The Elephant In The Background: Empowering Users Against Browser Fingerprinting

Tracking users is a ubiquitous practice in the web today. User activity is recorded on a large scale and analyzed by various actors to create personalized products, forecast future behavior, and prevent online fraud. While so far HTTP cookies have been the weapon of choice, new and more pervasive techniques such as browser fingerprinting are gaining traction. Hence, in this talk, we describe how users can be empowered against fingerprinting by showing them when, how, and who is tracking them using JavaScript fingerprinting.

https://media.ccc.de/v/rc3-113142-the_elephant_in_the_background

#ccc #rc3 #browser #fingerprinting #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Firefox for Android makes it even easier to add new browser extensions

Although Chrome dominates the mobile browser space on Android, Mozilla’s Firefox is a decent alternative with added — but limited — support for third-party extensions that make it a potential candidate for your browsing needs.

Adding new extensions has been a bit of a pain though for a while, so Mozilla has now decided to streamline the process and make it even easier to add or find browser extensions to the Android build of Firefox. Firefox 85 is set to begin rolling out from January 25, 2021, and will include the ability for Android owners to add or install extensions to their mobile browser directly from adding.mozilla.org.

While this is great news, you will still be limited to adding “official” extensions to the Android version of Firefox. The old method of adding extensions using the Add-ons Manager is likely to be removed, as Mozilla confirmed that user confusion meant this new method is being implemented.

"Previously, extensions for mobile devices could only be installed from the Add-ons Manager, which caused some confusion for people accustomed to the desktop installation flow. We hope this update provides a smoother installation experience for mobile users."

https://9to5google.com/2021/01/21/firefox-for-android-makes-it-even-easier-to-add-new-browser-extensions/

#firefox #ff #android #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Brave browser adds support for IPFS

https://brave.com/ipfs-support

Over the past several months, the Brave team has been working with Protocol Labs on adding InterPlanetary File System (IPFS) support in Brave. This is the first deep integration of its kind and we’re very proud to outline how it works in this post.

IPFS is an exciting technology that can help content creators distribute content without high bandwidth costs, while taking advantage of data deduplication and data replication. There are performance advantages for loading content over IPFS by leveraging its geographically distributed swarm network. IPFS is important for blockchain and for self described data integrity. Previously viewed content can even be accessed offline with IPFS! The IPFS network gives access to content even if it has been censored by corporations and nation-states, such as for example, parts of Wikipedia.

#brave #browser #ipfs

Advertising profiles in your browser: Eyeo launches "Crumbs".

More and more companies are trying to position themselves for the post-cookie age, including adblocker manufacturer Eyeo.

With a new plugin, Eyeo, known for its AdBlock Plus browser plugin, is trying to launch a new advertising market. "Crumbs" blocks conventional advertising trackers and instead creates a user profile in the browser to play out privacy-preserving yet personalized advertising.

The browser plugin, which is currently available for Chrome and Firefox, is supposed to filter out the currently omnipresent cookie popups as well as the actual tracking techniques, such as third-party cookies or certain scripts. In addition, Crumbs sends the signal of the Global Privacy Control group to prohibit the sharing of profile information.

In addition to a complete blocking of advertising cookies, Crumbs also offers a sandbox mode, in which cookies are only accepted for appearances, but then deleted again. In addition, advertising requests are to be routed through a proxy so that advertisers cannot draw any direct conclusions about the IP address.

https://crumbs.org/

https://www.heise.de/news/Werbeprofile-im-Browser-Eyeo-startet-Crumbs-5036636.html

#crumbs #trackers #privacy #controll #adblock #browser #plugin
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Supercookie: Browser Fingerprinting via Favicon

Supercookie uses favicons to assign a unique identifier to website visitors.
Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.

The tracking method works even in the browser's incognito mode and is not cleared by flushing the cache, closing the browser or restarting the system, using a VPN or installing AdBlockers.

https://github.com/jonasstrehle/supercookie

#supercookie #browser #tracking
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

This browser extension shows what the Internet would look like without Big Tech

A web without Google, Facebook, Microsoft, or Amazon

The Economic Security Project is trying to make a point about big tech monopolies by releasing a browser plugin that will block any sites that reach out to IP addresses owned by Google, Facebook, Microsoft, or Amazon. The extension is called Big Tech Detective, and after using the internet with it for a day (or, more accurately, trying and failing to use), I’d say it drives home the point that it’s almost impossible to avoid these companies on the modern web, even if you try.

https://www.theverge.com/2021/2/24/22297686/browser-extension-blocks-sites-using-google-facebook-microsoft-amazon

💡 https://bigtechdetective.net/

#DeleteGoogle #delete #microsoft #amazon #browser #plugin #extension #tool
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Google says once third-party cookies are toast, Chrome won't help ad networks track individuals around the web

Notes an 'erosion of trust' – gee, wonder who could be responsible for that...

