/tech/ - Technology★

could be great base for TorBrowser

are there people stupid enough to browse web in clearnet?

STOP

ENOUGH

NO MORE BROWSER THREADS

How is this different from GNU icecat

Isn't this just icecat?

>>1012119

Yeah, normal people.

>>1012128

>>1012126

>without forking the project.

Learn to read you bumb faggots

>another fucking firefox fork

Icecat and tor are the only forks that we need.

>>1012120

‍>90% of our computer use is spent in a browser. It's an important subject.

>>1012146

If you say so, FBI

>>1012114 (OP)

>This project aims at enforcing privacy and security of Firefox without forking the project.

Literally fucking botnet, they didn't disable CSS2 or the countless backdoors in the source.

>>1012200

>countless backdoors

Give some examples, asshole.

>>1012114 (OP)

I still want XUL, so I won't be switching. I would hope that projects like this would give mozilla a kick in the pants, to realize that people still care about privacy, but if they haven't noticed yet, I don't think anything will.

>ESR and Tor version (Librefox TBB Beta)

This is more interesting. I saw anons on nanochan complain about tbbs defaults (eg noscript instead of umatrix). I wonder if it will be a good idea to use this instead or if you will be fingerprinted.

>>1012258

Mozilla doesn't give a fuck about users

Mozilla management is being bribed by (((them))) in order to sabotage browser and make all people migrate to (((Google Chrome))).

>>1012255

I did you giant retard I justed typoed it too. CSS3 is the backdoor you faggot. You can disable javascript, enable adblocks, enable all the about:config privacy settings, and block images. But unless you edit it directly out of the source code CSS3 has known vulnerabilities like this https://archive.fo/Djwrr , and this https://archive.fo/4TE4u making it fucking botnet. So don't use a browser like firefox 52+, chrome, or oprea's recent versions or their forks like librebrowser that include said exploits. Try palemoon 27 which doesn't have any of that botnet.

>>1012114 (OP)

Using a pile of shit as a foundation is still using a pile of shit as a foundation.

>>1012114 (OP)

Why didn't they just do this with fagmoon?

>>1012114 (OP)

How are the performances?

>>1012114 (OP)

>>Dark theme

BOTNET CONFIRMEDD

>>1012114 (OP)

You were quicker than me OP.

Anyway, Mozilla has been ruining Firefox for far too long ... I'll support it however I can

>>1012329

Discard this comment.

>>1012263

Good links, thanks. I'll try to compile it out of Tor Browser...

>>1012292

They really should have... Mozilla has ruined the browser beyond repair.

>no appimage

nah pass, i'll just use ungoogled chromium appimage inside firejail.

>>1012120

the browser situation is important, everything is bad.

>>1012114 (OP)

>Microsoft github

>SHA1

>no pgp signature

>CookieMaster

>https://addons.mozilla.org/en-US/firefox/addon/browser-plugs-privacy-firewall/

µmatrix or µblock origin, when used correctly, does a better work.

>license All Rights Reserved

Proprietary, botnet.

µmatrix or µblock origin, when used correctly, does a better work.

>User Agent Platform Spoofer

Dead project and useless.

µmatrix when configured correctly does a better work.

>First Party Isolation

Dangerous, better to use the "-ProfileManager" option.

This "librefox" is just bullshit.

>>1012353

Thanks, also:

>This project aims at enforcing privacy and security of Firefox without forking the project.

And no uBlock Origin or uMatrix installed by default with sane defaults.

>>1012353

>CookieMaster

µmatrix or µblock origin, when used correctly, does a better work.

>>1012338

>>1012344

>ungoogled chromium

>graphical firewalls and netstat shows a californian google IP

>you had one job

>>>/gas/

>>1012295

This.

>>1012405

>>1012338

Doesn't ungoogled chromium has issues like not updating extensions and not properly deleting local storage?

>>1012114 (OP)

will it support windows 7?

Gecko engine is irredeemable, stop using it.

>>1012735

>THAT SHITSKIN STARTED SHILLING THIS ON LEDDIT A FEW DAYS AGO, WHICH LED TO OP CREATING THIS VERY THREAD

I got from HN actually

>>1012120

Nice try, NSA.

>>1012735

Post an alternative if you're any better.

>>1012735

>Ad hominem on /tech/

>>1012742

dillo

Does a good browser exist?

>>1012756

ungoogled-chromium

though it's still based on chromium - the real problem is the duopoly of google and mozilla

>>1012161

> everything that isn't what I shill is FBI

Does it fix all the broken XUL add-ons? Or am I still stuck using Pale Moon?

