OmniNegro 155 Posted ... Hello. The purpose of this thread is to allow everyone to make themselves less visible on the Internet by having the same exact set of extensions and addons that help form the browser fingerprint as recognized by Panopticlick.https://panopticlick.eff.org/So first we should look at what Panopticlick finds.Disregard the "number of bits" and instead look at "one in x browsers have this value" and then find the biggest numbers. Usually the "Browser Plugin Details" and "Fonts" are the largest by far.So since there is nothing that can be done to fix the Fonts problem without messing up the entire system, let's instead focus on the Browser Plugin Details.https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer/https://addons.mozilla.org/en-US/firefox/addon/disconnect/https://addons.mozilla.org/en-US/firefox/addon/form-history-control/https://addons.mozilla.org/en-US/firefox/addon/ghostery/https://code.google.com/p/https-finder/downloads/detail?name=httpsfinder_0.91b.xpihttps://www.eff.org/https-everywherehttps://addons.mozilla.org/en-US/firefox/addon/no-google-analytics/https://www.eff.org/privacybadgerhttps://addons.mozilla.org/en-US/firefox/addon/requestpolicy/https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/https://addons.mozilla.org/en-us/firefox/addon/ssleuth/https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/https://secure.informaction.com/download/releases/noscript-2.6.9.32.xpihttps://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/(The last one is not needed, but it is nice not to have to change the resolution every single time you play a video from Youtube. And getting rid of annotations forever is worth it by itself.)Now. That is the list of extensions I have for this profile. Plugins are still a problem.For plugins Firefox 40+ comes with two that probably should never be disabled. I suggest adding Flash, Silverlight, Unity and VLC Web player. (You get the last by installing Videolan and choosing the option.)All plugins that can be set to "Ask to Activate" should be.Any suggestions to make this more useful and private? (And just to clarify, this thread is identical to another I made on the PIA forums a while back. I still think people should make a unified browser profile to combat malicious sites finding what type of system we use. And I welcome input.) Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
pr1v 36 Posted ... Maybe this could help: http://unspyable.com/browser_spying.htm 1 OmniNegro reacted to this Quote Share this post Link to post
rickjames 106 Posted ... Or just spoof all the details to something that's widely used. 1 OmniNegro reacted to this Quote Share this post Link to post
OmniNegro 155 Posted ... Or just spoof all the details to something that's widely used.If you have a suggestion as to how to achieve this, I and many others are greatly interested. I am aware of the Random Agent Spoofer extension, but that will not work for anything beyond a surface examination of the browser. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
pr1v 36 Posted ... In the article I posted you can read in the last words: User Agent Switcher. But, anyway, if you are so worried, why don´t you use Tails live cd, or Tor over VPN?. Quote Share this post Link to post
OmniNegro 155 Posted ... In the article I posted you can read in the last words: User Agent Switcher. But, anyway, if you are so worried, why don´t you use Tails live cd, or Tor over VPN?.I am not worried. And neither Tails nor Tor will make you look alike to every other browser profiles. The point here is to blend in. Those options differentiate you more than anything else you could do. (Tails and Tor, that is. The link you posted has solid suggestions for helping.) Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
rickjames 106 Posted ... Or just spoof all the details to something that's widely used.If you have a suggestion as to how to achieve this, I and many others are greatly interested. I am aware of the Random Agent Spoofer extension, but that will not work for anything beyond a surface examination of the browser. Go here https://www.browserleaks.com/javascriptAllow it with noScript if you run it.Take note of all the details. User agent, operating system ect. Below are "Strings" that need to be created via about:configSo in firefox go to about:config - right click and choose create new string. String name: general.appname.override Setting: Netscape String name: general.appversion.override Setting: 5.0 (Windows) String name: general.buildID.override Setting: 0 String name: general.productSub.override Setting: 20100101 String name: general.useragent.vendor Setting: Leave Empty and hit Enter String name: general.useragent.vendorSub Setting: Leave Empty and hit Enter String name: general.useragent.override Setting: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 String name: general.platform.override Setting: Win32 String name: general.oscpu.override Setting: Windows NT 6.1 Then go back to https://www.browserleaks.com/javascriptCheck the settings again. They should be different The settings above are just generalized. If anyone has the time to figure out what the most widely used settings are feel free to post them. Or if anyone has windows 10 and is running a stock firefox 40 I would love to see the results from browserleaks. Most people I know doing this are on bsd or linux because those fingerprints stick out like a sore thumb. Screen resolution is the only option I haven't found a reliable way to change. All the methods I've seen require injection which isn't clean imo. Random Agent Spoofer does it via injection And a quick warning about Random Agent Spoofer is if you uninstall it all the settings it changes get reset to stock firefox settings. 1 OmniNegro reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... The safest way for beginners would be taking the latest alpha Tor Browser Bundle for your favorite OS, then removing manually all the Torishcomponents like TorButton and TorLauncher. Then all you are left to do is installing a Random Agent Spoofer extension from Github (and I mean the latest source) since the pre-build .xpi'slack so many profiles and settings, like the full Firefox 40 clone. That's basically it, you should be up and running a pretty safe, hardened version of Firefox with Windows 7 (most common desktop OS on the internet)in about, 15 minutes.If you want to go even further you can clone the TBB git, find the function for the screen resolution and hard code it to another most common desktop OS one.Don't forget to harden your favorite script blocker on top of that when you are done. Plugin detection using javascript arrays was patched by Mozilla for quite a lot of releases back, so anything from 30 and above should be fine in this case.I'm mentioning it because the OP suggestion of adding plugins like VLC, Silverlight, or the Flash (aka the cross platform browser exploit compatibility layer)will do things completely opposite of what you are trying to achieve, in the long term. Even native Firefox plugins like PDF.js should be click2played or betterdisabled explicitely via about:config. Last month there was a 0day bug in it which allowed file stealing. The rest is left as an exercise for the reader. 2 rickjames and OmniNegro reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
rickjames 106 Posted ... If you want to go even further you can clone the TBB git, find the function for the screen resolution and hard code it to another most common desktop OS one. This ^ is something I would like to find. Gonna have to look for it. RaS is nice, I used the git version for a while. But less is more imo but its definitely the fastest and easiest route.I've been tempted to write a tiny clean addon just for this. Just too busy atm 1 OmniNegro reacted to this Quote Share this post Link to post
Not connected, Your IP: 18.225.56.78
Online: 26243 users - 313163 Mbit/s total BW