A web browser extension for accessing I2P network anonymously(lemmy.world)

Yes you’re right, but disabling JS also makes you stand out way more wrt fingerprinting, and you can still be fingerprinted with HTML/CSS, TLS and other methods.

permalink

report

parent

[ - ]

EngineerGaming@feddit.nl

5 points

2 months ago

On i2p- and onion-sites, I guess having JS disabled is far more common than on normal internet, so “standing out” is not really a concern.

permalink

report

parent

[ - ]

Lemongrab@lemmy.one

5 points

2 months ago

Disabling JS helps reduce the many many other fingerprintable metrics and replaces it with one. One that is rare, but not uncommon in the worlds of I2P or Tor.

permalink

report

parent

[ - ]

Lemongrab@lemmy.one

4 points

2 months ago

That is not true. On chrome, they could be fingerprinted using the way that extensions load remote assets (which I dont think is still possible). On Firefox, that has not been possible (maybe ever but at least for a while). The way that extensions are fingerprinted requires detecting the way they interact with the web pages DOM, which is not something many extensions do.

permalink

report

parent

[ - ]

refalo@programming.dev

3 points

2 months ago

check out how creepjs implements detection for many common extensions…

permalink

report

parent

[ - ]

Lemongrab@lemmy.one

5 points

2 months ago

The point to my original comment is fingerprint of extensions isn’t straightforward or free, ie requires intentionally designing a fingerprinting technique tailored to identify its behaviour.

CreepJS can really only detect Chrome extensions and very few Firefox ones. On Firefox, it can detect NoScript but not uBlock for example. This isn’t to say that uBlock can’t be fingerprinted, just that it hasn’t yet in CreepJS. Some extension don’t touch the DOM at all or produce any fingerprintable behaviour to the web page, so there for can’t be detected. Some don’t produce weird behaviour until a user interacts with some element in the extension or webpage.

permalink

report

parent

[ - ]

refalo@programming.dev

3 points

2 months ago

Yes you are right. I don’t think there is a realistic way for most people to be anonymous or private online anymore given all these offensive and invasive techniques being used regularly now. Hell cloudflare fingerprints people with TLS alone, and that doesn’t care about javascript or anything else above it.

permalink

report

parent

Show more comments

[ - ]

Redjard@lemmy.dbzer0.com

3 points

2 months ago

I don’t see any extension info and I don’t see how there could be any. There isn’t any api for gaining this info in ff at the very least.

There are other issues, but most extensions can in fact not be detected by websites, unless they specifically add something that makes them detectable.

permalink

report

parent

[ - ]

refalo@programming.dev

1 point

2 months ago

perhaps you should look up how creepjs implements detection for known extensions

permalink

report

parent

[ - ]

Redjard@lemmy.dbzer0.com

0 points

2 months ago

I found this is the only thing I found on a quick search.
It would indicate that chrome does disclose addons (so maybe don’t use it for yet another reason).
For Firefox you can only look for changes typically performed by an addon, something like adblock should be detectible but networking layer stuff like an I2P tunnel should definitely not be.

Most firefox addons dont even have the permissions needed to change anything a website could observe.

permalink

report

parent

[ - ]

refalo@programming.dev

1 point

2 months ago

Most firefox addons dont even have the permissions needed to change anything a website could observe.

Very strong disagree, I have seen and used many very widely used extensions that manipulate the DOM, which IMO satisfies your criteria of “something that can be observed” i.e. by javascript with a fingerprint tracker like creepjs.

Some examples:

ad blockers (uBO/uMatrix/etc.)
color/theme management (dark reader/dark theme/Stylish/etc.)
custom mouse cursor managers
page translators
addons serving in-browser ads
userscript managers (grease/tamper/violentmonkey etc.)
privacy blockers (CanvasBlocker/JShelter/etc.)
site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)

All of these can be detected and included as yet another bit of data that a unique fingerprint can be built from.

permalink

report

parent

[ - ]

Redjard@lemmy.dbzer0.com

3 points

2 months ago

Yes, those could be detected.
Ill see how large that portion is on my system in a bit, but I would expect it to come out as the minority.

Non-detectible ones I can think of rn:

Tab muting manager
VPN manager
link redirect skippers
stats printers, like a tab counter
dynamic shortcuts, like opening the archived version of the current page on archive.org
old reddit redirect
cookie managers

Many more of the ones you listed won’t be detectable on most websites.

userscript managers (grease/tamper/violentmonkey etc.)

A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.

User theme managers should be similar, but I can’t comment on them as I don’t use any.

page translators

Translators are only detectible when enabled.

addons serving in-browser ads

Why would you have an addon that serves ads?

site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)

Are site-specific, i.e. not detectible anywhere else

privacy blockers (CanvasBlocker/JShelter/etc.)

Please don’t use those anymore, use only uBo. Same for uMatrix.
uBo is pretty good about not being detected, for obvious reasons.

permalink

report

parent

Show more comments

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
Don’t promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

Community stats

8K
Monthly active users
1.4K
Posts
18K
Comments

A place to discuss privacy and freedom in the digital world.

Some Rules

Related communities

Chat rooms

Community stats

Community moderators