an optimal working browser still, and as many custom features (including security) added as one want.
In my case, somewhat strangely it reported me as Windows 11, which I thought was a good thing, but it actually was a bad thing, because my other result combined with Windows 11, made me even more unique, because I use GNU/Linux, and those results were very abnormal with Windows 11 (but is normal with GNU/Linux).
One of the most revealing features was that I use another search engine than most people use. This was revealed with the "referer" flag. However, this flag is possible to turn off in Firefox about:config..
Code:
network.http.sendRefererHeader 2
This reports to the "next" page I am visiting, the previous page that I came from (with a link on that page). It is possible to set this to 0, to disable sending the referer. However, beware that doing so might possibly create some issues.
Another option that does create issues, but might be worth changing is this one..
The problem with this option is the same as it is meant to protect from, which is a kind of alternate version of "cookies", which is "fingerprinting". In some cases, like cookies, these features might be a good thing, and like with cookies, if you block them, blocking fingerprinting might also lead to some less fortunate results when you browse different pages.
While you're at it, you might want to isolate cookies to first party cookies (only to the website you visit, and not external ones on that page).. This however could create problems with important redirect functions, like payment systems, possibly..
Code:
privacy.firstparty.isolate false
You can set it to true.
While on the topic of privacy and Google.. You might want to disable Google Geolocation Service in Firefox.. (seemingly Google get what they pay for from Firefox)
Code:
geo.enabled true
Set this to false to disable geolocation. This might also lead to a range of possible issues, or advantages..
Overriding the browser user agent is a bad idea, but it's possible (and complicated).. You can do so by ADDING this to about:config
Code:
general.useragent.override
You add it by selecting string and then selecting the + sign.. However, adding a "correct" string is very complicated. It has to be quite exact to be picked up as "correct". You can add "false" information into this user agent to spoof your identity, by setting for example "Windows 11" and "Google Chrome".. This however might lead to huge problems. The website might instruct your browser entirely incorrect and the page will fail to show/act correctly, and a range of functions might not work properly. If you want to "fake" the user agent, you should probably use something as close as possible to what is the actual user agent. But, think about it. If you report a false version of Firefox for example, it might also render incorrectly even if you use Firefox. If you use say Firefox that comes with Slackware 15, and report the newest version of Firefox, some might try to use functions that aren't implemented in your actual browser!
However, both spoofing and changing your browser user agent is possible with that string, but you should probably take care to enter a valid widely recognized string. Otherwise, pages might not show at all, and you could have some major issues browsing the web. If one part of the string is incorrect, you might as well type nothing into it at all and report an empty user agent. There are various websites where you can search and find "correct" user agent strings. Like this: https://explore.whatismybrowser.com/useragents/explore/
Some things to consider, and some things to better stay away from, but nonetheless options.
This page is very interesting to analyze the information your browser "leaks" about you. One of the issues with adding security features or enabling security settings, is that those features makes you more unique. The "goal" should be to look as generic as possible, while having an optimal working browser still, and as many custom features (including security) added as one want.
In my case, somewhat strangely it reported me as Windows 11, which I thought was a good thing, but it actually was a bad thing, because my other result combined with Windows 11, made me even more unique, because I use GNU/Linux, and those results were very abnormal with Windows 11 (but is normal with GNU/Linux).
That page is alot more informative. And it doesn't tell you to enable javascript to know your "fingerprint".
If I were to go off that, the only real unique thing I see is the user agent; using firefox on linux. Apparently their data suggests this almost never happens!
The other "unique" thing is that I don't allow javascript. (BTW people, it's never really been any issue at all for me to run this way)
I find that considering that people DO hand over information using javascript is the more concerning. If that you're going to fingerprint people that is. Having javascript off is one category, but a very bland one that reduces fingerprinting. It would only confuse things further if people actually block the same information as I do. So if these people think that no javascript people are worth any bother, I would suspect they do not. So I would think that people with javascript on are going to provide essentially a unique ID versus people that don't of any case, are going to be hard to distinguish.
I don't turn off javascript for fingerprinting reasons. The reason is simply not letting anyone execute code on my machine. It makes my machine run faster, and it's going to be much more secure.
