this post was submitted on 20 Apr 2022
2 points (100.0% liked)
Privacy
31982 readers
247 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Turns out, he is not talking about the kind of people I fit in. I am using Tor for more than a decade at this point, and have been a very avid I2P torrent user as well since many years. If not the same, I compare pretty well in experience in this aspect.
He is talking about the kind of people who open Panopticon for fingerprint tests and misread the fractions and decimal numbers and information there when comparing, and then scream on reddit with misinterpreted posts aimed to get awards and upvotes at the cost of sanity of many people.
deviceinfo.me is not the kind of site and data used for demonstrations he is talking about. I have a fair amount of experience to make this claim.
To expand on the attacks that are mitigated, avoidance is a better measure than mitigation. Hence the reason why I say noJS is a better policy, the next best is turning on JS manually when needed. Keeping JS on all the time is a fool's errand if they want to go beyond standard levels of privacy and anonymity. The author himself mentions in the last line as a subtle disclaimer why it can be a choice.
You know how gait movements IRL work? Turns out, Google Recaptcha makes very good use of how you move and click with cursor on the captcha boxes. If you thought AI/ML image training was the only thing Google was making users do, now you know something new.
Firefox has a bigger userbase than Tor Browser users, and it is a pretty uncontested claim logically. Firefox has Tor Project's code for anti fingerprinting and per site data isolation upstreamed to Firefox's private browsing mode since the past 15-20 or so versions now.
Does that not make the argument for Firefox stronger for regular daily browsing usage, since it has an even bigger userbase? You can use uBlock Origin and you can enjoy Tor Browser's dFPI and per site data isolation benefits in Firefox's private browsing mode.
You missed where I said how having JS on means you are keylogged easily. Your caps lock is also detectable, just to be clear. You are also forgetting that making strings out of this keylogged stuff, and then applying stylometry analysis is a very easy and cost effective way into unmasking identities behind pseudonyms. I do this myself regularly as part of OSINT investigations. It is how I have also unmasked many sockpuppets on Lemmy, Matrix, Reddit in the past few years.
The author has a very agreeable position with me on what he speaks, but it is like how anti-imperialist viewpoints sound very correct in today's political scenario, but every single nuance does not have to be perfect to get the idea across. He is getting the idea across here, and that is why you are arguing at length with me.
Edit: I think this explanation is lacking. I must expand on it.
First I will get out of the way elements that can be spoofed with JS on:
Now it is time to address elements which having JS on reveals. Feel free to correct me whatever is spoofed by Tor Browser.
Monitor colour depth support may not be a significant issue, as many have standard monitors.
Can you explain me how these are spoofed in Tor Browser while having JS on? I have ignored the fonts as those are spoofed, and there are no timing attack vectors in this list. The last bullet point, if you want to talk about, can be used to identify if someone used a really fast connection ISP at an unusual place and time.
Nameserver connections can be a possible issue with exit node identification, if we are to assume the OPSEC of an average journalist just downloading and using Tor Browser on any machine. If we assume relays can protect them, we have other vectors here, like...
... page scroll and mouse cursor positions, caps lock on or off, last key pressed.
Keylogging, as explained earlier, is a very cost effective way to unmask people. Telling people on top of it to feel free to use a personal Facebook account over Tor network, puts them in the mindset of typing personally identifiable messages, even becoming trackable down to how many errors a person makes and hits Backspace key. Imagine people typing messages under a pseudonym on a forum anonymously in a couple tabs besides the Facebook/Twitter tab, and writing with the same mental personality in mind.
I think this reply now feels a little more apt.
Sorry if way too OT, :( What torrent i2p client are you using? I don't like the idea of vuze with a plugin, neither biglybt. I'm more inclined to something like rtorrent (ncurses, and if used with detached screen, then on any ssh session you can remotely monitor, without needing additional remote accesses or web publishing)...
I use I2P Java client, but you can use I2PD C++ client as well.
ohh, so I can use any torrent client (rtorrent for example), as long as I only use i2p sort of trackers, or so I understand from your post, and also from the wiki, perhaps specifying the binding address and port, or something like that...
I only know of BiglyBT that works with I2P, never tried rTorrent with I2P trackers. I just use the in-browser torrent client whenI need to once in a few months. Sorry if I cannot help here, you might need to hunt some documentation or wiki for I2P port binding.