Google says it will not come up with new ways to track individual netizens as they browse the web once Chrome phases out third-party cookies, commonly used for loosely observing people's online activities.

In effect, the browser will not provide ad networks – and Google runs a very large one – alternative identifiers that can be used to follow individuals around the web, though it's not clear exactly how this will impact Google, which already has a variety of ways to shadow internet users.

Early last year, Google announced a plan to kill off third-party cookies, often used to associate you with the websites you visit so that adverts tailored to your interests can be shown on pages. Google made the move after other major browser makers decided to block third-party cookies by default because the little scraps of data can be abused to subvert privacy, and after regulators made it clear they had concerns about ad tech giants Google and Facebook.

Google aims to replace third-party cookies with its Privacy Sandbox, an umbrella term for a set of proposals from Google and other ad tech firms, to allow behavioral ad targeting to continue without individualized tracking identifiers.

Instead, the ad goliath intends to target broad groups of netizens defined by a common interest – eg, jazz fans – through a system called FLoC (Federated Learning of Cohorts), and at narrower groups defined by past interest-based interaction, through a scheme called FLEDGE (First "Locally-Executed Decision over Groups.")

Google plans to start testing FLoC-based cohorts publicly via origin trials in next month's release of Chrome and to make testing available for advertisers in Q2.

The idea has alarmed the ad industry, which isn't keen to give up the ability to track people and has proposed alternatives like a new identifier based on data like email addresses, normally classified as personal information.

https://www.theregister.com/2021/03/03/google_internet_tracking_pledge/

#google #DeleteGoogle #internet #tracking #advertising #cookies #chrome #browser #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

How Amazon Assistant lets Amazon track your every move on the web

I recently noticed that Amazon is promoting their Amazon Assistant extension quite aggressively. With success: while not all browsers vendors provide usable extension statistics, it would appear that this extension has beyond 10 million users across Firefox, Chrome, Opera and Edge. Reason enough to look into what this extension is doing and how.

Here I must say that the privacy expectations for shopping assistants aren’t very high to start with. Still, I was astonished to discover that Amazon built the perfect machinery to let them track any Amazon Assistant user or all of them: what they view and for how long, what they search on the web, what accounts they are logged into and more. Amazon could also mess with the web experience at will and for example hijack competitors’ web shops.

https://palant.info/2021/03/08/how-amazon-assistant-lets-amazon-track-your-every-move-on-the-web/

#amazon #assistant #browser #extension #privacy

What’s in your browser (backup)?

It’s not every day that I wake up thinking about how people back up their web browsers. Mostly this is because I don’t feel the need to back up any aspect of my browsing. Some people lovingly maintain huge libraries of bookmarks and use fancy online services to organize them. I pay for one of those because I aspire to be that kind of person, but I’ve never been organized enough to use it.

In fact, the only thing I want from my browser is for my history to please go away, preferably as quickly as possible. My browser is a part of my brain, and backing my thoughts up to a cloud provider is the most invasive thing I can imagine. Plus, I’m constantly imagining how I’ll explain specific searches to the FBI.

All of these thoughts are apropos a Twitter thread I saw last night from a Chrome developer, which purports to explain why “browser sync” features (across several platforms) don’t provide end-to-end encryption by default.

https://blog.cryptographyengineering.com/2021/03/25/whats-in-your-browser-backup/

#chrome #browser #backup #sync #encryption #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Use the DuckDuckGo Extension to Block FLoC, Google’s New Tracking Method in Chrome

Google has created a new tracking method called FLoC, put it in Chrome, and automatically turned it on for millions of users.

💡 FLoC is bad for privacy: It puts you in a group based on your browsing history, and any website can get that group FLoC ID to target and fingerprint you.

You can use the DuckDuckGo Chrome extension (pending Chrome Web Store's approval of our update) to block FLoC's tracking, which is an enhancement to its tracker blocking and directly in line with the extension's single purpose of protecting your privacy holistically as you use Chrome.

