This is a most excellent place for technology news and articles.
Does anyone know if there's additional sandboxing of local ports happening for apps running in Private Space?
E: Checked myself. Can access servers in Private Space from non-Private Space browsers and vice versa. So Facebook installed in Private Space is no bueno. Even if the time to transfer data is limited since Private Space is running for short periods of time, it's likely enough to pass a token while browsing some sites.
Not surprising, it's always expected from tech corporations, where at the end of the day it's profit and favor with conservative politicians. If they're not trying to use information gathered on people to bad government looking to cut costs ("saving taxpayers' money") by removing minority beneficiaries, they love to shove content you don't even want.
Why I never use my real name online.
laughs in adguard
Meta should be broken up and its leadership barred from working in tech (or politics)
and its leadership barred ~~from working in tech (or politics)~~
Its russian, i've never used it and never will. Surprised so many 🏴☠️'s advocated for it..
De-anonymising Yandex
Me: Ha! Good thing I am not Russian!
De-anonymising Meta
Me: Damn..and it is hard for me to let go because my social circle use Meta-owned social media and couldn't care less about privacy....I am toast...
I used to be in your situation and one day I just told everyone I was leaving and if they want to contact me they would have to use Signal. You can't change most people's minds and Meta knows it, that's how they keep their monopoly
Phew, glad i dodged that bullet by buying an iphone. (/s)
We found that browsers such as Chrome, Firefox and Edge are susceptible to this form of browsing history leakage in both default and private browsing modes. Brave browser was unaffected by this issue due to their blocklist and the blocking of requests to the localhost; and DuckDuckGo was only minimally affected due to missing domains in their blocklist.
Aside from having uBlock Origin and not having any Meta/Yandex apps installed, anyone aware of additional Firefox settings that could help shut this nonsense down?
I feel like that's all you need. You don't have their apps installed, so the problem is already solved. If you use uBlock Origin to block their trackers, the problem is solved. So you've solved it twice.
Yes and no, I've treated the symptoms, but not the problem. All it takes is a trillion dollar company buying a new domain every once in a while to foil uBlock, and now that it's more known, anyone can create an an app that opens ports and listens for trackers.
Would love it if Firefox would let me block all requests to localhost.
I know that people here generally like to shit on Brave, but it seems that the claim "Privacy by default" has held up in this context.
Isn't that Proton's tagline?
Are you suggesting something like LineageOS is a better choice?
(Seriously asking: I've got a new-to-me Pixel that I'm looking to switch to a degoogled-ish ROM on, and Graphene and Lineage were the two front-runners.)
If it's a Pixel anyway, GrapheneOS has a few nice security and privacy features that LineageOS doesn't have (yet?).
I think both are pretty great and much better than most alternates.
I'm running Graphene and I'm very happy with it.
Block all tracking scripts and use Firefox Nightly with ublock when possible.
Using such a unique browser version is very de-anonymizing.
Could add a user agent spoof?
Even then, most tracking is done through fingerprinting.
Yeah it makes me laugh when people talk about "don't use cookies" or "block ads" like companies didn't switch to more advanced techniques (like hell, I saw a paper where they could fingerprint you just simply by how you interact with the webpage) 15 years ago.
There is no way to use the modern web without getting fingerprinted.
Well “block ads” is also shorthand for “block as many 3rd-party requests as possible while maintaining the desired content” which absolutely improves your privacy and prevents a lot of fingerprinting scripts from ever loading.
That's the thing though, websites have gone away from "fingerprinting scripts" and have started finger printing you by what you serve, how and when you access it, and other things that they can all collect purely on the server side. The rest is just for advertising and data collection for improvements.
All of this is far easier to subvert than tracking scripts (and cookies and port scans) which literally as evidenced by the article in the OP are not techniques that companies have "gone away" from at all, at least not by entirely replacing them.
Not sure about the "nightly" part (as opposed to beta or stable), but yes.
I prefer nightly because about:config is accessible unlike on the mainline version. Does Beta also allow that?
Beta does and unlike nightly doesn't update every night.
There's also Fennec on fdroid if you need something stable with about:config support.