>>1012736

Here's that Hacker Jews thread:

http://archive.fo/mXLFF

Shitskin has not only made more than one account there but also French is his first language.

>>1012851

No XUL support sorry so continue to enjoy furrybrowser

>>1012743

Why you didn't call out all the recent larping shit on this entire board?

Whats the point of this when GNU Icecat exists?

pyllyukko userscript

pylly = butt

ukko = old geezer

What about editing the omni.ja archives?

>IJWY (I Just Want You To Shut Up) : embedded server links and other calling home functions are removed (zero unauthorized connection by default).

I just discovered that reading feature lists can induce erections.

>>1012114 (OP)

>it is kept updated with the latest Firefox version.

>ESR

fuck off

If you insist on Firefox, just use ffprofile.

https://ffprofile.com/

But I do recommend other original browsers like netsurf and dillo.

They may not be suitable for all sites, but they work quite well for a lot.

Then you can have firefox as a fallback.

>>1012114 (OP)

I hear nothing but buzzwords and placebo except for "telemetry and similar functions are disabled", which you can just do yourself.

>>1012114 (OP)

Nice to see work being done.

>>1012263

>Try palemoon 27

Fuck off you despicable furry faggot.

That project is pure cancer and everybody knows it.

>>1012735

I don't seen a problem here.

If anything, his contributions to ungoogled-chrome show that he is serious about his commitment.

What is your point, exactly?

>>1018836

Not the anon you are responding, but... Then what better option that let you have good addons is then? I use Palemoon because is good enough, while letting me use Ublock (Not origins, too bad) and Noscript; And by being a browser that isnt too autisic, or restrictive. Any better alternative would be apreciated, but until then, I cant see why bother to go back to Firefox vanilla.

>>1018842

I can't supply any alternatives, just dislike the palemoon project immensely because of the personality cult and inflated ego these folks carry around:

https://github.com/jasperla/openbsd-wip/issues/86

>>1018820

>>1018767

See >>1012353

>>1018843

>>1018836

Both of you can go straight to hell. The end product matters. The project does not, not unless you intend on contributing to it.

Firefox sucks because they turned their back on their core principles and turned into an also-ran Chrome clone. Palemoon, furfaggotry aside, is keeping the idea of a customizable browser for power users alive.

It really isn't hard to improve your situation, regardless of what browser you prefer. Read the guides on mitigating the issues on Pale Moon or Firefox (both can be immensely improved), otherwise look into Ungoogled-Chromium or Icecat. There are also a number of addons that people still don't know about - secret agent which spoofs just about anything that can be, decentraleyes, umatrix, to name a few. spyware.neocities.org is the place to go to learn a bit more about each browser, and digdeeper.neocities.org for other information.

Secondly, if you are using a single browser for all your needs, you don't really deserve any kind of privacy. Split up your habits, however unevenly, between different browsers and force yourself to stick to a regime. Only pure laziness defeats this system.

Waterfox is OK, better than palememe or firefox.

>>1019000

>Waterfox is OK, better than palememe or firefox.

How is Waterfox better than Palemoon?

>>1018965

You do realize that Firefox is as customizable as always. The source code is open and ready for everybody to study how it works.

>>1019098

Learn the difference between the web rendering engine and the UI. The UI is still written in XUL. The UI code is a tiny fraction of the codebase when compared to the rendering engine.

>>1012263

>CSS3

The main problem is with value selection of text boxes by CSS. Why is CSS alowed to do that?

It could be easily fixed or one could just load all images on load instead of making a request when it's changing.

>>1019101

Attribute selectors are cancer anyways and only used for styled checkboxes etc.

We can live without them.

>>1019101

>>1019102

fug I replied to myself

>>1019095

babys first attempt at defending open source

>>1012263

>But unless you edit it directly out of the source code CSS3 has known vulnerabilities like this https://archive.fo/Djwrr

Is anyone surprised that this is caused by yet another C/C++ integer overflow bug, only a month after that systemd bug?

>The flawed code was located in Mozilla's CSS parser and had a trivial bug: When allocating memory to store the font-face references, a 16-bit integer was used for the index. However, when the actual values were filled in, a 32-bit integer was used instead. This inconsistency led to an integer overflow when a stylesheet supplied an exessive number of external font references. Consequently, an attacker could write to unexpected memory locations and turn the index overflow into an arbitrary code execution exploit.

