Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Lemongrab

@Lemongrab@lemmy.one

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Lemongrab ,

It can access the encrypted data and any unencrypted startup software that hands things off to the OS after decryption.

Google's "Manifest V2" Chrome extension phaseout next month is expected to impact the original uBlock Origin extension, which still uses the V2 framework and has 37 million users (www.theregister.com)

The new MV3 architecture reflects Google's avowed desire to make browser extensions more performant, private, and secure. But the internet giant's attempt to do so has been bitterly contested by makers of privacy-protecting and content-blocking extensions, who have argued that the Chocolate Factory's new software architecture...

Lemongrab ,

I think the point isn't that the scrapper is NOT going to record their messages, but instead that it WILL regardless. Then making use of a training data unmasking exploit, the company (theoretical if the law sides with the individual) needs to fully retrain their model to remove the message text. This puts a lot if faith in copyright law, which is strong in the USA (and others) but rarely enforced to the benefit of small creators. Very little legal precedent.

Using Dark Reader on Tor Browser? (Please read before telling me to not use any extensions)

I use Tor every once in a while for basic web browsing just to add some regular traffic to the network and not just dark web traffic. I mainly use it for Reddit as they lock to block me because of my VPN IP but don't block Tor IP and occasionally other stuff. I know Tor is made so that everyone looks the same but, I am not...

Lemongrab ,

It injects JavaScript and CSS. Any modifications to the webpage DOM are easily fingerprintable and therefore making it easy to distinguish you from other Tor users.

If Tor is blocked try using a RedLib instance: https://github.com/redlib-org/redlib-instances/blob/main/instances.md

My possible solution for you:

  1. Visit CreepJS ( https://abrahamjuliot.github.io/creepjs/ ) and calculate your fuzzy fingerprint. Copy-paste that somewhere for later. This step is important so you can verify afterwords that your fingerprint stayed the same (the fingerprint of all other Tor browser users on your release version).

  2. Install redirector ( https://addons.mozilla.org/firefox/addon/redirector/ ).

  3. Look at the list of public RedLib instances and find ones that are dark mode by default. Then create a config in Redirector to redirect links when you visit reddit.com

  4. Visit creepJS and verify that your fingerprint is the same.

If it isn't too bothersome, I recommend not install any extension because there may be some way to distinguish you even if your reported fingerprint doesn't change on creepJS.

Lemongrab ,

Jesus. Kinda overkill depending on how many parameters the model is and the float precision

Lemongrab ,

You shouldn't normally turn into a frog when sitting on the toilet. Surely not many such cases ...

Lemongrab ,

Vanadium doesn't have good/any fingerprinting protection. Cromite or Mull would be better, Tor would be best.

Lemongrab ,

Dont use system webview as your default browser. Webview is used by apps, your browser can and should be changed if privacy is your goal. Vanadium may be hardened, but it lacks any fingerprinting protection.

Lemongrab ,

You can't blend in with a crowd of vanadium users with the amount of data points given away by the browser. Your fingerprint will be decernable from other users. Without actual anti-fingerprinting, which theoretical can allow for a crowd only when fingerprinting of user browsers results in the same fingerprint ID, the best you can hope to do is thwart naive fingerprinting. Vanadium doesn't have any anti-fingerprint built in, so the slightest differences between user can be used to easily fingerprint. Vanadium also has no strong method of in browser content blocking (eg an adblocker like uBlock) which is required on the modern web to remove JS tracking scripts (or straight allow and deny lists for specific web contents). Adblock is cyber security: https://www.ic3.gov/Media/Y2022/PSA221221

Examples of metrics include, but are not limited to, the following:
Timezone, system and browser fonts (often automatically fetched by websites as a remote font that is cached by the browser), language, screen metrics (DPI, height x width, refresh rate, pixel ratio), canvas, CSS fingerprint, useragent, browsing mode (standard/private), video autoplay policy, audio device fingerprinting, installed plugins, cookie policy, device theme, and of course IP.

As a graphene OS vanadium user, assuming that the browser stays default, you would still have screen, audio, other hardware metrics, canvas (this one is a killer), IP, user agent (differences in installed versions of plugins and vanadium itself), timezone, remote Fonts, and others. Fingerprinting is an insane science which needs actual protection against to even begin hoping to create a crowd.

