How Amazon Assistant lets Amazon track your every move on the web

I recently noticed that Amazon is promoting their Amazon Assistant extension quite aggressively. With success: while not all browsers vendors provide usable extension statistics, it would appear that this extension has beyond 10 million users across Firefox, Chrome, Opera and Edge. Reason enough to look into what this extension is doing and how.

Here I must say that the privacy expectations for shopping assistants aren’t very high to start with. Still, I was astonished to discover that Amazon built the perfect machinery to let them track any Amazon Assistant user or all of them: what they view and for how long, what they search on the web, what accounts they are logged into and more. Amazon could also mess with the web experience at will and for example hijack competitors’ web shops.

https://palant.info/2021/03/08/how-amazon-assistant-lets-amazon-track-your-every-move-on-the-web/

#amazon #assistant #browser #extension #privacy

What’s in your browser (backup)?

It’s not every day that I wake up thinking about how people back up their web browsers. Mostly this is because I don’t feel the need to back up any aspect of my browsing. Some people lovingly maintain huge libraries of bookmarks and use fancy online services to organize them. I pay for one of those because I aspire to be that kind of person, but I’ve never been organized enough to use it.

In fact, the only thing I want from my browser is for my history to please go away, preferably as quickly as possible. My browser is a part of my brain, and backing my thoughts up to a cloud provider is the most invasive thing I can imagine. Plus, I’m constantly imagining how I’ll explain specific searches to the FBI.

All of these thoughts are apropos a Twitter thread I saw last night from a Chrome developer, which purports to explain why “browser sync” features (across several platforms) don’t provide end-to-end encryption by default.

https://blog.cryptographyengineering.com/2021/03/25/whats-in-your-browser-backup/

#chrome #browser #backup #sync #encryption #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Use the DuckDuckGo Extension to Block FLoC, Google’s New Tracking Method in Chrome

Google has created a new tracking method called FLoC, put it in Chrome, and automatically turned it on for millions of users.

💡 FLoC is bad for privacy: It puts you in a group based on your browsing history, and any website can get that group FLoC ID to target and fingerprint you.

You can use the DuckDuckGo Chrome extension (pending Chrome Web Store's approval of our update) to block FLoC's tracking, which is an enhancement to its tracker blocking and directly in line with the extension's single purpose of protecting your privacy holistically as you use Chrome.

DuckDuckGo Search (via our website duckduckgo.com) is now also configured to opt-out of FLoC, regardless if you use our extension or app.

https://spreadprivacy.com/block-floc-with-duckduckgo/

https://www.theverge.com/2021/4/9/22376110/duckduckgo-privacy-floc-block-chrome-extension-advertising-tech

#ddg #DuckDuckGo #google #FLoC #chrome #browser #ad #targeting #tracking #cookies #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv

Brave disables Chromium FLoC features

https://github.com/brave/brave-core/pull/8468

#brave #browser #floc #chromium #chrome #google #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv

FLoC Block

Prevent Federated Learning of Cohorts aka FLoC ad-targeting code from running in Chrome.

FLoC, short for Federated Learning of Cohorts, is the new mechanism used by Google Chrome to group users into buckets based on their interests. You can read more about it here and why Brave and some other browsers have blocked it here. EFF did some analysis as well.

💡 How does this Chrome Extension help?

If you HAVE to use Chrome but don't like the idea of being grouped into a bucket (aka cohort) based on the websites you visit, this extension is a simple way to prevent FLoC from divulging your "cohort id" to websites. The extension removes document.interestCohort() from every page so that a website cannot get your cohort id.

💡 How do I install this extension?

👉🏼 Download flocblock.zip from https://github.com/ShivanKaul/flocblock/releases/latest. Direct link: https://github.com/ShivanKaul/flocblock/releases/download/v0.0.1/flocblock.zip

👉🏼 Extract extension.

👉🏼 Follow the instructions to load into Chrome.

https://github.com/ShivanKaul/flocblock

#floc #block #chrome #browser #tracking #tool
📡 @nogoolag 📡 @blackbox_archiv

Brave Browser - Spyware Level: High

Brave Browser is a Chromium fork with many interesting features not found elsewhere, such as built-in Adblock and other extensions, fingerprinting protection, a cleaner Preferences menu compared to other Chrome forks, and the (opt-in) ability to automatically support (pay) the websites you visit. The developers describe it as "A browser with your interests at heart."[1] with the built-in privacy protections.

‼️ Spyware Level: High
Brave is self updating software, uses Google as the default search engine, has built-in telemetry, and even has an opt-out rss-like news feed similar to Firefox Pocket. These shouldn't be the things that come to mind if someone were to imagine a privacy oriented browser.