Errors like integer overflow and divide by zero used to be trapped by hardware, so there is only a slowdown when it actually happens, which is rare. Instead, C makes you manually slow down all your code just in case, and it can't even do it by checking the CPU's overflow flag because C's "portable" to shitty hardware like RISCs that have no overflow flag because they're designed for C and UNIX and C has no way to check an overflow flag ("at least the weenix unies know how to USE recursion!").

>Since most of the Mozilla core is written in C++, there is no built-in overflow protection and developers are in charge of dealing securely with the memory. A browser written in Python would likely face very different types of vulnerabilities (and also be painfully slow).

Ada, PL/I, Burroughs Algol, BASIC, Lisp, and many other languages have integer overflow checking, array bounds checking, and the ability to handle and recover from the errors at run-time. In Ada, this bug would be caught at compile time because 16-bit and 32-bit integers are different types and they would probably use a user-defined type anyway.

>and this https://archive.fo/4TE4u

Can't the browser download all these "images" when the page loads like >>1019101 said? The only downside is that sites that use this "technique" would be slower, but they're either using this hack or really shitty web design, so they deserve to be slow.

Why am I retraining myself in Ada?  Because since 1979 I
have been trying to write reliable code in C.  (Definition:
reliable code never gives wrong answers without an explicit
apology.)  Trying and failing.  I have been frustrated to
the screaming point by trying to write code that could
survive (some) run-time errors in other people's code linked
with it.  I'd look wistfully at BSD's three-argument signal
handlers, which at least offered the possibility of provide
hardware specific recovery code in #ifdefs, but grit my
teeth and struggle on having to write code that would work
in System V as well.

There are times when I feel that clocks are running faster
but the calendar is running backwards.  My first serious
programming was done in Burroughs B6700 Extended Algol.  I
got used to the idea that if the hardware can't give you the
right answer, it complains, and your ON OVERFLOW statement
has a chance to do something else.  That saved my bacon more
than once.

When I met C, it was obviously pathetic compared with the
_real_ languages I'd used, but heck, it ran on a 16-bit
machine, and it was better than 'as'.  When the VAX came
out, I was very pleased: "the interrupt on integer overflow
bit is _just_ what I want".  Then I was very disappointed:
"the wretched C system _has_ a signal for integer overflow
but makes sure it never happens even when it ought to".

The latest idea is to build machines (RISC machines with
register windows) which are designed specifically for C
programs and unix (just check out the original Berkeley RISC
papers if you don't believe me: it was a specific design
goal).  Now, people tell me that the advantage of a Sun over
a Lisp machine is that it's a general-purpose machine ("Of
course it's general purpose." they say.  "Why it even runs
unix.").

Hmm, well this example shows that at least the weenix unies
know how to USE recursion!

>>1019157

based

That's not how you spell "waterfox" anon.

>>1012146

This isn't a fork. It's just a script to patch the original Firefox.

>>1012263

>use (((palemoon)))

>default homepage is literal datamining spyware

Kys

>>1019089

It's not as outdated and doesn't default to botnet webpages. But it's still placebo shit.

>>1019110

The only thing to defend is the accusation that Firefox doesn't cater to power users. This is false because the source code is available to all. All power users have complete control over what their version of Firefox will do.

>>1019415

i wan 2 fug sakurako

>>1018843

>blaming the palememe devs for being rude

>not blaming the openBSD devs for not reading the license, doing incredibly stupid shit regardless, and then acting defensive when called out on it

Seriously, using any library version but the ones specified is insanity, doing it silently to someone else's program borders on sabotage.

Completely unsurprising, given the kind of pettiness that is common in Linux land.

>>1018843

> This comment has been minimized. Sign in to view

> This comment has been minimized. Sign in to view

> This comment has been minimized. Sign in to view

> This comment has been minimized. Sign in to view

Fuck that whole site tbh.

>>1019498

I don't see that, both with JS on and off.

>>1012155

IRC*

>>1019398

>oh, you crashed your car, we dont sell our cars with brakes, you should attach them yourself, lol, you should be a mechanic, its available so its ok

The out-of-the-box users should get the best configuration for their privacy right away.

>>1020641

this tbh

SECURE BY DEFAULT

>>1020641

<WAAH WHY DID MY CAR BREAK WHEN I HIT IT WITH A HAMMER?

>That isn't supposed to-

<WAAAH MUH SAFE BY DEFAULT, MUH RELIABLE BY DEFAULT, IT SHOULD HAVE MAGNETIC FIELDS THAT REPEL THE HAMMER

No need to create a new fork. There is Icecat allready.

I guess it's a new fake-privacy browser like Waterfox.

>>1020652

><WAAH WHY DID MY CAR BREAK WHEN I HIT IT WITH A HAMMER?