DuckDuckGo Search (via our website duckduckgo.com) is now also configured to opt-out of FLoC, regardless if you use our extension or app.

https://spreadprivacy.com/block-floc-with-duckduckgo/

https://www.theverge.com/2021/4/9/22376110/duckduckgo-privacy-floc-block-chrome-extension-advertising-tech

#ddg #DuckDuckGo #google #FLoC #chrome #browser #ad #targeting #tracking #cookies #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv

Brave disables Chromium FLoC features

https://github.com/brave/brave-core/pull/8468

#brave #browser #floc #chromium #chrome #google #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv

FLoC Block

Prevent Federated Learning of Cohorts aka FLoC ad-targeting code from running in Chrome.

FLoC, short for Federated Learning of Cohorts, is the new mechanism used by Google Chrome to group users into buckets based on their interests. You can read more about it here and why Brave and some other browsers have blocked it here. EFF did some analysis as well.

💡 How does this Chrome Extension help?

If you HAVE to use Chrome but don't like the idea of being grouped into a bucket (aka cohort) based on the websites you visit, this extension is a simple way to prevent FLoC from divulging your "cohort id" to websites. The extension removes document.interestCohort() from every page so that a website cannot get your cohort id.

💡 How do I install this extension?

👉🏼 Download flocblock.zip from https://github.com/ShivanKaul/flocblock/releases/latest. Direct link: https://github.com/ShivanKaul/flocblock/releases/download/v0.0.1/flocblock.zip

👉🏼 Extract extension.

👉🏼 Follow the instructions to load into Chrome.

https://github.com/ShivanKaul/flocblock

#floc #block #chrome #browser #tracking #tool
📡 @nogoolag 📡 @blackbox_archiv

Brave Browser - Spyware Level: High

Brave Browser is a Chromium fork with many interesting features not found elsewhere, such as built-in Adblock and other extensions, fingerprinting protection, a cleaner Preferences menu compared to other Chrome forks, and the (opt-in) ability to automatically support (pay) the websites you visit. The developers describe it as "A browser with your interests at heart."[1] with the built-in privacy protections.

‼️ Spyware Level: High
Brave is self updating software, uses Google as the default search engine, has built-in telemetry, and even has an opt-out rss-like news feed similar to Firefox Pocket. These shouldn't be the things that come to mind if someone were to imagine a privacy oriented browser.

‼️ Whitelisting spyware from Facebook and Twitter
On its website, Brave claims that "Brave fights malware and prevents tracking, keeping your information safe and secure. It’s our top priority."[6]. Yet despite this claim, Brave actually disables its tracking protections for Facebook and Twitter's scripts that allow them to track people across the web.[5] Brave has been actively downplaying the role that JavaScript plays when tracking someone.

"Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat."[7]

This couldn't be more far from the truth. Just because a website isn't able to store cookies, doesn't mean it can't uniquely identify you. Using JavaScript from Facebook and Twitter would be more than enough to track you and blocking cookies alone isn't going to stop that. Just as a quick point of reference to what information JavaScript can scrape, you might want to visit this website.

They later on added an option to the extension to disable all of the JavaScript, but this new feature seems to be nothing more than the JavaScript switch found in vanilla Chromium. They recently added an option here to block some of the scripts from Facebook, Twitter, and LinkedIn after receiving pushback as a result of the controversy.

A quick note on the whitelisting trackers: This specific point on whitelisting trackers isn't making the case of Brave being spyware as much as it's making the case of Brave's privacy features being snake oil.

💡 https://spyware.neocities.org/articles/brave.html

#brave #browser #spyware #thinkabout #snakeoil
📡 @nogoolag 📡 @blackbox_archiv

Read Aloud

Text to Speech Voice Reader extension for your browser

https://github.com/ken107/read-aloud

Firefox: https://addons.mozilla.org/en-US/firefox/addon/read-aloud/

Chromium: https://chrome.google.com/webstore/detail/read-aloud-a-text-to-spee/hdhinadidafjejdhmfkjgnolgimiaplp


#readaloud #tts #browser

Open-source tests of web #browser privacy

https://privacytests.org

France’s browser-based website blocking proposal will set a disastrous precedent for the open internet –Mozzila Blog

"In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"

#censorship
#france #browser #cybersecurity #mozilla #security #surveillance

Cromite

#Cromite is a #Chromium web #browser fork based on #Bromite with built-in support for ad blocking and an eye for privacy.

Available for Android Marshmallow and above (v6.0, API level 23) and Windows.

https://github.com/uazo/cromite

F.A.Q. https://github.com/uazo/cromite/blob/master/FAQ.md

wiki https://github.com/bromite/bromite/wiki

Download https://github.com/uazo/cromite/releases

LibRedirect

A web extension that redirects YouTube, Twitter, TikTok, and other websites to alternative privacy friendly frontends

https://libredirect.github.io

https://github.com/libredirect/browser_extension

#frontends #browser #extension