makeasnek@lemmy.ml
on 12 Jul 2024 07:44
nextcollapse
I2P is really cool tech, wish more people knew about it. In a similar vein: #hyphanet (formerly #freenet) and #nostr
refalo@programming.dev
on 12 Jul 2024 07:54
nextcollapse
and yggdrasil and lokinet
EngineerGaming@feddit.nl
on 12 Jul 2024 18:59
collapse
Lokinet is sus with its model imo. Unlike i2p, the idea of which is lowering the bar for being a node, it raises the bar impossibly high for most of us. If you have the insane sum it requires to host a node, it would be more useful to the world if you spend it on hosting good Tor or i2p nodes imo.
kenkenken@sh.itjust.works
on 12 Jul 2024 09:59
nextcollapse
You actually can use I2P with JS disabled as many eepsites work without it.
refalo@programming.dev
on 12 Jul 2024 15:24
collapse
Yes you’re right, but disabling JS also makes you stand out way more wrt fingerprinting, and you can still be fingerprinted with HTML/CSS, TLS and other methods.
EngineerGaming@feddit.nl
on 12 Jul 2024 18:57
nextcollapse
On i2p- and onion-sites, I guess having JS disabled is far more common than on normal internet, so “standing out” is not really a concern.
Disabling JS helps reduce the many many other fingerprintable metrics and replaces it with one. One that is rare, but not uncommon in the worlds of I2P or Tor.
Redjard@lemmy.dbzer0.com
on 12 Jul 2024 18:48
nextcollapse
I don’t see any extension info and I don’t see how there could be any. There isn’t any api for gaining this info in ff at the very least.
There are other issues, but most extensions can in fact not be detected by websites, unless they specifically add something that makes them detectable.
refalo@programming.dev
on 12 Jul 2024 20:34
collapse
perhaps you should look up how creepjs implements detection for known extensions
Redjard@lemmy.dbzer0.com
on 13 Jul 2024 00:05
collapse
I found this is the only thing I found on a quick search.
It would indicate that chrome does disclose addons (so maybe don’t use it for yet another reason).
For Firefox you can only look for changes typically performed by an addon, something like adblock should be detectible but networking layer stuff like an I2P tunnel should definitely not be.
Most firefox addons dont even have the permissions needed to change anything a website could observe.
refalo@programming.dev
on 13 Jul 2024 00:21
collapse
Most firefox addons dont even have the permissions needed to change anything a website could observe.
Very strong disagree, I have seen and used many very widely used extensions that manipulate the DOM, which IMO satisfies your criteria of “something that can be observed” i.e. by javascript with a fingerprint tracker like creepjs.
A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.
User theme managers should be similar, but I can’t comment on them as I don’t use any.
That is not true. On chrome, they could be fingerprinted using the way that extensions load remote assets (which I dont think is still possible). On Firefox, that has not been possible (maybe ever but at least for a while). The way that extensions are fingerprinted requires detecting the way they interact with the web pages DOM, which is not something many extensions do.
refalo@programming.dev
on 12 Jul 2024 20:33
collapse
check out how creepjs implements detection for many common extensions…
The point to my original comment is fingerprint of extensions isn’t straightforward or free, ie requires intentionally designing a fingerprinting technique tailored to identify its behaviour.
CreepJS can really only detect Chrome extensions and very few Firefox ones. On Firefox, it can detect NoScript but not uBlock for example. This isn’t to say that uBlock can’t be fingerprinted, just that it hasn’t yet in CreepJS. Some extension don’t touch the DOM at all or produce any fingerprintable behaviour to the web page, so there for can’t be detected. Some don’t produce weird behaviour until a user interacts with some element in the extension or webpage.
refalo@programming.dev
on 12 Jul 2024 21:36
collapse
Yes you are right. I don’t think there is a realistic way for most people to be anonymous or private online anymore given all these offensive and invasive techniques being used regularly now. Hell cloudflare fingerprints people with TLS alone, and that doesn’t care about javascript or anything else above it.
SaltyIceteaMaker@lemmy.ml
on 12 Jul 2024 08:58
nextcollapse
What is i2p?
