mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-27 14:12:09 +00:00
Compare commits
3 commits
afcc4fd760
...
425798152f
Author | SHA1 | Date | |
---|---|---|---|
|
425798152f | ||
|
7bb83e8158 | ||
|
44c328d5ca |
2 changed files with 30 additions and 1 deletions
24
content/notes/fingerprinting-and-customization.md
Normal file
24
content/notes/fingerprinting-and-customization.md
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
title: "Fingerprinting and customization"
|
||||||
|
date: 2023-08-28T13:52:11-07:00
|
||||||
|
replyURI: "https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40337#note_2936949"
|
||||||
|
replyTitle: "Wouldn't, say, installing the Dark Reader extension have much less of a privacy impact than disabling RFP altogether?"
|
||||||
|
replyType: "DiscussionForumPosting"
|
||||||
|
replyAuthor: "Allium"
|
||||||
|
replyAuthorURI: "https://gitlab.torproject.org/Allium"
|
||||||
|
syndicatedCopies:
|
||||||
|
- title: 'Tor Project GitLab'
|
||||||
|
url: 'https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40337#note_2937536'
|
||||||
|
- title: 'The Fediverse'
|
||||||
|
url: 'https://pleroma.envs.net/notice/AZCWxOH1fC9CUnxmoi'
|
||||||
|
---
|
||||||
|
|
||||||
|
These addons work by injecting or altering stylesheets in the page, and are trivially detectable. A good rule of thumb is that if it can trigger a CSP violation in the developer console, it is trivial to detect with JavaScript.
|
||||||
|
|
||||||
|
(FWIW: I believe the Tor Browser does disable the Reporting API, so I think some JavaScript will be necessary).
|
||||||
|
|
||||||
|
On "safest" mode with remote JavaScript disabled, certain "dark mode" addons *might* be safe. I think a better long-term solution would be the ability to "freeze" a page: a button or something to prevent the current page from initiating further requests (it's already loaded), running scripts, accessing storage, etc. In this state, a user could use any addons or fingerprinting-compromising settings without risk.
|
||||||
|
|
||||||
|
A good point of comparison is Reader Mode: a user's preferred Reader Mode fonts, line-width, color scheme, etc. aren't fingerprinting vectors. It should be able to stop a site from phoning home or writing to client-side storage to allow for similar levels of customization outside Reader Mode.
|
||||||
|
|
||||||
|
Other sources of inspiration could be the expected behavior for the [`scripting: initial-only` media query](https://drafts.csswg.org/mediaqueries-5/#scripting), and Firefox's built-in "Work Offline" setting.
|
|
@ -263,6 +263,9 @@ cachapa.xyz
|
||||||
: Admin [posts blatant racism](http://archive.today/2023.08.05-185121/https://moar.cachapa.xyz/notes/9huxc4zgtc), [blatantly racist transphobic sui-biat](http://archive.today/2023.08.05-185812/https://moar.cachapa.xyz/notes/9bv4ns2itf).
|
: Admin [posts blatant racism](http://archive.today/2023.08.05-185121/https://moar.cachapa.xyz/notes/9huxc4zgtc), [blatantly racist transphobic sui-biat](http://archive.today/2023.08.05-185812/https://moar.cachapa.xyz/notes/9bv4ns2itf).
|
||||||
: Instance permits lolicon, and runs bots for it such as "Shishihime"; this may be a legal risk, depending on your jurisdiction.
|
: Instance permits lolicon, and runs bots for it such as "Shishihime"; this may be a legal risk, depending on your jurisdiction.
|
||||||
|
|
||||||
|
catgirl.life OR peervideo.club
|
||||||
|
: Both are part of [the Waifu Hunter Club's suite of services](http://web.archive.org/web/20230828181259/https://waifuhunter.club/services/), along with gameliberty.club; see its FediNuke entry. catgirl.life has [the same admin as gameliberty.club](http://archive.today/2023.08.28-181717/https://catgirl.life/@matrix07012), who [has used the domain for block-evasion](http://archive.today/2023.08.28-182409/https://catgirl.life/notes/8wpdshluoy). Like gameliberty.club, both instances also permit lolicon.
