View previous topic :: View next topic |
Author |
Message |
Terry_Davis n00b
Joined: 20 Dec 2019 Posts: 35
|
Posted: Thu Jan 02, 2020 2:32 pm Post subject: the least amount of tracking of any browser |
|
|
Admin edit: Split from Moving from Gentoo to Arch?. --pjp
AJM wrote: | gigel wrote: | right, chrome and firefox are rubbish just because they take 4 days to compile.let's just use links cause it compiles in a flash, or better yet, lets use telnet or openssl cause we are so l33t that we render http directly with our brains. |
It's not about being l33t |
Not just that, but Pale Moon & ungoogled-chromium have the least amount of tracking of any browser. People like to claim these are less secure because they don't get updated as quickly as Chrome & Firefox, but I don't think the evidence supports that view. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Fri Jan 03, 2020 11:31 am Post subject: |
|
|
Browsers don't need javascript anti-tracking measures when the useragent screams "I'm a unique snowflake" in every request. |
|
Back to top |
|
|
Terry_Davis n00b
Joined: 20 Dec 2019 Posts: 35
|
Posted: Sat Jan 04, 2020 2:33 pm Post subject: |
|
|
Ant P. wrote: | Browsers don't need javascript anti-tracking measures when the useragent screams "I'm a unique snowflake" in every request. |
So use a browser that includes tracking because otherwise you'd be too unique? Silly... User agent switcher and many other plugins can help. Plus, what's the evidence that ungoogled-chromium looks so unique? |
|
Back to top |
|
|
gengreen Apprentice
Joined: 23 Dec 2017 Posts: 150
|
Posted: Mon Jan 06, 2020 1:30 pm Post subject: |
|
|
The web dilemma now :
Using the web "securely" by using sane browser, without javascript at the cost of the privacy.
Using the web "privately" by using torbrowser/tails or Firefox at the cost of the security. |
|
Back to top |
|
|
spork_kitty Tux's lil' helper
Joined: 05 Jul 2019 Posts: 124
|
Posted: Sun Jan 12, 2020 5:20 pm Post subject: |
|
|
gengreen wrote: | The web dilemma now :
Using the web "securely" by using sane browser, without javascript at the cost of the privacy.
Using the web "privately" by using torbrowser/tails or Firefox at the cost of the security. |
Well put. To me it's evidence that something is very wrong with the Web. Protocols shouldn't demand so much information leakage: it's not the server's business which fonts I'm capable of displaying or the MIME-types I'll accept, etc.
A smart animal doesn't venture into hazardous environments, and the Web is hazardous. Besides, most of the content is clickbait of some sort or another. |
|
Back to top |
|
|
Terry_Davis n00b
Joined: 20 Dec 2019 Posts: 35
|
Posted: Mon Jan 13, 2020 1:23 pm Post subject: |
|
|
gengreen wrote: | The web dilemma now :
Using the web "securely" by using sane browser, without javascript at the cost of the privacy.
Using the web "privately" by using torbrowser/tails or Firefox at the cost of the security. |
But isn't the best of both words to use firejail + Pale Moon or ungoogled-chromium? Yes, the Firefox & Chrome devs will have edge in patching, but running in a jail will cover most of the risks, right? I kind of refuse to believe that we must pick privacy or security - especially because they are tied: if you can't keep certain information private, then you cannot keep it secure. |
|
Back to top |
|
|
AlexJGreen Tux's lil' helper
Joined: 19 Sep 2018 Posts: 149
|
Posted: Mon Jan 13, 2020 6:53 pm Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:32 am; edited 1 time in total |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Mon Jan 13, 2020 7:56 pm Post subject: |
|
|
Terry_Davis wrote: | Ant P. wrote: | Browsers don't need javascript anti-tracking measures when the useragent screams "I'm a unique snowflake" in every request. |
So use a browser that includes tracking because otherwise you'd be too unique? Silly... User agent switcher and many other plugins can help. |
Try that with Panopticlick and see how far it gets you. There's a reason Tor Browser says not to install extensions.
Quote: | Plus, what's the evidence that ungoogled-chromium looks so unique? |
Simple: it patches max_connections to a non-default value. That's trivial to detect without javascript. I'm sure at least one of the other three dozen behaviour-altering patches leak information through side channels too.