JackGreenEarth@lemm.ee
on 12 Jul 2024 09:14
nextcollapse
A peer to peer internet
makeasnek@lemmy.ml
on 12 Jul 2024 09:29
nextcollapse
A P2P application for anonymous communication. There’s chat rooms, forums, the whole range of things, all peer-to-peer, all decentralized, all built with privacy and anonymity as a feature.
Steamymoomilk@sh.itjust.works
on 12 Jul 2024 17:27
collapse
The deep web
Blankzy@reddthat.com
on 12 Jul 2024 10:29
nextcollapse
I can’t figure i2p out or nostr
makeasnek@lemmy.ml
on 12 Jul 2024 10:34
nextcollapse
If you want an easy onboarding solution for nostr check out damus.io
The cool thing is if you don’t like the first app you try, there’s dozens of others, and your data moves across all of them seamlessly. I started on iris and now I’m on nostrudel and I’ll probably try out a few more over the next year before I really settle in to the best one for me.
If you have questions, check out !nostr@lemmy.world or use the #asknostr tag once you have your account setup, people are very helpful there!
rutrum@lm.paradisus.day
on 12 Jul 2024 14:56
collapse
This cleared up some of the confusion about nostr to me: usenostr.org
NGC2346@sh.itjust.works
on 12 Jul 2024 17:05
collapse
Misleading title. Using this with your day to day browser burns out any idea of anonymity.
If you want to be safe, make a bare bone Arch Linux VM and use this extension with GNU Icecat. Also change your DNS from your ISP to something like Quad9.
Does icecat use a custom user config that provides more privacy/security? I see on their page they package it with some preinstalled extensions (JShelter being of interest but only helping to increase the fingerprintability of your browser). All I know about it is that it is a GNU drop-in Firefox replacement (since it is a fork), but it most likely doesn’t enable privacy.resistFingerprinting or many of the other things available in the Firefox config. You will not have anonymity on your proposed setup, nor even using something like the arkenfox user.js which provides much better privacy and security than the loose defaults of Firefox. I would instead recommend Librewolf, or even better Mullvad browser.
Understandable, but you’ll stick out like a sore thumb. Why not randomize in a way that makes you blend in. Like for example, enable “privacy.resistFingerprinting” and randomize other metrics not protected already. With something like viewport, I kinda understand randomizing (from a bank of known common viewport sizes for a given platform)
threaded - newest
I2P is really cool tech, wish more people knew about it. In a similar vein: #hyphanet (formerly #freenet) and #nostr
and yggdrasil and lokinet
Lokinet is sus with its model imo. Unlike i2p, the idea of which is lowering the bar for being a node, it raises the bar impossibly high for most of us. If you have the insane sum it requires to host a node, it would be more useful to the world if you spend it on hosting good Tor or i2p nodes imo.
Is there anything actually interesting on it, or is it all just drugs and CP like the onion darknet?
Technologically, I2P handles large data transfers much more efficiently than TOR. That makes I2P useful for torrenting large files like Linux ISOs.
Linux ISOs are my all-time favorite thing to torrent so this does seem like it requires further research.
Just remember to forward the right ports if you can so you can contribute to the network!!
these two do not mix well. almost any extension can be detected by a site and used to fingerprint you.
abrahamjuliot.github.io/creepjs/
You actually can use I2P with JS disabled as many eepsites work without it.
Yes you’re right, but disabling JS also makes you stand out way more wrt fingerprinting, and you can still be fingerprinted with HTML/CSS, TLS and other methods.
On i2p- and onion-sites, I guess having JS disabled is far more common than on normal internet, so “standing out” is not really a concern.
Disabling JS helps reduce the many many other fingerprintable metrics and replaces it with one. One that is rare, but not uncommon in the worlds of I2P or Tor.
I don’t see any extension info and I don’t see how there could be any. There isn’t any api for gaining this info in ff at the very least.
There are other issues, but most extensions can in fact not be detected by websites, unless they specifically add something that makes them detectable.
perhaps you should look up how creepjs implements detection for known extensions
I found this is the only thing I found on a quick search.
It would indicate that chrome does disclose addons (so maybe don’t use it for yet another reason).
For Firefox you can only look for changes typically performed by an addon, something like adblock should be detectible but networking layer stuff like an I2P tunnel should definitely not be.
