I mean, who TF is not running with a proper adblocker and multiple other anti-spyware and anti-malware add-ins in their browser?
I’ve been doing so since 2004, when the first adblocker came out for Firefox. Except for system set-ups of client machines and working on the machines of new clients, I haven’t seen an ad in over 20 years.
Of course, you actually need to be running Firefox to have anything approaching an effective in-browser adblocker… Chrome has massively neutered adblockers into near uselessness.
Now granted, most of these will need additional configuration once installed to be effective. Downside is that you need good security knowledge to configure some of these settings. Most can be rather obvious, but some can trip up those without deep knowledge.
For example, Referer Control is particularly subtle, as its only mod requires you to set the referrer to be [REFERER_HOST], and (if it is disabled) to have JS referrer handling active as well.
You really shouldnt need all of these extensions, and the more extensions you use the more fingerprint able you are. May I suggest stock LibreWolf/IronFoxn or Mullvad Browser instead?
No, I’m talking about extension detection being used as part of the process to fingerprint your browser to identitify you as a unique person.
That’s used to track you across websites for ad targeting and other shit such as but not limited to sites displaying different prices to different people based off information they’ve gathered on you and connected to your unique fingerprint.
Fingerprinting effects a lot more than the ads you don’t see due to blocking them and bot detection. Please read up on it more instead of running with assumptions.
This makes sense for extensions that respond to and directly process and interact with page elements, such as Flash or Silverlight.
This makes absolutely no sense if the app has no ability to load or interact with anything in the page. If there is no interactivity - and why would there be, with simple blocking? - there is nothing for an external script to “grab”.
Which security add-ins, an external script can tell - at most - that an in-page element was not loaded by the web browser, but then anyone doing the tracking needs to contend with the dozen-plus add-ins that have the capability to block an element like that. The exact add-in is still not identifiable, only the class or type of add-in that has the functionality to block said element.
I have read through a number of white papers that explore this technology, and to a T,
This is still largely experimental and proof-of-concept
Is still primarily meant to block bots that are trying to mimic humans, and to ensure that the site visitor is actually a salty bag of mostly water
Can only identify apps that are explicitly designed to produce a response, as a core aspect of their purpose and design. Which, by default, fails to include almost all security-based add-ins, which behave more as “black holes” that have never been designed nor have any capability to respond to external queries.
So when a website bitches about you having an adblocker installed, the site cannot tell WHICH ad-blocker is installed, only that ads are not loading because it is not getting any telemetry from them.
So the website cannot track you by your installation of uBlock Origin unless it has that mix of ads that uBlock’s particular DEFAULT blocking pattern can be identified with. And since you can add or remove black lists at will, this becomes an infinite game of whack-a-mole for anyone trying to track you. Plus, other adblockers can load the same black lists, giving the exact same pattern for any website not loading ads from many dozens of different sources.
I believe installed extensions are directly query-able through javascript or html5
The requirement for this is that those extensions need to directly interact with - and respond to - page elements.
Security add-ins are a “black hole” in that the vast majority of them only block, they don’t interact. There is absolutely no way for a website to tell which ad-blocker is installed from purely the ad-blocking component itself. Provided the add-on is constructed properly, it should never respond to any code either on the client-side or server-side, it should only block the browser from not even requesting certain assets in the first place. In fact, a good adblocker should be indistinguishable from a failure of DNS in providing the IP address of the ad server.
The list above is the vast majority of my add-ins. I don’t use any which are sufficiently duplicated in the browser or which are not required for enhanced security.
I am not one of those people with multiple dozens of add-ins.
You say you aren’t one of those people but i genuinely dont believe most of those extensions are needed if youre using hardened Firefox (LibreWolf/IronFox/Mullvad Browser/Tor)
Prettt sure DecentralEyes has been abandoned. I think LocalCDN is the reccomendation now.
I also believe there are ways to configure uBlock Origin to handle referrer stuff, clean links, for smart https stuff, and to handle redirect links as well. Probably something you can do with it for amp links as well.
Also, just know that every extension installed absolutely spikes up your uniqueness to fingerprinting.
Ads?
What ads?
I mean, who TF is not running with a proper adblocker and multiple other anti-spyware and anti-malware add-ins in their browser?
