foobuzz | 10 years ago | on: Whitespace Steganography
foobuzz's comments
foobuzz | 10 years ago | on: Prebake: Block EU Cookie Notices with Adblock
This law is so badly designed it is beautiful.
It warns users who don't accept cookies that the website uses cookies, at every connexion. It doesn't warn users who accept them that they're used, putting aside the first connexion.
It should be the other way around. The website should warn the user that a cookie is used when the website just accepted a cookie from the browser. The privacy concern happen at this very moment, when you phone back to the website, not when the website phones you information.
foobuzz | 10 years ago | on: Ask HN: What's the best ad-blocking, privacy-enhancing extension set up?
> Various forms of fingerprinting are blocked/disabled
Be very careful with that. If you're one the few who have the features disabled on a compatible browser, you make your configuration more unique and it becomes easy to identify you.
I'd would also advice not to spoof the User-Agent since the browser can be detected thanks to other parameters and if those ones contradict the User-Agent that's a very specific fingerprint.
I'd also advice not to enable the DNT (Do Not Track) header since it does nothing at all and is used by a minority, so it increases your entropy too.
The combination of your three extensions is very fine as far as I can tell. This is what I would advice in addition to them:
- Whitelist first-party cookie. Make them be deleted when you close the browser (in the privacy settings of Firefox) and whitelist the few sites you need them to be remembered. To whitelist a site on Firefox, click on the thing at the left of its url on the address bar (either a planet or a lock), click on 'More informations...', go to the Permissions tab, scroll to 'Set cookie', uncheck 'Use default' and click the 'Allow' radio button.
Many websites include arbitrary JavaScript that they grabbed in the documentation of some statistic tool or something like that. Such scripts, running directly in the site's pages, can then access first-party cookies.
- Use something else than Google. If you can't deprive yourself of Google results relevance, then use StartPage, it's a Google proxy. They make money by displaying non-targeted self-hosted ads. Unfortunately, I fear that Google might be able to identify you thanks to your queries themselves. Otherwise, just use DuckDuckGo.
- Use your history and bookmarks. Search engines are for discovering new content. To find something you have already seen or to reach a website you already visited, use your history. Ctrl+Shift+H. Or just type some word you remember in the address bar and pick the correct suggestion.
- Use search keywords (https://support.mozilla.org/en-US/kb/how-search-from-address...). They allow you to associate a keyword to about any search form anywhere and then search this form directly in the address bar. This also will reduce your search engine usage.
You should also know that when your browser performs a third-party request, the recipient of the request can know the page you're coming from thanks to the HTTP referer header. It can be disabled in about:config (http://www.technipages.com/firefox-enable-disable-referrer), but I'm not sure it would be a good idea, first because of what I've said about fingerprints in the beginning, second because it might break some websites.
page 1
Most platforms (Twitter, Reddit, Hacker News) accepts those characters so you can paste invisible messages there. The illusion falls down as soon as you use a low-level text editor such as vim which marks exotic characters in a specific manner (by displaying their hexadecimal codepoint, as it happens). This is where whitespace can be more powerful, given its mainstream usage.
[1] https://github.com/foobuzz/ium