After reading these reports of intensified fingerprinting I decided to block all scripts on my browser using uBlock. Can't do much regarding the IP tho
this post was submitted on 19 Feb 2025
182 points (100.0% liked)
Cybersecurity
6346 readers
711 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 2 years ago
MODERATORS
Me loving GrapheneOS intensifies.
Chromium and Webview ripped out and replaced with hardened Vanadium.
Man, I had gaming scheduled for this weekend. I guess I gotta move up my plan to backup everything and switch over to GrapheneOS.
Its a pretty easy switch and has some nice perks like disabling the software restictions on the USB C port so you can actually hook up displays
If you have a Pixel, yes.
If you have a Galaxy, you're in for some s**t
I thought it wasnt even possible on a galaxy
It's possible, but a huge PITA. Learning how to do it, that is. Once you know all the magic incantations and have your potions and elixirs available, it's easy enough.
Most of the "how to" guides don't mention all the little crap you need to know so it takes a lot of trolling through forums to find why this next step isn't working.
I have a galaxy phone but haven't pursued the idea of installing grapheneOS on it as I thought it would be impossible. Please share you arcane knowledge of the unholy incarnations.
How does GrapheneOS play with folding phones? Nicely?
Probably as well as any other stock Android ROM, because that's all it is, plus a few security patches on top.
Do Linux next 🐸
I'm still waffling between CachyOS and Bazzite. 😆
I've been daily driving bazzite for a few months, I would highly recommend you give it a distro hop for a bit to see if it fits you. The main downside is getting used to the atomic mindset and changing how you install your tooling
I actually have it on a laptop, because I wanted something virtually bulletproof that my SO could have that just works. No worrying about broken configs or leftover cruft.
Just undecided if I want it on my main desktop. I've had a few minor but annoying issues with it, though nothing unworkable. Ricing is sometimes problematic, and that's something I enjoy. I really like the build process, though, and how you can downstream your own version, and I like ostree backups (plus I can't wait for bootc).
gimme a decent rom guaranteed to work with my six-year-old unsupported hardware
Sorry didn't realize you were asking for ROM
Lineageos is your best bet.
Sir, I am regarded but I am sure we got somebody on fedi who can properly opine on this request
What service provider are you using with Graphene? I want to de google but it seems a wasted effort when I have FI
According to multiple users on the GrapheneOS forum it works just fine https://discuss.grapheneos.org/d/7950-does-grapheneos-work-with-google-fi/2
I'm able to use Organic Maps with RH Voice with the sandboxed Google Play + Android Auto Graphene uses for my travelling/cycling/Public-transit map needs.
Mint Mobile. I'm fine with 5GB/5G:$15/month ~$185/year. 🤘😁.
I download flac songs/albums for off line use with Tidal when not streaming on WiFi.
PipePipe for YouTube/etc stuffs. 720p or background playback to save bandwith/battery isn't bad.
Thunderbird for my gmail account.
But in process of moving to Tuta.
Last I recall, Vanadium lags behind customized-Firefox in privacy features, and even more behind the Tor Browser.
Having a tool like Noscript is absolutely necessary, with today's browsers, if you want to fight fingerprinting.
All I known is DivestOS is dead as is Mull 😮.
And there's things Vanadium/web view offer that Android Firefox never can:
By default Vanadium's JIT JavaScript is blocked. Can easily turn off regular JavaScript if ya want on site settings.
this article does not attempt to compare the privacy practices of each browser but rather their resistance to exploitation.
The Madaidans article lacks relevance, we are talking about fingerprinting.
Android Firefox never can
That's just not true, many of those are things that Android Firefox likely won't do, but that doesn't mean they can't do it.
That said, I care more about privacy than theoretical attacks. Companies are tracking me, black hats might attack me.
The clowns just wsnt to run all these code on PC man... Why don't you let them?
Yeah I'm going with a Murena phone and /e/os installed, as they're both European.
I unfortunately can't really see how a browser could still be nice to use and properly resist fingerprinting.
The site https://amiunique.org/fingerprint tries to fingerprint your browser and lists the used attributes along with their uniqueness within their dataset. And while a browser could pretty reliably lie about its User Agent or Platform, it's often just necessary for a modern website to know, for example, what your view-port's resolution is or what kind of audio/video codecs your device supports. Going through my own results, I'd say combining these necessary data points is probably enough to identify me, even though I'm pretty privacy-conscious.
Maybe I'm overly pessimistic, but I think preventing fingerprinting would need a regulatory instead of a technical solution. Unfortunately that doesn't seem very likely anytime soon.
There are extentions for Firefox that randomise most of that. They add random supported codecs for example, enough to make it believable, not enough to make it a unique combination.
It's not perfect, nothing is, but it seems to be good enough.
I’d say combining these necessary data points is probably enough to identify me
The EFF has had a couple of websites that would profile you on exactly this data, so you're completely correct in that even the basic normal required metadata is more than enough to identify you pretty well.
coveryourtracks.eff.org is where it's living now, and a quick glance shows that just using browser capabilities and such is absolutely enough to identify me.
For the lazy: https://coveryourtracks.eff.org/
This helps so much more on mobile using an app. Thank you for your service!
Thats very good thank you
Browser?
Lol they own Android...it's the entire os. They're fingerprinting every android phone.
I've been using browsers for a couple of decades without digital fingerprinting and it's nice enough for me. I see no need to make it nicer.
Such as?
Every browser can be fingerprinted, even Tor browser, which goes out of its way to resist fingerprinting. The only way to really avoid fingerprinting is to not use JavaScript, which is extremely limiting.
You mean it didn't already?
My read is that before they did the fingerprinting on their side and used it to construct profiles to sell to their customers.
But now there's just giving the fingerprints directly to their customers.
Perhaps this will motivate makers of web browsers to finally get serious about making fingerprinting less easy. Looking at you, Mozilla.
Mozilla already has anti fingerprint settings.
Yes, but with a few caveats. Last time I used the 'Resist Fingerprinting' option, it made window resizing funky and some sites flat out rendered wrong.
It needs some polish and some user controls.
That's the tradeoff you have to make. Your window size is a good fingerprint, so spoofing the size makes sense. But websites that need to window size for legitimate reasons are breaking.
How else could it be? The window size directly identifies you AND determines the page layout.
Getting away from Google isn't easy, but it's required.