I’ve been doing so since 2004, when the first adblocker came out for Firefox. Except for system set-ups of client machines and working on the machines of new clients, I haven’t seen an ad in over 20 years.
Of course, you actually need to be running Firefox to have anything approaching an effective in-browser adblocker… Chrome has massively neutered adblockers into near uselessness.
Seriously, people:
And for those on mobile:
The average person.
You da real MVP.
Now granted, most of these will need additional configuration once installed to be effective. Downside is that you need good security knowledge to configure some of these settings. Most can be rather obvious, but some can trip up those without deep knowledge.
For example, Referer Control is particularly subtle, as its only mod requires you to set the referrer to be
[REFERER_HOST], and (if it is disabled) to have JS referrer handling active as well.You really shouldnt need all of these extensions, and the more extensions you use the more fingerprint able you are. May I suggest stock LibreWolf/IronFoxn or Mullvad Browser instead?
Problem with multiple adblockers is more with inefficiency and breakage. Use multiple solutions only if they don’t overlap.
Missed Privacy Tweaks, did ya? Look closer.
It lists these tweaks, none of which I understand to have anything to do with extension detection/fingerprinting:
So you’re talking about bot detection and bot denial of a website, then.
Well, I’m not a bot.
No, I’m talking about extension detection being used as part of the process to fingerprint your browser to identitify you as a unique person.
That’s used to track you across websites for ad targeting and other shit such as but not limited to sites displaying different prices to different people based off information they’ve gathered on you and connected to your unique fingerprint.
Fingerprinting effects a lot more than the ads you don’t see due to blocking them and bot detection. Please read up on it more instead of running with assumptions.
This makes sense for extensions that respond to and directly process and interact with page elements, such as Flash or Silverlight.
This makes absolutely no sense if the app has no ability to load or interact with anything in the page. If there is no interactivity - and why would there be, with simple blocking? - there is nothing for an external script to “grab”.
Which security add-ins, an external script can tell - at most - that an in-page element was not loaded by the web browser, but then anyone doing the tracking needs to contend with the dozen-plus add-ins that have the capability to block an element like that. The exact add-in is still not identifiable, only the class or type of add-in that has the functionality to block said element.
I have read through a number of white papers that explore this technology, and to a T,
So when a website bitches about you having an adblocker installed, the site cannot tell WHICH ad-blocker is installed, only that ads are not loading because it is not getting any telemetry from them.
So the website cannot track you by your installation of uBlock Origin unless it has that mix of ads that uBlock’s particular DEFAULT blocking pattern can be identified with. And since you can add or remove black lists at will, this becomes an infinite game of whack-a-mole for anyone trying to track you. Plus, other adblockers can load the same black lists, giving the exact same pattern for any website not loading ads from many dozens of different sources.
https://www.privacyguides.org/en/browser-extensions/
Please give this article a read
Notable section from the Wikipedia article linked there as “stand out”:
I’m not well versed on it, but I believe installed extensions are directly query-able through javascript or html5 on sites loaded by the browser.
The requirement for this is that those extensions need to directly interact with - and respond to - page elements.
Security add-ins are a “black hole” in that the vast majority of them only block, they don’t interact. There is absolutely no way for a website to tell which ad-blocker is installed from purely the ad-blocking component itself. Provided the add-on is constructed properly, it should never respond to any code either on the client-side or server-side, it should only block the browser from not even requesting certain assets in the first place. In fact, a good adblocker should be indistinguishable from a failure of DNS in providing the IP address of the ad server.
Preaching to the choir.
The list above is the vast majority of my add-ins. I don’t use any which are sufficiently duplicated in the browser or which are not required for enhanced security.
I am not one of those people with multiple dozens of add-ins.
You say you aren’t one of those people but i genuinely dont believe most of those extensions are needed if youre using hardened Firefox (LibreWolf/IronFox/Mullvad Browser/Tor)
Prettt sure DecentralEyes has been abandoned. I think LocalCDN is the reccomendation now.
I also believe there are ways to configure uBlock Origin to handle referrer stuff, clean links, for smart https stuff, and to handle redirect links as well. Probably something you can do with it for amp links as well.
Also, just know that every extension installed absolutely spikes up your uniqueness to fingerprinting.
Missed Privacy Tweaks, did ya? Look closer.