It doesn't sound like you understand the threat model here, if you even have one defined at all. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Tue Jan 14, 2020 3:07 am Post subject: |
|
|
Terry_Davis wrote: | But isn't the best of both words to use firejail + Pale Moon or ungoogled-chromium? |
Where do I get this "ungoogled-chromium" package? _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
Terry_Davis n00b
Joined: 20 Dec 2019 Posts: 35
|
Posted: Tue Jan 14, 2020 7:16 pm Post subject: |
|
|
Ant P. wrote: | Terry_Davis wrote: | Ant P. wrote: | Browsers don't need javascript anti-tracking measures when the useragent screams "I'm a unique snowflake" in every request. |
So use a browser that includes tracking because otherwise you'd be too unique? Silly... User agent switcher and many other plugins can help. |
Try that with Panopticlick and see how far it gets you. There's a reason Tor Browser says not to install extensions.
Quote: | Plus, what's the evidence that ungoogled-chromium looks so unique? |
Simple: it patches max_connections to a non-default value. That's trivial to detect without javascript. I'm sure at least one of the other three dozen behaviour-altering patches leak information through side channels too.
It doesn't sound like you understand the threat model here, if you even have one defined at all. |
Good points. I guess I have skewed the question to mean "how important is the information they can get from me if I've done everything right." Not an easy to assess threat model when we don't know how the surveillance program works exactly - assuming that's the threat we're discussing? |
|
Back to top |
|
|
spork_kitty Tux's lil' helper
Joined: 05 Jul 2019 Posts: 124
|
Posted: Wed Jan 15, 2020 1:20 am Post subject: |
|
|
wrt browsers and fingerprinting, why should browsers continue to leak all this information during exchange? Surely HTTP won't break if you stop sending a User-Agent string, MIME-type list, and font list.
Browsers gave up this information, people wrote them to do it. Who trusts them to get this new, half-baked thing right? Commercial interests have spent the past decade steering the W3C this way and that, and try to raise the bar for providing your own services so people will depend on them. They demonstrably cannot be trusted.
I'd like to see a competitor to the W3C; ideally, a group that won't allow commercial interests to influence their decisions.
I'll settle for an opinionated browser that actually cares about the user and takes technical steps to cut the data faucet off at the source, instead of copying their competitor and virtue signaling like Mozilla does.
The Web is a hot mess. |
|
Back to top |
|
|
Terry_Davis n00b
Joined: 20 Dec 2019 Posts: 35
|
Posted: Wed Jan 15, 2020 1:31 pm Post subject: |
|
|
spork_kitty wrote: | wrt browsers and fingerprinting, why should browsers continue to leak all this information during exchange? Surely HTTP won't break if you stop sending a User-Agent string, MIME-type list, and font list.
Browsers gave up this information, people wrote them to do it. Who trusts them to get this new, half-baked thing right? Commercial interests have spent the past decade steering the W3C this way and that, and try to raise the bar for providing your own services so people will depend on them. They demonstrably cannot be trusted.
I'd like to see a competitor to the W3C; ideally, a group that won't allow commercial interests to influence their decisions.
I'll settle for an opinionated browser that actually cares about the user and takes technical steps to cut the data faucet off at the source, instead of copying their competitor and virtue signaling like Mozilla does.
The Web is a hot mess. |
Yes, and not Brave, which seems to be controlled opposition. Very strange how Eich donated such a tiny sum ($1000) against gay marriage, while seeming a bit gay himself, and then it somehow: a) got out b) was enough to have him fired from Mozilla, and c) had a renegade industry-shaping browser ready in no time (which happens to explicitly whitelist Twitter & Facebook tracking, while advertising itself as the most ad-free)...
"The best way to control the opposition is to lead it ourselves" -- Lenin. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Wed Jan 15, 2020 6:43 pm Post subject: |
|
|
You can lock down known trackers by adding them to your /etc/host and send them to IP 0.0.0.0. I've found this very effective. I get my list of trackers from the antiX-advert-blocker which I have installed on an MX-Linux virtual machine -- those lists, however are widely available. Search for them and, of course, your mileage may vary.
Then lock down the browser of your choice. I think Vivaldi is a good choice for that. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
Terry_Davis n00b
Joined: 20 Dec 2019 Posts: 35
|
Posted: Thu Jan 16, 2020 9:36 am Post subject: |
|
|
figueroa wrote: | You can lock down known trackers by adding them to your /etc/host and send them to IP 0.0.0.0. I've found this very effective. I get my list of trackers from the antiX-advert-blocker which I have installed on an MX-Linux virtual machine -- those lists, however are widely available. Search for them and, of course, your mileage may vary.