‼️ Whitelisting spyware from Facebook and Twitter
On its website, Brave claims that "Brave fights malware and prevents tracking, keeping your information safe and secure. It’s our top priority."[6]. Yet despite this claim, Brave actually disables its tracking protections for Facebook and Twitter's scripts that allow them to track people across the web.[5] Brave has been actively downplaying the role that JavaScript plays when tracking someone.

"Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat."[7]

This couldn't be more far from the truth. Just because a website isn't able to store cookies, doesn't mean it can't uniquely identify you. Using JavaScript from Facebook and Twitter would be more than enough to track you and blocking cookies alone isn't going to stop that. Just as a quick point of reference to what information JavaScript can scrape, you might want to visit this website.

They later on added an option to the extension to disable all of the JavaScript, but this new feature seems to be nothing more than the JavaScript switch found in vanilla Chromium. They recently added an option here to block some of the scripts from Facebook, Twitter, and LinkedIn after receiving pushback as a result of the controversy.

A quick note on the whitelisting trackers: This specific point on whitelisting trackers isn't making the case of Brave being spyware as much as it's making the case of Brave's privacy features being snake oil.

💡 https://spyware.neocities.org/articles/brave.html

#brave #browser #spyware #thinkabout #snakeoil
📡 @nogoolag 📡 @blackbox_archiv

Read Aloud

Text to Speech Voice Reader extension for your browser

https://github.com/ken107/read-aloud

Firefox: https://addons.mozilla.org/en-US/firefox/addon/read-aloud/

Chromium: https://chrome.google.com/webstore/detail/read-aloud-a-text-to-spee/hdhinadidafjejdhmfkjgnolgimiaplp


#readaloud #tts #browser

Open-source tests of web #browser privacy

https://privacytests.org

France’s browser-based website blocking proposal will set a disastrous precedent for the open internet –Mozzila Blog

"In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"

#censorship
#france #browser #cybersecurity #mozilla #security #surveillance

Cromite

#Cromite is a #Chromium web #browser fork based on #Bromite with built-in support for ad blocking and an eye for privacy.

Available for Android Marshmallow and above (v6.0, API level 23) and Windows.

https://github.com/uazo/cromite

F.A.Q. https://github.com/uazo/cromite/blob/master/FAQ.md

wiki https://github.com/bromite/bromite/wiki

Download https://github.com/uazo/cromite/releases

LibRedirect

A web extension that redirects YouTube, Twitter, TikTok, and other websites to alternative privacy friendly frontends

https://libredirect.github.io

https://github.com/libredirect/browser_extension

#frontends #browser #extension

Hello friends! Today I want to share with you our plans for the next chapter of Ladybird, the truly independent, open source web browser we've been developing from scratch for the past few years.

Ladybird uses a brand new engine based on web standards, without borrowing any code from other browsers. It started as a humble HTML viewer for the SerenityOS hobby project, but since then it's grown into a full cross-platform browser project supporting Linux, macOS, and other Unix-like systems.

But it's still very far from finished. We want to turn Ladybird into a browser that you can use every day for all your web-related tasks. It should be fast, stable, support web standards, and protect your privacy. A browser for you.

Announcing the Ladybird Browser Initiative

#Browser #Ladybird

Ladybird Web Browser Developer Attacked by Unhinged, Dishonest Activists

Unfortunately, within hours of the spotlight being directed at Ladybird, a group of activists launched an all-out-assault on the open source web browser -- by smearing it as "Transphobic", "Mysoginistic", and (this is absolutely not a joke) suggesting that the Ladybird developers actively support and promote human slavery

What vile deed were the developers of Ladybird guilty of, which necessitated such an intense response, you ask?
Well, I'll tell you.
The Ladybird team stated... wait for it...
... that they were a "purely technical project".
Seriously.  That was their crime.  Being "technical".
Here's the details.

Initial post / release announcement

#Browser #Ladybird

IronFox

IronFox is a fork of DivestOS's Mull Browser based on #Firefox that has been discontinued. Our goal is to continue the legacy of #Mull to provide a secure, hardened and privacy-oriented #browser for daily use.

And add the release link to Obtainium: https://gitlab.com/ironfox-oss/IronFox/-/releases

Don't forget to use extensions uBlock Origin and Libredirect only. Adding more extensions will cause fingerprinting and most are false security.
- uBlock Origin
-- add the ai blocklist to uBO

- LibRedirect
-- setup all the sites you want to redirect to and choose your mirrors for them.


Set your default search to 4get
(Captcha) https://4get.ca/web?s=%s
(No captcha) https://4get.ch/web?s=%s

Finally, go through all the ironfox settings and set them how you would prefer them.

Read the gitlab page. Specifically...

Known Issues
Please see the list of known issues and workarounds before opening an issue!