See some more details below.

Info on fingerprinting (about choosing a desktop browser but still relevant info): https://www.privacyguides.org/en/desktop-browsers

Browser comparison: https://divestos.org/pages/browsers

Fingerprinting test site: https://abrahamjuliot.github.io/creepjs/

Lemongrab ,

Your system webview is for in app usage. You aren't browsing the web using your system webview (generally). You can't blend into a crowd if you have no anti-fingerprinting. Firefox does this through RFP by normalizing settings between users, and on mobile there is partial support for screen size normalization through letterboxing. Vanadium isn't special, it is hardened chromium with some specific patches. You cannot form a crowd without special a lot of anti-fingerprint patching. See my other comment for details.

Firefox is missing per-site process isolation. This is theoretical an attack vector in the presence of multiple other major vulnerabilities. It has never been shown to be an attack vector in real world vulnerabilities. Don't call Firefox's sandboxing crap if you don't know why people have said that.

Lemongrab ,

I read your source and am not convinced. While I do agree that piling on modifications is often fruitless and counterintuitive, Vanadium doesn't have the Fingerprinting protection necessary to create a crowd. At best it can create many islands of crowd for each physical device graphene supports, for each version of the software installed, and only assuming all other method of fingerprinting don't work (for some reason theoretically for the sake of this best case scenario). Read cromite's patch list to see some of the changes needed to produce basic anti-fingerprinting (still not good enough to create a crowd).

Lemongrab ,

Anti-fingerprinting isn't as simple as blocking JavaScript. There are dozens of other parameters. You can fingerprint with pure CSS. When I say anti-fingerprinting is necessary for a crowd, I am referring to data normalization. Like Firefox's Resistant Fingerprinting and letterboxing. I find most of RFP's effects unobtrusive, but it always for a crowd to form in specialized cases. Only Tor browser and Mullvad can reasonably form a crowd.
I dont know what you mean by privacy projects spreading dirty JS. I recommend you read up on actual anti-fingerprinting techniques. Your knowledge of anti/fingerprinting seems limited. Basic anti-fingerprinting is necessary on the modern web, same thing with a content blocker. Security and privacy sometimes come at the cost of convenience, but not always.

Lemongrab ,

Standard for this old meme text format.

Lemongrab ,

Neat, thanks random internet autistic. I appreciate you.

Lemongrab ,

Lol

Lemongrab ,

For Firefox based browsers: https://arkenfox.github.io/TZP/tzp.html

For all browsers (more generalist): https://abrahamjuliot.github.io/creepjs/

Lemongrab ,

Each are data points that together contribute to your total fingerprint. TZP tells you a lot of these data points, and fails ones that dont match Firefox Resistant Fingerprint masked data. Creepjs does much of the same but without gearing towards Firefox.

Generally fingerprintable things include:

Do not track signal.
Private browsing mode.
Timezone.
Useragent.
Canvas noise.
Installed fonts.
Font sizes.
Browser built-in plugins.
Some extensions.
WebRTC.
Theme.
Cookies.
IP address.
Local IPs (website can execute an ip scan and fingerprint).
Window viewport size.
Full screen mode viewport sizing.
Page/font color settings.
Operating System (impossible to mask because of differences in rendering on platforms).
Browser App name & icon.
System TTS synthesis engine.
DOM modification fingerprinting (like that used by many extensions).
Mouse speed.
Keyboard behavior.
Stylometric fingerprinting.
And many more.

Lemongrab ,

But it directly says to disable enhanced tracking protection. Weird fuck up.

Lemongrab ,

Actually he is a grand wizard ...

Lemongrab ,

Military weapons, which should be banned lol.

Lemongrab ,

Oh, it was so much fucking fun. More fun than it looks, which is saying something. Not to make you more jealous lol

Lemongrab ,

To the bone!