Then lock down the browser of your choice. I think Vivaldi is a good choice for that. |
I wonder why more people don't use or add this method on top of their ublock origin use... Does it really cover the same cases? Perhaps a good idea is to use a process that pulls the latest lists from sources like ublock and adds them to /etc/hosts? |
|
Back to top |
|
|
spork_kitty Tux's lil' helper
Joined: 05 Jul 2019 Posts: 124
|
Posted: Sun Jan 19, 2020 11:38 pm Post subject: |
|
|
Terry_Davis wrote: | figueroa wrote: | You can lock down known trackers by adding them to your /etc/host and send them to IP 0.0.0.0. I've found this very effective. I get my list of trackers from the antiX-advert-blocker which I have installed on an MX-Linux virtual machine -- those lists, however are widely available. Search for them and, of course, your mileage may vary.
Then lock down the browser of your choice. I think Vivaldi is a good choice for that. |
I wonder why more people don't use or add this method on top of their ublock origin use... Does it really cover the same cases? Perhaps a good idea is to use a process that pulls the latest lists from sources like ublock and adds them to /etc/hosts? |
I mean, it's just a cronjob away. |
|
Back to top |
|
|
Budoka l33t
Joined: 03 Jun 2012 Posts: 777 Location: Tokyo, Japan
|
Posted: Sat Jan 25, 2020 2:39 pm Post subject: |
|
|
figueroa wrote: | You can lock down known trackers by adding them to your /etc/host and send them to IP 0.0.0.0. I've found this very effective. I get my list of trackers from the antiX-advert-blocker which I have installed on an MX-Linux virtual machine -- those lists, however are widely available. Search for them and, of course, your mileage may vary.
Then lock down the browser of your choice. I think Vivaldi is a good choice for that. |
This is very interesting. Can you expand on this a little more or point me to a Wiki? I'd like to try this. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Sat Jan 25, 2020 9:28 pm Post subject: |
|
|
Study my home-brewed script, below. I use it to download fresh sources to use in customizing my own /etc/hosts file, which I do manually. Presently, I only use the content from https://someonewhocares.org/hosts/
Code: | #!/bin/sh
# Runs in /scratch/bin/ and requires directories /scratch/bin/hosts and /scratch/bin/hosts/hosts.bak/ to pre-exist. Adjust script to layout differences or changes.
# /etc/hosts advert blockers used in antiX-advert-blocker
# https://hosts-file.net/
mv /scratch/bin/hosts/hosts-hphosts-file.txt /scratch/bin/hosts/hosts.bak/
wget http://hosts-file.net/ad_servers.txt -O /scratch/bin/hosts/hosts-hphosts-file.txt
#https://someonewhocares.org/hosts/
mv /scratch/bin/hosts/hosts-someonewhocares.txt /scratch/bin/hosts/hosts.bak/
wget http://someonewhocares.org/hosts/zero/hosts -O /scratch/bin/hosts/hosts-someonewhocares.txt
#https://pgl.yoyo.org/adservers/
mv /scratch/bin/hosts/hosts-yoyo.txt /scratch/bin/hosts/hosts.bak/
wget 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext' -O /scratch/bin/hosts/hosts-yoyo.txt
#http://winhelp2002.mvps.org/hosts.htm
mv /scratch/bin/hosts/hosts-mvps.txt /scratch/bin/hosts/hosts.bak/
wget http://winhelp2002.mvps.org/hosts.txt -O /scratch/bin/hosts/hosts-mvps.txt |
Notes about above: I have a personal bin directory that is in my path, located in the partition /scratch, in which I store my home brewed shell scripts. To use my script, you'll need to modify it for your own layout. In my script, the adblocker source files are kept in /scratch/bin/hosts which I use as a working directory. Running the script moves the old adbock source files into a backup directory /scratch/bin/hosts/hosts.bak then downloads up-to-date content from their respective repositories. My script makes no changes to the file /etc/hosts
You can find the AntiX advert blocker script here: https://github.com/antiX-Linux/advert-block-antix/ Study the script to learn how it works. Requires yad. I am not the creator.
I send the blocked ad sites to 0.0.0.0 with good results. Your mileage may vary.
As time allows, I plan to use some of the fancy text processing techniques used in the antiX script to:
1. Concatenate all the adblocking files
2. Use sed normalize the concatenated destination file
3. The use sort unique to both sort the results and discard duplicates into a file I can just add to the end of my /etc/hosts file manually.
