reply on: Web fingerprinting is worse than I thought \ stacker news ~bitcoin

1 sat \ 2 replies \ @franzap 21 Mar 2023 \ on: Web fingerprinting is worse than I thought bitcoin

It's terrible and not taken seriously enough.

Remember that privacy is like a chain, one broken link breaks the whole chain. A history of detectable fingerprints and one single KYC login and your whole history is exposed.

Even when the fingerprint.com demo shows different IDs they can run some basic heuristics and detect manipulated params (in the same way chain analytics companies do with coins). Who knows, they might have private APIs for "special" clients.

An interesting one is https://abrahamjuliot.github.io/creepjs/ , try it out in a regular window and in a private window with resistFingerprinting=true.

Unfortunately two of the most promising anti-fingerprinting approaches seem abandoned now:

https://github.com/freethenation/DFPM
https://github.com/abrahamjuliot/privacy-cat (from the author of creepjs)

Regular web browsing these days (because of the browser APIs increasing attack surface) requires far more trust than what it seems. It's like calling a plumber to fix the toilet but he enters the house with a GoPro on his head and records your living room.

We visit a website for one purpose but we have no idea what purposes they have and by the nature of the web it's practically impossible to verify releases like with an open source desktop program.

A good browser is necessary, a VPN as well, but it's definitely not enough.

22 sats \ 1 reply \ @l0k18 24 May 2023

I hate web browsers. They are the "throw a handfull of darts one is sure to hit the bullseye" philosophy of software engineering, that leads to a steady bloat of features and security vulnerabilities multiply upon each other.

In general, if there is a dedicated app, choose that, don't use a web browser. Unfortunately people make too many mobile apps and not enough desktop apps for my needs. I don't use the web for much other than searching for programming info and shopping but it pains me every time I see an EU mandated cookie message.

0 sats \ 0 replies \ @franzap 24 May 2023

More gemtext less HTML :)

Agreed, more desktop apps are needed: easier to verify releases, no cookies or fingerpints (?), easier to block or inspect outgoing traffic, much better offline support.