So firefox being spyware by default is the same for you as an user making an attempt to break the program? Nice.

Better install Windows and tinker a bit, so it'll be as safe and private as OpenBSD.

Web browsers and web (((standards))) are to bloated these days and it's too hard to maintain them easily. Imagine what would happen, if every program was insecure, spyware and bloated by default, but the source code would be available. Where is your hammer now?

Free software is a software that gives it's user control over it. If a software is too big for a human to understand and modify it easily, it can be thought as nonfree. Presence of the source code is not an excuse for program being spyware.

>>1020641

The issue is not even the privacy config per se, the unconfigurable stuff is much more annoying and so is the crippling of extensions.

>>1020652

>openbsd flair

>is retarded

Like pottery

^ user is buttmad he can't even into OpenBSD

>>1020797

It is not common for general software to be perfect to an individual's requirements at the first version. Software has to be custom designed to the user's requirements from the beginning of development. Otherwise, a new project can be made to modify the existing general software to become perfect to the user requirements. The source code means the user should change it whenever they choose. If a software is considered spyware, then it is the user's responsibility to change it so that the spyware functions are removed.

>>1020853

And change it I have. It would be nice if all that work helped more than one user. What the world needs is a good config tool that makes source patching modular and easy. Like greasemonkey with repos, anyone can submit their small patches and power users can choose to change a line or two if they like the code. Then all the autistic source hacking and firefox configs can add up to something.

>>1012263

>Try palemoon 27

Enjoy no canvas fingerprint protection, unique window sizes and unique user agent

>>1020853

>If a software is considered spyware, then it is the user's responsibility to change it so that the spyware functions are removed.

That does not excuse inserting spyware into your program.

>>1019000

It still exist? Firefox defaults to 64bits for a long time now

>>1012263

>CSS3

You'd have to go back before Firefox 3.5 to not have css3 support

>>1021180

Canvas spoofing is built in and can be enabled by an about config setting disabled by default because constant calls to canvas will slow your browser and user agents are trivial to spoof, I'm spoofing mine now. Window sizes are potentially a problem but as far as I know they're only able to be grabbed through js so you're already fucked anyway. Hell, canvas is js anyway.

>>1021183

>That does not excuse inserting spyware into your program.

This

>>1020853

Librefox has proprietary software inside it, it's per default settings aren't secure see post >>1012353

>>1012119

>are there people stupid enough to browse web in clearnet?

Yeah, they're called people who aren't larpers.

>>1021183

Of course not. However, if developers are not working directly for you, then you get whatever they choose to give to you - they have no legal obligation to do what you ask if you're not hiring them to work for you. As a power user, you can use that flawed version as a base for your ideal version of the program.

>>1021441

>they have no legal obligation

Depending on the case, they might very well have a legal obligation not to collect user data, see GDPR.

In any case, autistically discussing legality when the main concern is on the trustworthyness of the developers is a waste of time.

>>1021462

My case is about how today's Firefox doesn't cater to power users. I say this is false because the source code to Firefox is available. This is important because the source code is the ultimate way to change the behavior of what the software (Firefox) will do. Power users who do not like the limitations of the webextension system can choose to modify their version of Firefox to supersede webextension. Power users who believe that Firefox is spyware can choose to modify their version of Firefox to have no spyware. I repeat it once more, the source code is the ultimate way to control what the software is doing and it's all yours to control. You just have to choose to make that investment.

>>1021465

why should the user be expected to fix it for free?

>>1021465

>My case is about how today's Firefox doesn't cater to power users. I say this is false because the source code to Firefox is available.

So, you're an idiot.

Power users being allowed to make do is not the same thing as power users being catered to, so your argument is nonsensical without even getting in the merit of it.

>>1021465

And then it's not firefox anymore. We're talking about the firefox released by mozilla, and that is evidently SPYWARE and ANTI-CONTROl.

>>1021465

>I repeat it once more, the source code is the ultimate way to control what the software is doing and it's all yours to control.

Except that you also need millions of dollars and thousands of developers that Mozilla has to maintain the 2.5GB spaghetti code.

>>1020797

Everything you said is right, but reverse engineers are gods compared to a guy that just wants privacy out of the box, they have to be to survive in this world.

You don't seem to get it. Privacy is dead for 99.99% of the population, and the 0.01% left over can get pwned by Auto CTF AI systems soon. It's a numbers game now.

It's not GNU Icecat (but it could be modified and applied to GNU Icecat).