In the antiX script, that section that does the text processing is at "function build_adlist_all." Happy reading. After I've done my own thing, I'll post a new script to the forum, trying to make it less dependent on my personal wacky partition and directory layout. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3345 Location: Rasi, Finland
|
Posted: Sat Jan 25, 2020 10:17 pm Post subject: |
|
|
I use that same source as a list of bad domains. I don't know exactly how many years I've been using it, but it sure is a gold mine of some sort. :) _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Sun Jan 26, 2020 2:47 am Post subject: |
|
|
While researching /etc/hosts file size limits (I didn't find a limit.) I ran across this interesting site from Windows Vista days about blocking sites with the hosts file:
http://www.ericphelps.com/scripting/samples/Hosts/ _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Sun Jan 26, 2020 3:16 am Post subject: |
|
|
In my enthusiasm I've spend the last hour normalizing the script to retrieve lists of hosts to block so it uses an ordinary users /home/user/hosts directory as a working directory. /home/user/hosts and /home/users/hosts/hosts.bak directories must already exist. Here are the scripts.
hosts-wget.scr
Code: | #!/bin/sh
# /etc/hosts advert blockers used in antiX-advert-blocker
# Runs as ordinary user and requires directories /home/user/hosts and /home/user/hosts/hosts.bak/ to pre-exist as working directories. Adjust script to layout differences or changes.
# lines beginning with mv command are just backing up previously retried files
# https://hosts-file.net/
mv ~/hosts/hosts-hphosts-file.txt ~/hosts/hosts.bak/
wget http://hosts-file.net/ad_servers.txt -O ~/hosts/hosts-hphosts-file.txt
#https://someonewhocares.org/hosts/
mv ~/hosts/hosts-someonewhocares.txt ~/hosts/hosts.bak/
wget http://someonewhocares.org/hosts/zero/hosts -O ~/hosts/hosts-someonewhocares.txt
#https://pgl.yoyo.org/adservers/
mv ~/hosts/hosts-yoyo.txt ~/hosts/hosts.bak/
wget 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext' -O ~/hosts/hosts-yoyo.txt
#http://winhelp2002.mvps.org/hosts.htm
mv ~/hosts/hosts-mvps.txt ~/hosts/hosts.bak/
wget http://winhelp2002.mvps.org/hosts.txt -O ~/hosts/hosts-mvps.txt |
hosts-build.scr
Code: | #!/bin/sh
# Compansion script to hosts-wget.scr to automatically concatenate files retrieved by that script, normalizing them, and finally doing a sort unique into an output file.
# Runs as ordinary user and requires directories /home/user/hosts and /home/user/hosts/hosts.bak/ to pre-exist as working directories. Adjust script to layout differences or changes.
# suppress comments,
# suppress empty lines,
# replace tabs by spaces,
# replaces double spaces with single spaces,
# replaces any instance of 127.0.0.1 at beginning of line with 0.0.0.0
# remove lines not beginning with a number,
# suppress \r at end of line
# then sort unique by field 2 (url)
cat ~/hosts/*.txt | \
sed '/^#/d' | \
sed '/^$/d' | \
sed 's/[\t]/ /g' | \
sed 's/ / /g' | \
sed 's/^127\.0\.0\.1/0\.0\.0\.0/g' | \
sed -n '/^[0-9]/p' | \
tr -d '\015' | \
sort -u -k 2 \
> ~/hosts/adlist-all
|
The resulting file is almost 67,000 lines long, 2.2M. The scripts work. The idea is that you may add the output file adlist-all to the end of your /etc/hosts file. You don't have to use all those input files, of course. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sun Jan 26, 2020 4:36 am Post subject: |
|
|
Terry_Davis wrote: | I wonder why more people don't use or add this method on top of their ublock origin use | It Isn't new. Some reported problems, perhaps due to using Windows as a client, or perhaps 127.0.0.1 instead of 0.0.0.0. Others decided there were better solutions than managing tens of thousands of lines in /etc/hosts (such as predecessors to apps like uBlock Origin).
ad-blocking with your hosts file (forum topic)
Can a long /etc/hosts file slow DNS lookup? (serverfault) _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Sun Jan 26, 2020 4:57 am Post subject: |
|
|
You could combine all the adjacent sed calls into a single call with multiple expressions. |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3345 Location: Rasi, Finland
|
Posted: Sun Jan 26, 2020 12:28 pm Post subject: |
|
|
Hu wrote: | You could combine all the adjacent sed calls into a single call with multiple expressions. | I was going to say the same, but then I thought if sed has any multithreading capabilities... So if dealing with lots of data, splitting the processing for several sed processes might yield to faster processing. _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Mon Jan 27, 2020 3:13 am Post subject: |
|
|
Hu wrote: | You could combine all the adjacent sed calls into a single call with multiple expressions. |
But, the script goes through 67,000 lines in about 1 second, so there is no need to save time, and using separate rows in the script helps others understand the process. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Mon Jan 27, 2020 4:16 am Post subject: |
|
|
You can still list the expressions on separate rows, while passing them all to a single sed. Code: | sed -e expr1 \
-e expr2 \
-e expr3 |
next-tool |
|
|
Back to top |
|
|
|