Issues inherited from Mull that still apply to IronFox *(contents adapted from DivestOS's website)*

You should also see here for a list of websites with known issues due to hardening, and what you may need to do to fix them. This list is maintained by Phoenix - so while it isn't specific to IronFox or Mull, many of these problems do still apply.
Ironfox has Phoenix already, but this can be added to other browsers on Android and desktop.

@NoGoolag #browser #alternatives with mitigations, patches etc.
Alpha version release March 6, 2025

FireFox browser options
- Tor Browser (all)
- Mullvad Browser (Desktop)
- IronFox (Android) Read the Known Issues section on the gitlab.
- LibreWolf (mentally ill devs)

Make your own #Firefox with mitigations etc...
- Phoenix / wiki
- Arkenfox user.js / wiki / gui / user-tool / mobile
- Narsil / Narsil Mobile
- Betterfox / Betterfox Mobile
- pyllyukko
- Compare some of the user.js files

Chromium based browser Options
- Ungoogled Chromium (all)
- Cromite (Android, Linux, Windows)

Browser extensions
- uBlacklist
- uBlock Origin or uMatrix (never both)
- LibRedirect (setup your instances for each service in the settings)

Links to block lists...
- Yokoffing
- Celenity/Phoenix
- FilterLists

Set your default search engine to a search proxy
- 4get instances
- Searx instances

Why your favorite browser is not recommended
- Celenity Firefox browser comparisons
- How to choose a browser for everyday use?
- is your browser spyware?
- Choose your browser carefully
- Browsers and the connections they make compared
- Fake Privacy and security

Additional reading...
- Wiki about extensions
- Multiple Extension Conflicts
- uMatrix for beginners
- Firefox user.js install guide
- Arch Linux Firefox Privacy wiki
- Bromite (for knowledge purposes)

Testing your browser
- Fingerprint.com
- How to test browsers for spyware
- Privacytests browser comparison
- Mullvad check
- Bromite fingerprint testing
- IP Leak
- List of test sites A
- List of test sites B


* Thunderbird users should consider taking a look at Dove - Phoenix's sister project.

#web #browsers

A Study on Malicious Browser Extensions in 2025

Browser extensions are additional tools developed by third parties that integrate with web browsers to extend their functionality beyond standard capabilities. However, the browser extension platform is increasingly being ex-ploited by hackers to launch sophisticated cyber threats.

These threats encompass a wide range of malicious activities, including but not limited to phishing, spying,Distributed Denial of Service (DDoS) attacks, email spamming, affil-iate fraud, malvertising, and payment fraud. This paper examines the evolving threat landscape of malicious browser extensions in 2025, focusing on Mozilla Firefox and Chrome.

Our research successfully bypassed security mechanisms of Firefox and Chrome, demonstrating that malicious exten-sions can still be developed, published, and executed within the Mozilla Add-ons Store and Chrome Web Store. These findings highlight the persisting weaknesses in browser’s vet-ting process and security framework.

#Browser

"Browser Fingerprinting Using WebAssembly", 2025.

Abstract—Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized expe- riences, it also raises privacy concerns by enabling persistent
tracking and detailed user profiling. This paper introduces an advanced fingerprinting method using WebAssembly (Wasm)—a low-level programming language that offers near-native execution speed in modern web browsers. With broad support across major browsers and growing adoption, WebAssembly provides a strong foundation for developing more effective fingerprinting methods. In this work, we present a new approach that leverages WebAssembly’s computational capabilities to identify return- ing devices—such as smartphones, tablets, laptops, and desk- tops—across different browsing sessions.

Our method uses subtle differences in the WebAssembly JavaScript API implementation to distinguish between Chromium-based browsers like Google Chrome and Microsoft Edge, even when identifiers such as the User-Agent are completely spoofed, achieving a false-positive rate of less than 1%. The fingerprint is generated using a combination of CPU-bound operations, memory tasks, and I/O activities to capture unique browser behaviors. We validate
this approach on a variety of platforms, including Intel, AMD,
and ARM CPUs, operating systems such as Windows, macOS,
Android, and iOS, and in environments like VMWare, KVM, and VirtualBox.

Extensive evaluation shows that WebAssembly-based fingerprinting significantly improves identification accuracy. We also propose mitigation strategies to reduce the privacy risks
associated with this method, which could be integrated into future browser designs to better protect user privacy.

#Browser #Fingerprinting #WebAssembly #Wasm

This is a list of the connections each #web #browser makes on a fresh install and first use. The obvious big tech culprits are sending your information to data brokers by default. Not everything that is connecting is a threat to privacy but can be. If you are choosing a browser for daily usage be mindful of what it is doing that you can't stop.

https://archive.is/gtqyt

@BonesTechGarage