Researchers use GPU fingerprinting to track users online

Jonnycat99

Limp Gawd
Joined
Nov 9, 2006
Messages
424
However, a very small number of consumers advocated for the right to repair. The majority of consumers couldn't careless if they couldn't repair their own device, as FOMO rules the world. So it is possible for a small amount of people to create change.

Yes, and we also have the 1974 Moss/Magnuson Act (back when consumer protection was in vogue) which prevents a company from denying warranty service if you get something repaired outside of an "authorized factory service" center and with aftermarket parts. The difference is that the repair industry is generally not done by publicly traded companies who are worth trillions of dollars, have an army of lobbyists, and have shares owned by our esteemed elected representatives.

Online privacy is also kind of a nebulous concept, especially when most people (including myself) input all manner of private information into search engines not to mention what people put up on Facebook for the whole world to see. Still, at the very least it would be nice to see some type of temporal limit or "right to be forgotten" legislation though, so the bastards don't get to compile a lifelong cradle to grave dossier on everything you do online, as well as a genuine incognito mode that actually works.
 

ElementDave

Limp Gawd
Joined
May 5, 2013
Messages
364
Good grief, another setting I didn't know about.

Just to capture it somewhere if I need to find my running list of settings changes for privacy again, I figured I'd re-post it here:

- Install
- Go to about:config and search for pocket and double click on extensions.pocket.enabled to disable it.
- Go to settings
- Disable all telemetry data collection
- Disable offering to remember passwords
- Disable asking about site notifications
- Disable asking about camera/microphone use
- Disable asking about location
- Set Content Blocking under Privacy and Security to "strict". It warns about potentially breaking sites, but in 65 I have yet to have this happen to any site I have visited. (as mentioned above, it did in 64 though)
- Open new tab.
- Click settings wheel
- Uncheck "Recommended by Pocket", "Highlights" and "Snippets"
- Go to about:config search for peerconnection and set media.peerconnection.enabled to false
- Go to about:config, search for WebGL and set webgl.disabled to true.
- Go to about:config, search for "fingerprinting" and set "privacy.resistFingerprinting" to true.

Please add any I may have missed!
More settings? What's the length limit on forum posts? ;)

I configure my OS and browser with an eye toward hardening from a security standpoint more than privacy, though the latter does benefit a lot from the former. My browser settings are guaranteed to break 95%+ of the Internet. To most people it would feel like pulling the Ethernet cable. But what others call broken, I call a feature.

I strongly recommend the extensions NoScript and uBlock Origin for Firefox. If the default policy of blocking JavaScript feels like too much fuss, it's possible to use NoScript in a more permissive way and still benefit from some of its other less obvious protections.

A couple notes in case you're not familiar with prefs.js and user.js, and how the two interact: Firefox stores modified preferences in a JavaScript file named prefs.js. You can find prefs.js in your profile directory (about:profiles). User.js is located in the same directory but doesn't exist by default; you must create it. User-defined preferences are first loaded from prefs.js and applied before those defined in user.js. You can think of user.js as an overlay that is applied on top of prefs.js. One thing to keep in mind is that Firefox never alters your user.js, so if you change a preference through the UI (e.g., about:config), its value won't persist across browser sessions if that preference also exists in your user.js; the value set in user.js wins in the event of a conflict.

However, one thing is certain: modern software developers hate consistency and don't feel like they're doing their job unless something breaks on a regular basis. So a decades-old feature such as user.js could vanish or change with any update.
https://bugzilla.mozilla.org/show_bug.cgi?id=1543752

I maintain my "important" preferences in user.js for several reasons. Firefox changes frequently and over time user-defined preferences can become obsolete or redundant. For that reason I try to keep the changes minimal and well-documented (the "well" is optional in practice) in comments.

Here's an example (not mine):
https://github.com/pyllyukko/user.js

Many similar projects exist. I'd advise against copying any of these files wholesale (not that you would), but they can be useful to peruse for cherry-picking certain settings.

If you're really serious about web browser tracking/privacy, I'd suggest the Tor Browser. It's a Firefox that has been overhauled and carefully patched for the purpose of privacy. Mozilla has been working on integrating work from the Tor project into Firefox as part of the Tor Uplift project (https://wiki.mozilla.org/Security/Tor_Uplift).
 

ElementDave

Limp Gawd
Joined
May 5, 2013
Messages
364
What’s fun is the discovery that according that website, literally nothing we try to do matters.
There are many similar sites out there. Here's one that's more interesting:
https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/

That one was posted on HN. Here's the link in case you want to read the comments:
https://news.ycombinator.com/item?id=29042791

It's not easy to defeat fingerprinting. Consider the Tor Browser if that's a priority.
 
Top