I wrote a fairly long comment touching on why most browser and extension privacy features are just theatre and in reality tend to reduce privacy:
reddit.com/r/GrapheneOS/c
Services like Panopticlick are also incredibly misleading. Their approach is flawed and the data is tainted.
Conversation
Also gave a shout out to Apple for shipping some genuinely useful privacy features in Safari. There are not many attempts at browser privacy features that I can say that about. It's nearly all privacy theatre. Safari does that too, but they shipped a few genuinely good features.
1
3
In general, extensions reduce privacy. Changing site-visible settings reduces privacy. Deviating from standard content filtering lists reduces privacy. If you use uBlock Origin and you deviate from the standard filters, that can be detected. Sites can enumerate what is blocked.
3
6
Replying to
I disagree with this take. There is "the site" and there is all the 3rd parties "invited" by "the site". Not connecting to the 3rd parties will significantly lower the data mined & sent to countless 3rd parties -- no way this is a reduction of privacy.
1
2
Replying to
That's a misinterpretation of what I said. I called it a useful, opportunistic privacy improvement falling into the same school as antivirus of enumerating badness. It's not a fundamental privacy improvement. Ultimately, it doesn't really work, and just targets low-hanging fruit.
3
If most of the tracking scum was competent enough to even just read its own webserver logs, why do these companies bother with serving hundreds of kilobytes of bullshit JS tracking code for every single page impression?
1
Google Analytics doesn't use fingerprinting. It doesn't get deployed to sites via middleware. It's not deeply integrated into content. So sure, it's easily blocked. It's also not scary. It's doesn't try to bypass using a VPN + Incognito. It's not aimed at tracking individuals.
1
See, this is the issue. People are worried about being tracked by services that are explicitly stated to be gathering analytics and marked as such. Nothing about this is hidden, and it largely doesn't bother trying to evade blocking. Now, what about all the useful content?
1
Even simply talking about third party assets included on a site, a service doing something like providing comments can and does do just as much tracking. However, you can't just opportunistically strip it out since it's part of the functionality.
2
Well, for most sites, I don't give a shit about user comments, so I block them (using uMatrix), including cancers such as Disqus. Just as for most other 3rd party service. On top of that, I contain sites I regularly use or that I login to into different containers inside Firefox.
1
It's one example. You've also clearly given yourself a very unique fingerprint with extensions and your specific configuration and usage of them. The way you describe how you use the browser doesn't sound like a way that gives you the privacy that you're seeking. It stands out.
Many people use uBlock Origin. Many of them leave the subscription settings alone. That does make you stand out to some extent, but you're still in a big crowd. I can't see how it helps to customize things to the point that you even create unique logs with the errors you create.
My fingerprint probably looks more like "curl trying to imitate current Firefox on Windows" than "the guy who googled 'big tits porn' yesterday". And I make sure that fingerprint ends up at as little different parties as possible.
1
Third parties receiving the data and providing code aren't limited to the ones with a presence in the web site's client-side code. For example, with the New York Times, you can happily block Google's client-side assets, but how are you going to block the server-side integration?
2
Show replies