It's not a fork. It is an after-market modification of the user.js and other config files to make Firefucks Better.

upstream are ghacks-user.js and Pyllyukko's user.js

Although sceners like C*-K* say these mods are useless, I - as an active member of Librefox - think that making FF:

- NOT CALLNG HOME AT STARTUP

- NOT CALLING JEWGLE FOR UNNEDED SERVICES

- REDUCING NETWORK NOISE

Is a good think.

>>1021180 lol

all of three issues are covered, nice try BTW FIRECOCK

Firefox is going to be like windows 10

a barely hackable tool that goes worst everytime a new (((IMPROVED))) version gets released.

EXAMPLE: FIREFOX 65 WILL HAVE a connection service that:

- DNS queries mozilla.org

- HTTP queries a mozilla site that retrieves a fucking text file that reads: SUCCESS

This service is the same type of Windows NCSI or Network Connectivity Status Indicator. An uneeded bloat that opens your system to DNS Hijacking.

>>1012735 OOGA BOOGA THE SANDMAN SCARE

>>1012338 (((appimage))) Well Cum Nu Fag

>>1012114 (OP)

security and privacy when applied to anything webshit related are just buzzwords...

if their slogan was "better UI" then I would have checked them out. you have to be completly oblivious with your dick shoved through your mouth out of your ear and into your ass to think firecuck has any concept of acceptable GUI design. remove that shit from and start from scratch if you're serious about making a browser

>>1022164

The fuck is wrong with you? Firefox is completely open source, unlike windows. Anything you dislike can be completely removed, and is probably removed by IceCat.

>>1012114 (OP)

>Apply this meme

>no restore tabs option

>bookmarks broken

To waterfox I return

>>1026284

how are bookmarks broken? They work fine for me

>>1026285

I don't know man once I applied the patch as they write in (there) github page

Bookmarks were broken and that option to restore tabs disappeared

>>1022136

Cut the bloat out. Also, a small to medium amount of people in (((mozilla))) are (((diversity officers))), and so completely useless. Thus, removable.

>>1022149

You can still have privacy.

>>1012146

IceCat doesn't run on Windows 10 Enterprise.

>>1026292

restore tabs is gone intentionally because of privacy reasons. It's the same reason why some people set their browser to never remember history.

Don't know why your bookmarks failed though

>>1026320

It was made by the kike who invented Javascript which is the source of NEARLY ALL BROWSER SECURITY ISSUES IN EXISTENCE.

Why would I use his copy paste Chrome?

>>1032171 Satania is justice because she is cute! Satania is the best waifu ever!

https://satania.moe/

>>1032205

>>1032196

No pwning has been done. It doesn't matter if they fixed the issue - it shouldn't have been there in the first place. Also, try this: https://spyware.neocities.org/articles/brave.html and especially this: https://digdeeper.neocities.org/ghost/news.html (scroll down to "Facebook and Twitter trackers whitelisted by Brave Browser")

>>1032208

stop shilling your crappy neocities blogs

>>1032212

stop shilling for malicious browser brave

So... are there any good browsers out there? Like netsurf but more compatible?

>>1032217

otter browser maybe

>>1032234

you mean netrunner? it appears to be dead https://gitgud.io/odilitime/netrunner/

this entire thread has been complaining about how shit firefox has become and how retarded mozilla is.

I understand they've made some dumb decisions like cliqz, mr. robot shit, pocket, etc. but if you compile the browser yourself these decisions don't matter.

Has mozilla fucked up the browser in any ways at all? I can definitely agree on pocket being a major fuckup, but apart from that can't really think of many issues.

>>1032771

For examples on how fucked the mozzila firefox codebase is look at palemoon 28+'s git changelog, which is a hardfork of firefox 52 ESR. Theres hundreds of commits just removing telemetry of which they still haven't finished. Not to mention the bug fixes and other shit related to preferences and design.

If you want a compatible with the modern web and mostly unpozzed browser use palemoon 27's codebase which is just a fork of firefox 27 with huge amounts of bugfixes and other nice stuff for javascript compatibility with the newer javascript bullshit, which you can turn off.

If you want a browser that's not shit there is not one, as by definition a browser is shit due to supporting javascript. Best way to browse the web is with a html parser and program to display it along with custom plugins for javascript heavy websites to take the website and convert it to static html for viewing.

>>1032237

>odilidud

kek!

>>1032778

you have to fix the web first. then you can fix the browsers.

>>1032771

unless you can remove all of this: https://digdeeper.neocities.org/ghost/mozilla.html (and that's impossible) then compiling does nothing

>>1032823

icecat and ungoogled-chromium

Does it bring back XUL extensions support or is this just another piece of shit?

