Cross Browser Fingerprinting
Many browsers such as Firefox, Florp, Librewolf, Brave, Vivaldi, and Ungoogled Chromium are vulnerable to matches across browsers. Some don't want to hear the truth, but I tried my hardest to help you in this fast visual slideshow..
When all Browsers share the same font, means you are not unique by this. So I do not get what this rebeals.
WebGL you can turn off. Best is probably to use a VPN with mullvad browser. And whenever possible turn off scripts. Or at least 3rd party scripts.
Hey I’m sorry to hear you’re maliciously attacking our project with misinformation. The browsers do NOT have the same fonts, it’s calling upon the same system fonts due to being the same browser family. WebGL can be disabled, but it is NOT by default on most of the browsers here.
Further, Mullvad Browser is horrible, it suffers the baggage of evil Mozilla,
https://simplifiedprivacy.com/web-browsers-become-the-new-os/and-the-program-is-tyranny.html
and you’re closing people off to a much better experience without restricting javascript.
> Hey I’m sorry to hear you’re maliciously attacking our project with misinformation.
I am not. I read your article and could just not follow the logic.
> Further, Mullvad Browser is horrible, it suffers the baggage of evil Mozilla
Mullvad is a fork of Torbrowser, which itself is forked from Firefox. And Tor is in my eyes the best way to have an anonym connection to the internet. This is a wide consensus by many privacy and humanrights activists. Including the nostr:npub1yw90pmtmdsxfx5ncduexz2ghxgkww6wg6zqhjvjc63ny57uqe4ese7flf5
> and you’re closing people off to a much better experience without restricting javascript
Convenience and freedom are inherently against eachother. This is natural.
Do we also need to be cautious of hardware finger printing?
It depends on how define hardware fingerprinting. When websites access canvas, webgl, fonts, they are trying to fingerprinting the graphics card and such. So HydraVeil protects against this.
There are PAST zero-days in CPU that were PATCHED by the manufacturers? Yes, there were.
Is it possible the CIA has a zero-day we don’t know about to attack CPU? Yeah, it’s possible.
But QubesOS might be vulnerable to that also. So we don’t know what we don’t know.
I highly question your knowledge about privacy. Why would you mix browser fingerprinting (privacy) with zero day exploits (security)?
I know that security needs to be ensured, to have privacy and the other way around. But your answer is just very desturbing.
First the security is completely related to the privacy. Second, it’s not just security that evil Mozilla invades, but the structure of browsers itself is designed to empower the web dev and not the end user’s privacy by revealing quite a bit for it to function.
Your comments about forcing users to sacrifice websites using Javascript is the only disturbing thing. And even if you use a VPN with Mullvad browser, you’re still hitting up Cloudflare servers with the same IP. Which we wrote many articles on, and interviewed law enforcement talking about the correlations made. It’s on the site.
To me your comment you just made lacks granularity a lot. When a setting does not make you completly private but still increases the workload to identify you, this is a success.
No matter how good the security and privacy of an entity is. There is always a way to get through. The question is only if your wall is high enough, so the threat actor is not willing to invest the effort needed.
So when FBI says, thay can still identify you even through VPN and JS disabled, does not mean those two actions are useless.
Probably no single decision will be the key to all security and privacy threats. But as more precautions one uses, as higher is the investment to still identify you.
I only want to say, that in reality privacy and security are scales. It is not at all a on and off switch.
Look man, I’m sorry I was rude to you. I don’t disagree with what you wrote here. However, what I’m disputing is that Mullvad Browser with just a regular VPN is a good daily driver. And I kinda view your comments are malicious, even though that is not your intent. I understand you’re just commenting quickly and whatever, but we’re rolling out high value stuff, and it’s sort of mean-spirited to be plugging a WORSE thing.
My earlier point is that using a single IP definitely gets people correlated, and managing which IP goes to which browser and service is not realistic for 99% of people without HydraVeil. So yes, you can pull the “who cares about privacy” routine. Yes you can pull the “don’t use websites with javascript” routine. But at the end of the day, a lot of people need to use these services to function in the real world. And so pushing the government’s browser as the only solution is malicious in my eyes.
Again, I know you don’t view it that way, but I think if you read more of our articles you would. Keep in mind, a lot of us code, write, promote, for barely any money to help people. I mean, do you really want to be hazing to suppress development?
You are really projecting a lot on me. To disable Javascript is a technical improvement on every existing privacy setup. It is clear, that everyone will use websites that only work with JS. So turn them on then. Still better than turning on all Javascript by default.
One can do this kind of conveniently through uBlock Origin plugin or noScript. UBlock works best on Firefox Browser.
Probably a very well documented privacy resource is privacyguides.org
And believe me I am almost reading and listening to privacy best practices and hacker news on a daily basis.
Come up with improvements on my solutions or point out flaws I have. It is very unprofessional how you try to blame me, without critizising my arguments. This is far from fair and malicious.
To which Browser you point when saying "government Browser"?
Hey I think you don't understand the basics. privacyguides sucks, they don't understand the problems and were on cloudflare before instead of preaching against it.
unblock origin is dns blocking specific sites, not the overall fingerprinting, which you can't block CF.
Mullvad browser is Tor, which is government made. They are happy it doesn’t work and blocks people out from the internet unless they do unprivate stuff.
I would consider your line of banter malicious, and all the answers to your questions are on our site. I'm unable to offer more free support for your malicious propaganda, so this will be the last reply.
Sorry just checked out your website. And I see really no good reason to trust this product. Most participants are podcasters, costumer service and so. One security engineer.
There is a clear lack of trust from my side. nostr:npub1renaud65zug8r570ndztde2xhk206z3v50a5mwa3kp2xshy3zmjqkqaw97 did you really go through the project or only published the link after a short read?
To me this seems just not trustworthy enough. No professional articles. LAck of technical descriptions and lack of technickal employees with a knowledgable record.
And I agree with you, that there is no security without privacy. And good privacy implements security most of the times as second line of defense.
