- 51 Posts
- 144 Comments
much appreciated
thank you for your information, would you say JShelter does everything Chameleon do (including spoofing) so that if I use JShelter I don’t have to use Chameleon?
1·2 hours agotrustworthy personal firewall
what do you use?
Programs can be restricted by filesystem permissions and the OS firewall, and not running them as admin
can you explain how to do this?
steam games for example are nearly impossible to run without admin, can I restrict filesystem permissions for these software?
1·2 hours agoI’m still bit confused. How rendering could result in fingerprinting? If canvas and other fingerprinting is disabled of course. how is ad render different from rendering other element on a webpage
what about other program?
this is absolutely horrorstruck
is there a way to prevent this?
for instance is there a way to run steam on windows without giving it access to any of access it shouldn’t have?
Thanks
I think there might be a bit of misunderstanding about what those permissions mean. The extensions just need to be able to “see” the contents of a web page in order to be able to hide ads, change font & background colors, edit URLs, or redirect resource requests. There is no other way for them to perform those functions unless they have permission to read the original data presented by websites you visit.
2·3 hours agolooks good, nice if someone could provide their stylus use experience
Thanks a lot
Answered by @listless@lemmy.cringecollective.io
Web pages are not allowed to list your extensions. They can indirectly surmise you have certain extensions based on how your requests differ from expectations. For example, if they have advertisements, but your browser never actually makes any requests to load the images, CSS, JS or HTML for the advertisements, they can deduce you have an ad-blocker. That’s a datapoint they now have to ID you: “has an ad-blocker”
Now let’s say they have an ad they know AdBlockPlus allows, but uBlock Origin doesn’t. They see your browser doesn’t load that ad. Another datapoint: “Not using AdBlockPlus”.
Based on what requests go back and forth between your browser and their servers, they map out a unique fingerprint.
Web pages are not allowed to list your extensions. They can indirectly surmise you have certain extensions based on how your requests differ from expectations. For example, if they have advertisements, but your browser never actually makes any requests to load the images, CSS, JS or HTML for the advertisements, they can deduce you have an ad-blocker. That’s a datapoint they now have to ID you: “has an ad-blocker”
Now let’s say they have an ad they know AdBlockPlus allows, but uBlock Origin doesn’t. They see your browser doesn’t load that ad. Another datapoint: “Not using AdBlockPlus”.
Based on what requests go back and forth between your browser and their servers, they map out a unique fingerprint.
Thank you so much that makes sense
Sincere thanks
Most of those things cannot be collected through JavaScript.
Local time can.
RAM can only be approximated to protect user privacy. Edit: And it’s not available on Firefox.
OS+version are already in your browser’s user-agent string that is sent out with every request you make.
Machine hardware cannot be enumerated. JavaScript can try to guess your GPU based on what it can do with WebGL.
There is no way to get a serial number or similar.
To spoof timezone/OS+version/browser+version … and disable WebGL, use https://sereneblue.github.io/chameleon/
I guess spoofing will not make me stand out?
how does ad render in the background compromise privacy?
thanks
does this mean software with admin privilege only have access to user folder not root folder of C drive?