Your browser engine is very easy to identify, it would be useless to lie and it would also cause a lot of breakage.
What do you mean by this? It already reports Linux in the navigator UA, are you talking about the HTTP header? If so, I agree with you and I'm hoping to see a change as it is overkill (although there are reasons against namely passive fping protection in some rare cases).
It causes breakage too, ideally reporting this could influence a change in RFP but there are some blocking issues (things to discuss) at the moment and it is low priority. We could anticipate the change with a patch but we haven't thought about this yet as we are usually against changing RFP.
I shared this a while ago in the Firefox community --> https://lemmy.ml/post/209597
see y'all there, I updated the lemmy sidebar already :-)
Mull is super nice and its dev does a lot of good open source stuff, recommended!
2mo later I gotta say I'm sorry that I haven't been able to keep up with lemmy (or even worse with reddit where I haven't logged in ages) lately, I've been pretty busy to the point where even release announcements disappeared.
indeed it does, but most people wouldn't really care in 2023.
https://librewolf.net/docs/testing/ says:
These tests are not intended to be used as oracles, but rather as a way to check your setup and verify that your changes are applied. You should not read too much into the results unless you are sure you understand them, as explained in this article.
https://blog.pastly.net/posts/2019-01-19-about-to-use-tor/#testing-your-fingerprint
BTW I commented about this in the past, see https://gitlab.com/librewolf-community/browser/windows/-/issues/276#note_1137125815
it's covered, yes. we enable a built-in list that strips some query params and we also add an extra one that strips more stuff (courtesy of the great https://github.com/DandelionSprout).
btw Firefox also has native query stripping now, so there's one extra layer of protection! see https://privacytests.org/
a summary of our recent activity
hello! as you might have noticed I haven't been able to post the changelog lately, so I figured I'd write a news thread:
librewolf v107 rollout
hello folks, v107.0 is rolling out on all platforms, if it already hasn't :-)
main changes:
very minimal but enjoy!
FYI: OpenBSD builds will not be provided anymore
Hi, I'll be stopping providing new LibreWolf builds, and it's possible I'll abandon the port altogether in the near future. So, unless I'll find someone who...
from that issue:
I'll be stopping providing new LibreWolf builds, and it's possible I'll abandon the port altogether in the near future. So, unless I'll find someone who will take care of the port, it would be better to remove the instructions.
more details inside, and many thanks to the person who provided the port during these months!
librewolf v106 rollout
hello! v106.0.1 is rolling out on all platforms.
some might have already got a v106.0 update, others will be upgraded directly to the newer version as the releases were condensed into one, since they occurred within 48 hrs from each other upstream.
main changes:
enjoy and be safe :-)
librewolf community on jeremmy.ml
FYI: if you prefer to use a different instance, mickie created a librewolf community of at https://jeremmy.ml. I will try my best to keep an eye on stuff posted over there too :-)
librewolf v104 rollout
a bit late to the party, but v104 has been released in the past few days, depending on your platform.
the changelog is very small this time, I blame august:
look I said it wasn't that much..but enjoy it :-)
librewolf v103 rollout
I forgot the changelog for v102 but here's the one for v103 instead.
an even more detailed issue and merge request overview is available in the meta for v103.
if you want to contribute check our gitlab, follow the labels and the epic for the next release. if you want to report something please use gitlab, follow the guidelines and check known issues.
I just ran TBB and used deviceinfo.me to verify
ironic how this is posted below an article that says that testing websites are not reliable and that you should not read into the results unless you understand them. I don't think this is the case, sorry about being painfully honest but I don't want people to freak out over tests instead of reading a well written article:
You want to know what a JS enabled Tor Browser looks like? A standard Firefox private mode tab with uBlock Origin medium mode and arkenfox user.js applied.
that's simply not true. TB has further enhancement and code changes, it is based on ESR plus it's not the same as a private window at all since private mode does not write to disk for example. most importantly tho: TB has crowd and the Tor network, that's vital and a huge difference. a traffic analysis would also probably identify Firefox + uBO in medium mode vs TB. also, arkenfox does not try to make Firefox turn into TB, that's clearly stated in the wiki and I would know as I am a repo admin :-)
Can the author explain me why keeping JS on is so helpful
usability, a browser with JS disabled by default is not a good everyday browser for most. the more people use Tor Browser daily and have a good experience with it, the larger the crowd gets.
All the above information I mentioned is trackable for...
I mean once you are subscribed, why would they want to fingerprint you? they already know who you are. when facebook operates as third party it will be isolated plus on a different circuit and with fingerprinting protection, plus (from arkenfox's wiki):
if a fingerprinting script should run, it would need to be universal or widespread (i.e it uses the exact same canvas, audio and webgl tests among others - most aren't), shared by a data broker (most aren't), not be naive (most are) and not be just first party or used solely for bot detection and fraud prevention (most probably are)
I also don't get what the difference between typing private stuff on facebook on tor or behind a vpn or on your ISP's network is. however I must say that I still understand why from a "peace of mind" perspective it makes sense to keep stuff isolated, so as I said above mine is not really a strong opinion here.
sorry about typing a lot, but I figured this was valuable information to share, despite being nothing new.
I will start by saying that the author of the article was a tor researcher and dev so this gives some context on the content and me posting this.
which is a very risky thing to do for someone not familiar
may I ask why? I generally agree with the sentiment of the article but I don't have a very strong opinion on this and maybe I'm missing something.
PS I don't think the usual "I will end up in a list of people who use Tor" argument is a valid one.
Preferring JavaScript stay disabled is a better choice, the next best is only allowing JavaScript when needed momentarily.
I disagree with this, it's simply overkill for 99% of the people with arguably no benefit at all. what's there to gain?
About to use Tor. Any security tips?
a great post that was published a few years ago on Matt Traudt's blog with some tips for people using Tor and the Tor Browser.
it also addresses common misconceptions like disabling JS and using fingerprinting tests, which unfortunately I see floating around every other day on the internet.
a list of extensions you do NOT need
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening - arkenfox/user.js
a portion of the arkenfox wiki where a bunch of popular, yet unnecessary, extensions are discussed. make good use of it :-)
what do you use as a search engine?
I'm currently working on re-evaluating our search engine selection (reading privacy policies and all that good stuff), to see what to keep, remove, maybe add. I figured I might use some input from lemmy.
if you're curious bout my notes on this -> https://gitlab.com/librewolf-community/settings/-/issues/111
