When I first saw your post I didn't have much time and there was absolutely no way that I would be able to read your article and give an adequate respond to it. You chose to post the quote to Nostr, so I decided for the moment to respond to that quote.
You suggest that I was being malicious in my last post. That suggestion seems silly to me. Was there anything incorrect about the response that I gave? It seems to me that I was just being helpful by telling people the Tor browser was always meant to be used with Javascript disabled to prevent fingerprinting. I know that many people are not aware of this fact. I was not intending my post to contradict your article, not that I would shy away from that anyway.
By the way, I just opened your article and woof, it's very long and its difficult to follow. A few suggestions: first of all, a table of contents would go a long way.
Secondly, the way you incorporate images into your article is obnoxious. The images are huge and slow down my reading considerably, especially considering how vertical the article is. If the whole quote is important enough to include in the body of the article then why do you only include a partial quote in the image? Or if the whole quote isn't important enough to include inn the body of the article, then why not just move it to your sources page and the images' alt text? Shoot, doesn't it kind of defeat the point of having an image if you are just going to be printing text in it anyway? For the quotes section of your article, I think you should consider using the image just as an avatar and putting the relevant quote next to it in regular HTML text. Kind of like how some RPGs and visual novels do. And for the non-quote images like memes and diagrams and such, I believe that moving them off to one side so that I can choose when to glance over at them and when to continue reading would help the flow a lot.
Thirdly, the structure of the article is absolutely unhinged. You are constantly switching between
,
, , , , and ![]()
. My mortal mind is incapable of predicting the formatting changes. I just cannot follow the intent of all the choices produced by your divine intellect. Limitations foster creativity. I am convinced that you would be able to make your article just as good with like three fewer HTML section types.Fourthly, I feel like the fact that you included so many quotes at all dilutes your article significantly. It's incredibly based that you stole all of those quotes without getting permission. However I respect you and your own words far more than I respect any of the people you quoted, by simple virtue of the fact that you are here right now on Nostr talking with people and engaging with your audience. Honestly my first impression is that you seem like a pretty technical person. If you wrote the entire article without a single quote, I'd probably believe it. I visited the link because I was genuinely interested to hear your own words, and I am disappointed that they are spread so thin.
Ugh, sorry for all that surface level feedback. I am a strong believer that the biggest threat to personal rights on the internet is a lack of accessibility and approachability for the average user. That's something that draws me to your project, but that also means that your presentation of this technical information is very important to me.
Your app as you've described it seems very interesting. However, the fact that it uses containerization (via Bubblewrap) rather than virtualization (perhaps via something like QEMU) unfortunately presents an unstoppable avenue for fingerprinting. One of the most valuable pieces of information that can be obtained through browser profiling, especially if Javascript gets enabled, is specific hardware information from the device running the browser. If Javascript is enabled then websites will be able to query for hardware information on any browser. (including the Tor browser and Mullvad browser) Even if Javascript isn't enabled, fingerprinters can still determine hardware information for many browsers. I find that Browserleaks is a great source of information on what is possible for browser fingerprinting. Try visiting https://browserleaks.com/webgl in Tor or Mullvad and another browser to see what I am talking about in terms of hardware fingerprinting.
If you are working on a tool to allow users to dodge fingerprinting even with Javascript enabled, then you are touching upon something that could be very valuable. On a surface level, a tool like that is valuable simply by virtue of the fact that it makes it slightly harder for companies to realize that you are hiding your fingerprint. A tool that isolates browsers is also useful because it adds another layer of defense in case of browser exploits. But far more than that, I believe that such a tool would make a massive impact on the accessibility and approachability of anti-fingerprinting tools for the average user. For most everybody, Javascript is an absolutely essential feature, and browser customization is a favorite pastime of many, including myself. Both of which are strongly discouraged when using Tor or Mullvad.
I have actually used Brave's Tor button inside a virtual machine for exactly this reason. I wanted to be able to use an ordinary browser over Tor while still anonymizing my hardware details. Unfortunately at the time I didn't realize that the Tor network does not support UDP, and so voice communication over Tor is impossible even with a tool like yours or a technique like mine. That's an issue that I'm still working on to this day.
I hope that you were able to survive my text wall. I apologize for subjecting you to this unweildly thing. This response took me actual hours to write up, and I don't believe that you deserved any less than that, so I hope you will forgive me for not opening your article earlier. If you made it to this point, I am interested to hear what you think of my feedback. I do see that you have an article on Whonix where you may have said something about virtualization, but I think it's best if I don't open it right now.