>>1032929

>seriously wanting the unmaintainable and undocumented mess that is XUL and XBL

>>1032823

You sound like you'd unironically enjoy a browser called Google Chrome.

>>1032811

Some of this information is great, but the rest is just flat out autistic paranoia.

>>1032811

stop shilling your nigger tier blog

>>1032962

>haha if you want actual answers your a normie lol

There's no point to saying everything sucks

[code]nigger test

nigger test

nigger

>>1026306

Not even with Windows Services for Linux or whatever it's called?

>>1012114 (OP)

>I Just Want You To Shut Up

wow that implies domestic violence against WOMYN we better CoC this project up

<All these anons shilling for cromium

Wasn't it still connected to google even with the modifications?

>>1012263

Yeah palemoon 27 is an acceptable choice for now it is as customizable as firefox was when it was still useful

>>1012119

(we) can track you by the way your writing style.

By the way you post.

By what websites you visit.

Sentence and paragraph structure, Spacing,vocabulary,puncuation, political bent,sense of humor or lack of it, use of pictures and memes for propaganda, your typos, etc.

An internet users' "style" can be analysed and traced across the internet.

If you have ever posted even once anywhere and left a trace of Where your IP address can be found,you've been uncovered and the kept on file.

Tracking you by Canvas (Browser) fingerprinting is another tool we use.

It's an incredibly accurate method of identifying unique browsers and tracking online activity.

Combinations of the following hardware/software are often unique:

Browser

Active plugins

Timezone

Language

Screen resolution

Operating system

Graphics card

Graphics card driver

Installed client fonts…..etc

Only 1 in 486,777 other browsers will share the same fingerprint as another user.

Using an incognito mode on your browser won’t stop this tracking technique either, as the canvas script and system/browser information is still shared.

Techniques such as Deactivation of your JavaScript, or using addons such as Canvas blocker or Adbock hav been circumvented by us.

All this intel is stored in the IABIS.

The Integrated Automated Browser Identification System (IABIS) is a massive database that stores Browser signatures(finger prints) of Billions of internet users.

These browser 'fingerprints' are collected for 'analysis' purposes.

The system is modeled on the Integrated Automated Fingerprint Identification System (IAFIS), since this model is so efficent at identifying.

Tor is compromised but is still the safest, but we are still actively created new Tor exit nodes that we control for MitM attacks

But even Tor can't hide Your "internet style".

We have a profile of you and you can be IDed.

The vast majority of you are just not worth tracking 24/7…yet.

>>1034049

nice LARP faggot

>>1032234

>(I think w3m is unmaintained?)

It was already a complete project by then but the author dropped it and debian took over with a fork. Everyone uses the debian fork at https://github.com/tats/w3m/ , I don't know about other distros, but in gentoo for instance it's the version in their repos.

The fork happened 6 years ago and looking at the last 2 years of commits they're all documentation updates and bugfixes, so I don't think the dykes at Debian will nigger up the project.

I use w3m on a regular basis and recommend it.

>>1034049

>bypassing canvas element blocker when you can compile out canvas

>not taking the individual imperfections of the soundcard's crystal timer via the fingerprintable soundcard driver to get a 1:1 match of a computer's hardware component for tracking

>not doing the above with other hardware

Look at this larper. He's a faggot.

>>1034049

>modeling a system on IAFIS when fingerprinting is pseudoscience

>modeling a system on the basis of imperfections which can be easily faked/incorrectly transmitted due to hardware lacking thorough enough measures or software fucking up by generalizing the measures to get a bullshit reading in the end that matches over 9,000 other fingerprints.

>>1034049

everything that you listed can be changed easily.

>>1034049

Disabling JavaScript eliminates 90% of this.

>Canvas

>Timezone

>Language

>Screen resolution

>Active plugins

>Operating system

>Graphics card

>Graphics card driver

>Installed client fonts

All hidden by default on TorB and can be hidden in Firefox without any addons.

>Browser

Can be masked by Firefox to send the ESR version number. Masked by default on TorB.

>Techniques such as Deactivation of your JavaScript, or using addons such as Canvas blocker or Adbock hav been circumvented by us.

False. CSS can be used for tracking but it's not as good as js. Any non-interactive website can't get any information.

>the way you post.

>websites you visit.

The only legit threats here. First one can be faked, there's software for it. 2nd can be circumvented by using multiple tor identities.

>>1012114 (OP)

I'm using librefox patches but it seems that it I can't even change the default settings after.