|
||||||
|
|
||||||
cawfee.club
|
cawfee.club
|
||||||
: [Racism from multiple users, including admin](https://web.archive.org/web/20230730210913/https://cawfee.club/notice/AY5J5qUA898oge9pa4).
|
: [Racism from multiple users, including admin](https://web.archive.org/web/20230730210913/https://cawfee.club/notice/AY5J5qUA898oge9pa4).
|
||||||
: [Anti-Romani and racist posts from admin](https://web.archive.org/web/20230730211327/https://cawfee.club/notice/AXjafVFrE4C3c48Mm8).
|
: [Anti-Romani and racist posts from admin](https://web.archive.org/web/20230730211327/https://cawfee.club/notice/AXjafVFrE4C3c48Mm8).
|
||||||
|
@ -409,6 +412,9 @@ merovingian.club
|
||||||
midwaytrades.com
|
midwaytrades.com
|
||||||
: Runs [a Libs of TikTok bot](https://web.archive.org/web/20230802162551/https://freesoftwareextremist.com/notice/AYBwS5rDjFaDyIqKtU). [Transphobic and misogynist admin](https://ghostarchive.org/archive/9qO8r).
|
: Runs [a Libs of TikTok bot](https://web.archive.org/web/20230802162551/https://freesoftwareextremist.com/notice/AYBwS5rDjFaDyIqKtU). [Transphobic and misogynist admin](https://ghostarchive.org/archive/9qO8r).
|
||||||
|
|
||||||
|
mirr0r.city
|
||||||
|
: Paraphilia- and pedophilia-focused instance that [explicitly welcomes pro-contacts and neo-Nazis](http://web.archive.org/web/20230828183201/https://mirr0r.city/notice/AVr8KfJybjh4eFdHAO).
|
||||||
|
|
||||||
mouse.services
|
mouse.services
|
||||||
: Admin [posts blatantly racist use of slurs](http://archive.today/2023.08.19-042746/https://miss.mouse.services/notes/9ijlonbgrd), [more racism](http://archive.today/2023.08.19-054501/https://miss.mouse.services/notes/9icb5d8xav).
|
: Admin [posts blatantly racist use of slurs](http://archive.today/2023.08.19-042746/https://miss.mouse.services/notes/9ijlonbgrd), [more racism](http://archive.today/2023.08.19-054501/https://miss.mouse.services/notes/9icb5d8xav).
|
||||||
|
|
||||||
|
@ -654,7 +660,6 @@ wideboys.org
|
||||||
: On the root domain is [a wiki describing how this domain is affiliated with beefyboys.win](https://web.archive.org/web/20230827195937/https://wideboys.org/BEEFYBOYS.WIN). The [beefyboys.win "about" page](https://web.archive.org/web/20230827200822/https://beefyboys.win/about) confirms this.
|
: On the root domain is [a wiki describing how this domain is affiliated with beefyboys.win](https://web.archive.org/web/20230827195937/https://wideboys.org/BEEFYBOYS.WIN). The [beefyboys.win "about" page](https://web.archive.org/web/20230827200822/https://beefyboys.win/about) confirms this.
|
||||||
: Since beefyboys.win is on FediNuke and wideboys.org is part of the same network with staff and member overlap, and wideboys.org still federates on the "blog" subdomain, it's on the list too. But since it only federates via WriteFreely at the time of writing, it looks like a smaller harassment vector so it's demoted to my tier-0 list.
|
: Since beefyboys.win is on FediNuke and wideboys.org is part of the same network with staff and member overlap, and wideboys.org still federates on the "blog" subdomain, it's on the list too. But since it only federates via WriteFreely at the time of writing, it looks like a smaller harassment vector so it's demoted to my tier-0 list.
|
||||||
|
|
||||||
|
|
||||||
{{</ nofollow >}}
|
{{</ nofollow >}}
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
Loading…
Reference in a new issue