| 3 Aug 2024 |
 Babba27's Evil Twin (DriftNotSkid) [they|them] | Each tier gets progressively harder to fingerprint. Even if you don't want to disable JS entirely, setting the security level to Safer reduces the amount of JavaScript APIs that are exposed to websites, thereby making fingerprinting more difficult | 23:24:27 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | In reply to @chile09:matrix.org
user/agent? It's very much not recommended to change the user agent in Tor Browser. Doing so will only make you more fingerprintable, not less | 23:25:00 |
 rolodondo34 | but most sites are using CDN hosted JS no? | 23:25:01 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | In reply to @chile09:matrix.org
but most sites are using CDN hosted JS no? If we're talking about fingerprinting, this is irrelevant | 23:25:29 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | If we're talking about cross-cite tracking, that's potentially relevant. But that's a separfate discussion entirely | 23:25:52 |
| rolodondo34 | what is the most common user/agent? | 23:25:56 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | In reply to @chile09:matrix.org
what is the most common user/agent? The default | 23:26:09 |
| rolodondo34 | what is the default | 23:27:06 |
| rolodondo34 | cross-site tracking using cookies? | 23:27:42 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | Well, Tor Browser is based on Firefox, so its user agent defaults to the default for the Firefox version it's based on | 23:28:24 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | Though it does fake the OS you're running on, since there's no need to give that info to websites | 23:28:43 |
| rolodondo34 | but this is a vulnerability? The OS? | 23:29:21 |
| rolodondo34 | how can it be? | 23:29:41 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | Telling websites your OS creates a data point that can be used for fingerprinting you | 23:29:48 |
| rolodondo34 | but it's fake no? | 23:30:23 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | Fingerprinting is about using a combination of innocuous data points to identify someone uniquely. Any time the browser gives a website information that's different for different users, that creates a data point for fingerprinting | 23:30:41 |
| rolodondo34 | right but the OS is faked | 23:30:58 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | Tor Browser solves this by simply reporting the same OS for every user, regardless of what OS they're actually running | 23:31:20 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | It's not enough for the OS info to simply be fake, it needs to be the same as what's reported for everyone else | 23:31:46 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | Technically if you happen to be running the exact OS version it reports, it's not fake, it's accidentally your real OS version | 23:33:18 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | But an attacker has no way to distinguish that | 23:33:31 |
| rolodondo34 | f | 23:38:16 |
| rolodondo34 | Tor Browser solves this no? | 23:45:52 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | I just explained how Tor Browser solves the issue of OS fingerprinting | 23:46:13 |
| rolodondo34 | si claro | 23:46:27 |
| rolodondo34 | gracias | 23:46:32 |
| rolodondo34 | what about GNU Icecat plugins, LibreJS, JShelter? | 23:47:10 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | It's not a problem if Tor Browser accidentally reports your real OS version, because the attacker has no way to know whether it's fake or real | 23:47:11 |
| Babba27's Evil Twin (DriftNotSkid) [they|them] | In reply to @chile09:matrix.org
what about GNU Icecat plugins, LibreJS, JShelter? Tor Browser is more effective | 23:47:24 |
| rolodondo34 | por que? | 23:47:40 |