Wtf. I'm going to run a connection log next time to see if this is really doing it's job otherwise I'll remove it ASAP

>>1034049

>>1034235

https://www.youtube.com/watch?v=eQ2OZKitRwc

>>1034049

This is actually true. LEA can't actually arrest you or follow your IP without an order, I mean they will but they can't use it in court so they actually have to gather your internet vocabulary.

Never post in the darkweb.

>>1034596 It is completely reverse. I always post dark web or .onion address websites. And I almost never post on surface web.

I also post on 8chan only on http://oxwugzccvk3dk6tj.onion

>>1034653

If you want to help the .onion cause, go over to /sudo/ and tell codemonkey to fix the images being hosted on the clearnet. Images actually were hosted on a .onion but then for some reason I forgot they all go to media.8ch.net now. THE MAIN BENEFIT OF A .ONION IS NOT USING EXITS (and 6 hops) THE MAIN BENEFIT OF AN IMAGEBOARD IS IMAGES REEEEEE

>>1034664

You do know you can manually adjust how many hops tor makes in the source code for tor right? Just change it to 6 or over 9000, compile and install, and it just werkz tm but with more latency because more hops.

>>1034666

I wonder whether if doing that creates yet another fingerprint. You know, while every other request on Tor network gets delivered without much latency, this particular client right here sure takes its time to send data back and forth.

>>1034671

There's an easy solution to that, pad your data. So that it always looks like an arbitrary number of packets are going across the line even if those packets are filled with 0's or randombullshit. Like always transfer whatever the max number of packet size is you are going to transfer. If you are downloading html files at 100MB a second for the max packet size then pad for that size. If you are downloading javascript at 200kb a second for the max packet size then pad for that size.

That way you always look like you are transfering at the same latency. Even if your real latency is like over 9000ms or some shit like that. Only the sender and the reciever should get to know that anyways, not some rouge node.

>Librefox

Nice meme.

>>1034627

WebKit and Blink suck.

>>1034235

Turning off JavaScript can be detected, that's why Tor Browser keeps it enabled.

>>1034690

There's no point in detecting that. It gives you no information.

>>1034585

It's hard to take the guy seriously when he has no idea what he's talking about.

>>1034690

Not really. They leave it on so normies won't get scared off when they can't browse their favorite websites that refuse to work without JavaScript.

>>1034687

Yes it can taken out of older firefox versions. But with newer versions it is very integrated. I'm sure there's a project out there ripping it out in some form from an older version.

>>1034692

>>1034694

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

> There's a tradeoff here. On the one hand, we should leave JavaScript enabled by default so websites work the way users expect. On the other hand, we should disable JavaScript by default to better protect against browser vulnerabilities ( not just a theoretical concern!). But there's a third issue: websites can easily determine whether you have allowed JavaScript for them, and if you disable JavaScript by default but then allow a few websites to run scripts (the way most people use NoScript), then your choice of whitelisted websites acts as a sort of cookie that makes you recognizable (and distinguishable), thus harming your anonymity.

>>1034740

It doesn't harm anonymity and whoever thinks it does is retarded. Removing js literally stops sites from finding out your hardware and software info as well as your mouse and keyboard interactions, plus it prevents malicious js from loading and stops 3rd party scripts and secondary scripts from executing. There is 0 benefit from enabling js. Stop spreading misinformation.

>>1034692

>the guy only states historical facts

>he's sincere that he doesn't know much on opsec but he's learning

>faggot on /tech/ says that he doesn't know what he's talking about without pointing out the problem

Next time you post fallacies like that please to a minute per minute resume of what he said and argument it.

>>1034751

>It doesn't harm anonymity and whoever thinks it does is retarded

Learn Boolean algebra before stating that again.

>>1034755

>Learn Boolean algebra before stating that again.

Are you fucking dumb?

>what information do you learn when a user has js disabled

>that he has js disabled

>literally nothing else

>the rest of the browser fingerprint is non-unique

>you're literally just another unknown person with js disabled

>what do you learn with js enabled

>anything you want

>you can ACTUALLY fingerprint the person

>plus, you can exploit most 0-days easily

>>1034751

>accusing the Tor developers of misinformation

>>1034895

there should be a way to enable limited javascript support that would just make the styling of webpages work but not support anything else. normal webpages will never use 99% of the things that is currently supported but glowniggers can use them for bad things because most people have full js enabled even tho they dont ever need most of it.

>>1035011

It's puzzling why has no one created an extension to block SPECIFIC JAVASCRIPT INSTRUCTIONS - the ones that spy on you.

>>1035032

>implying the line is that clear

You can spy on people with styling, for example by figuring out window size.