Quote:
Originally Posted by zeebra
However, both spoofing and changing your browser user agent is possible with that string, but you should probably take care to enter a valid widely recognized string. Otherwise, pages might not show at all, and you could have some major issues browsing the web. If one part of the string is incorrect, you might as well type nothing into it at all and report an empty user agent. There are various websites where you can search and find "correct" user agent strings. Like this: https://explore.whatismybrowser.com/useragents/explore/
Some things to consider, and some things to better stay away from, but nonetheless options.
Yes, the user agent, probably along with the IP address, whatever you send with an HTTP get, is going to be the most critical information on everyone they are going to rely on. Beyond that, and you let someone run javascript on your machine, you are going to leak things like a sieve. They could really start tracking you everywhere if they go to the effort, if you let them execute code blindly on your machine. They can get whatever they want to fingerprint you then.
Beyond that, and you let someone run javascript on your machine, you are going to leak things like a sieve. They could really start tracking you everywhere if they go to the effort, if you let them execute code blindly on your machine. They can get whatever they want to fingerprint you then.
I agree, it's probably well worth giving the advice to generally not use javascript in a browser. I do that too, but I have to enable javascript online on some websites, in some cases, but then that is rather the exception, and I usually have a higher trust in those websites than others. If people don't believe it, they can run that site with javascript turned off first, then run it with javascript enabled and see the difference.
However, despite all that, and pretty much any measure you take, it's still quite difficult to accomplish an "anonymous" fingerprint, or a generic one, or whatever to call it. You really have to work on the weakpoints to get rid of them one by one, and some are nearly impossible to get rid of. And well, like I said, some "good" settings that you really want, will end up making you more unique because so few other people use those, and combinations of those.
Probably you would also have to configure a set of "random" settings (10 or so fingerprint related ones), and use an RNG mechanic to set them randomly each time you start Firefox.
Ps. Default "no javascript" on that page with 2 million+ different fingerprints is at the rate of 0.50%..
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Rep:
Quote:
Originally Posted by the3dfxdude
That page is alot more informative. And it doesn't tell you to enable javascript to know your "fingerprint".
If I were to go off that, the only real unique thing I see is the user agent; using firefox on linux. Apparently their data suggests this almost never happens!
The other "unique" thing is that I don't allow javascript. (BTW people, it's never really been any issue at all for me to run this way)
I find that considering that people DO hand over information using javascript is the more concerning. If that you're going to fingerprint people that is. Having javascript off is one category, but a very bland one that reduces fingerprinting. It would only confuse things further if people actually block the same information as I do. So if these people think that no javascript people are worth any bother, I would suspect they do not. So I would think that people with javascript on are going to provide essentially a unique ID versus people that don't of any case, are going to be hard to distinguish.
I don't turn off javascript for fingerprinting reasons. The reason is simply not letting anyone execute code on my machine. It makes my machine run faster, and it's going to be much more secure.
Yes, the user agent, probably along with the IP address, whatever you send with an HTTP get, is going to be the most critical information on everyone they are going to rely on. Beyond that, and you let someone run javascript on your machine, you are going to leak things like a sieve. They could really start tracking you everywhere if they go to the effort, if you let them execute code blindly on your machine. They can get whatever they want to fingerprint you then.
@lancsuk, thank you! +1! I've found the narrow scroll bar annoying. On a 16:9 display, I'm finding no significant loss of browser screen space in everyday use.
Hey, I'm kinda inactive here this year, have had some IRL stuff that needs to be done.
Got some news for you guys, from web browser space, hopefully useful:
According to calendar the new 115.8_esr is supposed to drop on February 20.
Also, the new openh264-2.4.1 has dropped, I've compiled/tested it's all good so far.
And last but not the least, ublock origin 1.56.0 has dropped, not yet reviewed by mozilla team.
I wish FireFox still let me have RSS favicons. It will never be my main web browser again until they return that (rather than the Pale Moon fork of better/classic FireFox).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
It will never be my main web browser again until they return that (rather than the Pale Moon fork of better/classic FireFox).