If you ain't Rock and Stone, you ain't coming home!

alcoholic noises

Lemongrab ,

Fly up in a helicopter and have them toss your corpse into the blades

Lemongrab , (edited )

This is how I got hit on my bike, except I wasn't waved at. I was in the bike lane and a truck ahead of me waved to a car to drive across. I would be close to were the car going 45mph is in the picture. Car pulled across and by the time i could see the car it was too late. I mashed into the side of the car right as it was crossing the bikelane and was bounced backwards by the force, smacking hard backwards onto the asphalt.

Safe biking out there.

Lemongrab ,

They drive too fast. I understand what your saying.

Lemongrab ,

Fingerprinting from the original website is easy, the frontend will have a fingerprint as well but it should be shared by all the users without exposing their browsers. Better privacy therefore.

Lemongrab ,

Terrible. That still image just recovered buried memories.

Lemongrab ,

All I can think about is oxidation and UV damage of the active chemical and also moisture problems.

Funny but its better to have working E instead of just funny blue pills

Lemongrab ,

Librera FD as your reader app: https://www.f-droid.org/en/packages/com.foobnix.pro.pdf.reader/
Sherpa Onnx as your TTS engine: https://github.com/k2-fsa/sherpa-onnx

I recommend the piper TTS pretrained models, either Lessac medium or Kusal high/medium

Lemongrab ,

Installing Sherpa Onnx TTS makes it an option to use as your system TTS voice

Lemongrab ,

For a regular user, I'd suggest fedora workstation over Debian. Debian is old reliable, but the out of box experience for the user is clunky and missing some utilities and features. I had a tech friend of mine transition from windows and there were many small things that I hadn't noticed would cause problems.

I still run Debian on many different devices, I like it quite a bit especially when distromorphed with Kicksecure.

There is also Linux Mint Debian Edition which switches the base OS used by Mint to Debian. Out of box experience with LMDE is much more user friendly.

Lemongrab ,

As a rebase, I reccomend secureblue: https://github.com/secureblue/secureblue

Lemongrab ,

Or instead of Kali check out ParrotOS

Lemongrab ,

Kali is all about the tools. It is not more secure than the average linux system, actually the opposite most of the time. It is designed for red team hackers mostly. Still neat to poke around with. The same is true for ParrotOS

Lemongrab ,

2nded. OpenSUSE in general is great imo. IIRC, OpenSUSE has the 2nd largest repo, after Arch Linux AUR

Lemongrab ,

Ketamine is actually great for treatment resistant depression. Lotta ignorant people in the comments. Fuck the corpos and their nonsense to avoid treating workers with human decency, but ketamine prescribed correctly is actually quite effective.

Lemongrab ,

I think it may be a spinal tap, though I am quite unsure about dosing.

Lemongrab ,

When I tried self hosting it I kept getting trackers blocked by ublock. From just my self hosted instance I get 0 blocked, but with the materialious frontend it would keep climbing. I killed my instance when I reached 90 blocked. It was ublock in hard mode

Lemongrab ,

I assumed it was remote Fonts or something, I may try it again.

Lemongrab ,

Behind ublock or behind materialious? I understand what ublock hard mode is. It blocks all 3rd party frames, scripts, and just 3rd party in general. Minor benefit over ublock medium mode but important in my setup.

Lemongrab ,

Interesting

Lemongrab ,

Garbage take. Having apps as PWAs is better for security, privacy, and doesn't need to be clunky. Websites are clunky when they import massive remote JS libraries instead of just relying more on CSS. No website I've every visited has had a valid reason to be slow, I mean we can literally use a webpage to control a remote VM in real time. Apps get to declare most of their permissions and will often require these unnecessary permissions to use them at all.

Lemongrab ,

For security, yes, your word is not enough. This would be confidentiality in the CIA triad. I still understand your disappointment seeing probably many dozens of drives get destroyed. I get the majority of drives by scrapping old PC and it pains me to see what people will throw out.

Lemongrab ,

It is often to teach you how to cope, not just accept.

Lemongrab ,

Then get a burner pixel 3a and install grapheneOS or DivestOS

Lemongrab ,

https://divestos.org/pages/devices#device-sargo

Lemongrab ,

https://divestos.org/pages/browsers

Lemongrab ,

L. Have better pattern recognition then, nerd.

Lemongrab ,

ADHD meds help somewhat

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • meta
  • All magazines
    •