Why doesn't Tor browser just automagically run a read-only lightweight Linux VM who's only program is Firefox, and only network connection is proxied through Tor? Seems like that would solve almost every fingerprinting and sandbox escape vulnerability.
Note that Google is not only in the browser business but also the fingerprinting business. They want a future where everything is on the web and where they have an acceptable way of seeing everything everyone is doing.
Realistically, most users use off the shelf hardware so for every machine there are millions that are specced exactly the same. That's not very useful for fingerprinting. It would be a good idea though to stop adding more discriminating features to browsers but as you imagine, that is not the direction Google wants to go to.
For every fingerprinting trick there is an obfuscation trick though. People just need to keep checking the fingerprinting scripts. A great advantage of the web is that you can in fact see the source code.
Also, we expect publishers to embrace the post-ad world. Why would it be easy to block ads so much they stop being viable, but impossible to stop fingerprinting?
I'm getting HTTPS errors on two platforms (and two internet connections) for this website. It seems fairly ironic, but I guess it's just me. Am I doing something wrong?
The article describes it as upstream patch that is disabled by default which allow Firefox to be less discriminative when it comes to accepting patches.
Why use firefox at all? why not something based on libcurl that absolutely does not talk back to the server after reciving the document unless the user clicks on a link or submits a form?
he has a script that he can poke to download the content and email it to himself. then he reads it with emacs or maybe lynx with no networking enabled.
[+] [-] tlrobinson|9 years ago|reply
[+] [-] moondev|9 years ago|reply
[+] [-] orf|9 years ago|reply
[+] [-] BuuQu9hu|9 years ago|reply
[+] [-] noja|9 years ago|reply
[+] [-] bifurcation|9 years ago|reply
https://wiki.mozilla.org/Security/Fingerprinting
https://bugzilla.mozilla.org/show_bug.cgi?id=1041818
[+] [-] SamBam|9 years ago|reply
[+] [-] HappyTypist|9 years ago|reply
[+] [-] nmy|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] tinus_hn|9 years ago|reply
Realistically, most users use off the shelf hardware so for every machine there are millions that are specced exactly the same. That's not very useful for fingerprinting. It would be a good idea though to stop adding more discriminating features to browsers but as you imagine, that is not the direction Google wants to go to.
For every fingerprinting trick there is an obfuscation trick though. People just need to keep checking the fingerprinting scripts. A great advantage of the web is that you can in fact see the source code.
Also, we expect publishers to embrace the post-ad world. Why would it be easy to block ads so much they stop being viable, but impossible to stop fingerprinting?
[+] [-] cupantae|9 years ago|reply
IIDRN says it's up: http://www.isitdownrightnow.com/torproject.org.html
[+] [-] tlack|9 years ago|reply
[+] [-] icebraining|9 years ago|reply
[+] [-] cupantae|9 years ago|reply
[+] [-] saurik|9 years ago|reply
[+] [-] mburns|9 years ago|reply
[+] [-] belorn|9 years ago|reply
[+] [-] kebolio|9 years ago|reply
[+] [-] rahrahrah|9 years ago|reply
[deleted]
[+] [-] swiley|9 years ago|reply
[+] [-] TazeTSchnitzel|9 years ago|reply
[+] [-] cobbzilla|9 years ago|reply
he has a script that he can poke to download the content and email it to himself. then he reads it with emacs or maybe lynx with no networking enabled.
[+] [-] cryptarch|9 years ago|reply