>>1035011

>>1035052

>styling

JSSS is fortunately not a thing, Anons.

https://www.w3.org/Submission/1996/1/WD-jsss-960822

Never forget that Internet Explorer's victory over Netscape was good in hindsight.

>>1035011

only absolute trash sites require js, especially if it's for fucking styling which is THE WHOLE POINT OF CSS. Why would you use js for something when CSS can do it?

>>1035032

uMatrix is the next best thing.

>>1034965

The fact that they still didn't add uBlockOrigin and replace noscript with uMatrix tells me that they literally don't give a shit about users.

>>1035135

>only absolute trash sites require js

Invisible ReCAPTCHA

>>1035135

can you make those menus with css tho? many sites use them for things and they wont work without js. even this site does many small but useful things with js(like the post popup when you put the cursor on a quoted id and quick reply) but it does "work" without it too if you can live without some features

>>1035228

>using Chrome

>>1035243

Yes, but Firefox doesn't expose it to the WWW.

https://developer.mozilla.org/en-US/docs/Web/API/Battery_Status_API

>>1035244

ADDITIONAL LINKS

https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/

https://bugzilla.mozilla.org/show_bug.cgi?id=1313580

https://groups.google.com/d/topic/mozilla.dev.platform/5U8NHoUY-1k/discussion

>>1035251

>shill

Nice meme.

>>1035252

No, he's absolutely shilling. "Look, the bad guy Chrome has these spying APIs but the privacy-respecting Firefox doesn't!". Even though they are both as bad as each other.

>>1035254

That's not what was stated.

>>1035255

So why did he link to the FF links? Regardless, we're switching the topic - which was that specific javascript instructions spy on you - and we should be able to disable them.

>>1035262

I posted the links to substantiate my claim. You then went on to post something unrelated to the Battery Status API.

>>1035228

Tell me, why do you reply without reading?

"The line is not clear" does not mean there are no obviously bad APIs.

>>1035393

Why do YOU reply without reading (even your own stuff) ? If there are "obviously bad APIs" then disabling them is the right privacy choice. And the fact that you can still spy on someone through window size or whatever is irrelevant.

>>1035405

>If there are "obviously bad APIs" then disabling them is the right privacy choice.

And firefox already did that, in that case.

>And the fact that you can still spy on someone through window size or whatever is irrelevant.

No it's not, because it means your project is doomed from the start.

>>1035489

>No it's not, because it means your project is doomed from the start.

Do you even know how fingerprinting works? One issue is not enough to fingerprint someone uniquely.

Holy shit, /tech/ is really tech illiterate...

>>1035572

>One issue is not enough to fingerprint someone uniquely.

You forgot that the disabled APIs would be a fingerprint on their own, and you seriously underestimate how much shit adds to fingerprinting while being necessary for non-malicious pages.

Talk about ignorance, huh?

>>1035640

Okay then, let's not block trackers at all because blocking them is a fingerprint on its own...

As this guy >>1034751 mentioned, they get much more data from the actual javascript functions than any hypothetical fingerprint.

>>1035653

>quotes a random anon as authority on the topic

>said anon's opinion goes against that of the biggest anonymity focused project on earth

>not a single source to back up such a bold position, of course

Lol

>>1035664

Are you really dumb enough to believe that ENABLING JAVASCRIPT makes you MORE RESISTANT TO FINGERPRINTING? How fucking stupid can you be?

>>1032234

And dillo?

>>1035665

Don't mind this >>1035664 guy.

He's a fucking winfag and too dumb to know. Maybe he's just butthurt as a node.js developer or a VS pro

>>1035664

>not a single source

ipleak.net

site hasn't even been updated for a long time.

You probably loved the movie 'The Social Network'. You wouldn't ever want to know what facebook.net or google syndication does **not to mention both companies hire hackers and continue to datamine and collect data and interconnect metadata as much as possible.

Want source? Look it up yourself and if you can't then fuck off into nothingness you useless critical theorist. Data scientists exist for a reason.

>>1035694

>>1035665

Nice samefag

>>1035704

Alright so you already made 2 statements without backing them up. Show us the proof that we're samefags and make or send us a site which will show my """unique""" identity while I'm using tor.

>>1035703

>lewding gabriel

how could you do this?

>>1036498

>how can you lewd anything

Rule 34 of the internet

>if it exists, there is porn of it no exceptions

There's porn of commas and what they suppose God looks like for fucks sake. I have images turned off but whatever it is, why are you suprised there is porn of it. granted the porn of God is wholly inaccurate and never could be accurate for various reasons.

>>1035703 We're male, so we want to rape this little girl!