Most firefox addons dont even have the permissions needed to change anything a website could observe.
Very strong disagree, I have seen and used many very widely used extensions that manipulate the DOM, which IMO satisfies your criteria of “something that can be observed” i.e. by javascript with a fingerprint tracker like creepjs.
Some examples:
ad blockers (uBO/uMatrix/etc.)
color/theme management (dark reader/dark theme/Stylish/etc.)
custom mouse cursor managers
page translators
addons serving in-browser ads
userscript managers (grease/tamper/violentmonkey etc.)
privacy blockers (CanvasBlocker/JShelter/etc.)
site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)
All of these can be detected and included as yet another bit of data that a unique fingerprint can be built from.
Yes, those could be detected.
Ill see how large that portion is on my system in a bit, but I would expect it to come out as the minority.
Non-detectible ones I can think of rn:
Many more of the ones you listed won’t be detectable on most websites.
A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.
User theme managers should be similar, but I can’t comment on them as I don’t use any.
Translators are only detectible when enabled.
Why would you have an addon that serves ads?
Are site-specific, i.e. not detectible anywhere else
Please don’t use those anymore, use only uBo. Same for uMatrix.
uBo is pretty good about not being detected, for obvious reasons.
That is not true. On chrome, they could be fingerprinted using the way that extensions load remote assets (which I dont think is still possible). On Firefox, that has not been possible (maybe ever but at least for a while). The way that extensions are fingerprinted requires detecting the way they interact with the web pages DOM, which is not something many extensions do.
check out how creepjs implements detection for many common extensions…
The point to my original comment is fingerprint of extensions isn’t straightforward or free, ie requires intentionally designing a fingerprinting technique tailored to identify its behaviour.
CreepJS can really only detect Chrome extensions and very few Firefox ones. On Firefox, it can detect NoScript but not uBlock for example. This isn’t to say that uBlock can’t be fingerprinted, just that it hasn’t yet in CreepJS. Some extension don’t touch the DOM at all or produce any fingerprintable behaviour to the web page, so there for can’t be detected. Some don’t produce weird behaviour until a user interacts with some element in the extension or webpage.
Yes you are right. I don’t think there is a realistic way for most people to be anonymous or private online anymore given all these offensive and invasive techniques being used regularly now. Hell cloudflare fingerprints people with TLS alone, and that doesn’t care about javascript or anything else above it.
What is i2p?
A peer to peer internet
A P2P application for anonymous communication. There’s chat rooms, forums, the whole range of things, all peer-to-peer, all decentralized, all built with privacy and anonymity as a feature.
The deep web
I can’t figure i2p out or nostr
If you want an easy onboarding solution for nostr check out damus.io
The cool thing is if you don’t like the first app you try, there’s dozens of others, and your data moves across all of them seamlessly. I started on iris and now I’m on nostrudel and I’ll probably try out a few more over the next year before I really settle in to the best one for me.
If you have questions, check out !nostr@lemmy.world or use the #asknostr tag once you have your account setup, people are very helpful there!
This cleared up some of the confusion about nostr to me: usenostr.org
Misleading title. Using this with your day to day browser burns out any idea of anonymity.
If you want to be safe, make a bare bone Arch Linux VM and use this extension with GNU Icecat. Also change your DNS from your ISP to something like Quad9.
Does icecat use a custom user config that provides more privacy/security? I see on their page they package it with some preinstalled extensions (JShelter being of interest but only helping to increase the fingerprintability of your browser). All I know about it is that it is a GNU drop-in Firefox replacement (since it is a fork), but it most likely doesn’t enable privacy.resistFingerprinting or many of the other things available in the Firefox config. You will not have anonymity on your proposed setup, nor even using something like the arkenfox user.js which provides much better privacy and security than the loose defaults of Firefox. I would instead recommend Librewolf, or even better Mullvad browser.
Understandable, but you’ll stick out like a sore thumb. Why not randomize in a way that makes you blend in. Like for example, enable “privacy.resistFingerprinting” and randomize other metrics not protected already. With something like viewport, I kinda understand randomizing (from a bank of known common viewport sizes for a given platform)