I am down to help with the wiki. I’m a systems engineer and I can probably automate most of the things that you write guides for, and probably already have some stuff put together even.

I don’t really have any credentials to show without defeating my privacy, but here are some links that maybe show I’m not messing around 😅 I’m currently building some social profiles to get ready for a few games I’m developing and planning to make open source or source-available, so that’s why all these accounts are fairly newish.

Mainly giving these to show that I’m not lazy when it comes to documentation.

https://codeberg.org/madamegaymes https://github.com/madamegaymes https://madamegaymes.itch.io/ https://mastodon.gamedev.place/deck/@madamegaymes

Regarding Password Managers, you can put a little extra effort into setup with KeePass + SyncThing to avoid using 3rd parties at all.

Highly recommend not relying on a cloud provider for this kind of thing. You’re just asking for one of two things to happen:

1. Their servers get compromised
2. They decide to shut down

I know you can self-host with vaultwarden, but if you’re not a self-hoster then it’s a little bit simpler to setup SyncThing and use the kdbx format.

I wholeheartedly agree with Tuta over Proton Mail!

And to add to password manager, KeePass + SyncThing is excellent if you need to access your vault on multiple devices without any 3rd parties involved.

The more plugins you add, the more unique you become, just FYI.

Use this site to test your uniqueness in different browsers and VPN setups:

https://abrahamjuliot.github.io/creepjs/

I have found that Mullvad Browser + VPN (with DAITA and Multihop ON) are better than FireFox or LibreWolf. Me and another user on here went through a little back and forth comparing some things. Just follow the comment thread from here:

https://programming.dev/comment/15090531

(take it with a grain of salt and DYOR, we are not experts)

Also, I love Tor, but another reason to be careful: exit nodes can be run by anyone, including bad actors and any 3-letter agency in the world. At the very least, add a VPN layer when using Tor.

ETA: Keep in mind that it’s not just the browser that matters. Your screen size, GPU, operating system, and several other factors also add or take away from your uniqueness in terms of browser fingerprint. Basically, they less you change in the browser, the more generic and similar to everyone else you look like. The better your OS hides things from apps (for instance, in flatpak sandboxes) the better.

ETA2: I like creepjs for testing over EFF’s tool for one main reason. EFF tells you how unique you are, theoretically. Creepjs actually takes extra steps to make a guess at whether or not the browser is lying and trying to hide from fingerprinting.

I use Mullvad and Transmission, and I generally never have issues seeding. I’m currently seeding a few torrents from 1337x, EZTVx, and some linux ISO images.

Whenever I grab FitGirl stuff, I’m usually scraping the Fucking Fast links and using this library to download them, so I can’t speak to whether or not it’s something with FitGirl (but I can’t imagine it would be). Most likely some setting on your end.

I been using Transmission since it came out 20 years ago. I never understood why you would use anything else.

It’s FOSS and has the simplest interface with all the options.

I have one device where I installed the APK straight from Signal themselves. That is the only device where it has updated itself.

My other devices all use the Play version through Aurora Store, and always updates through that.

Maybe there’s a config/setting somewhere?

But also, maybe don’t use F-Droid for apps regarding privacy.

https://privsec.dev/posts/android/f-droid-security-issues/

alternative question to ask: is it advertised by an “influencer”? If yes, it’s a scam.

I see, I’ve never looked super deep into F-Droid or released anything there, I didn’t realize that a requirement for releasing on F-Droid was that they build it. Just read their inclusion criteria, interesting.

ETA: Read through the whole article, and godamn. I don’t really trust anything Android any way, but this is actually a pretty damn big WTF from F-Droid. Thanks for sharing!

I’m just not convinced it can fool google and meta

Yea, this is a great and healthy skepticism to have. It’s why I went deep on this little research tangent.

Besides browser fingerprinting, there are many other ways to tie you to online behavior. For instance, the DAITA thing has nothing to do with browser fingerprints, but specifically the size of your inbound and outbound traffic. The NSA uses that to figure out your behavior and link on-VPN and off-VPN traffic together with great success, regardless of how many hops you go through. It’s the behavior that gives you away.

I’m always on my VPN, reconnect at random times, and have all the extras turned on. Something else that may be a factor is that I have Mullvad Browser installed via Flatpak and is sandboxed to hell. Maybe you installed via .deb or something in Mint?

Any way, thanks again for humoring me in this! I think you’re right that at least you are sorta getting lumped in with others, but it’s never going to be 100% foolproof and we should all plan for that.

Shhh, that’s too advanced. Besides, CLI is outdated and slower than GUIs, this is just insane behavior /s

I honestly didn’t even need to specify tab-completed. It’s still less typing than their comment unless your paths are miles long.

hahaha… indeed what a silly name!

That’s a bummer though. It’s only going to get more difficult to view anything on YT privately.

Cool! I think you meant Newpipe? Probably autocorrect. I usually use that one as well, since I don’t really watch YT on my phone not having sponsorblock or dearrow doesn’t really bother me.

And yea, the proxy/VPN thing is a widespread issue that affects all YT alternatives. The root cause is YT themselves blocking ranges of IPs if they determine it is a data center or VPN (and also random nsig changes). Every once in a while it will start working, but then you’ll get blocked after watching one vid.

This same reason is why the amount of public Invidious instances has dwindled and they now recommend self-hosting it. Even with FreeTube, I can’t use a VPN. You might still encounter some issues from time to time even with Newpipe through a VPN.

Interesting, thanks for coming back with some info. It brings up more questions, but I understand if you don’t want to dive deeper. No worries!

1. Just to make sure we aren’t testing two separate systems, I am using the site hosted on GitHub from the maintainer: https://abrahamjuliot.github.io/creepjs/

2. What operating system are you running? I see some discourse online about even Tor being identified as long as it’s run on Windows 11, but in Linux it is not identified.

   https://old.reddit.com/r/TOR/comments/113ukg9/is_creepjs_able_to_break_tor_antifingerprinting/

3. Under prediction, what is the crowd-blending score you see? In mullvad, I see 75% ©, in my other browsers I see 60% or less (D/F). Admittedly, I don’t fully understand this section too much. I was under the impression that 0% here was a good thing, but the way you described it is the opposite. Trying to locate clarification on this and will edit when/if I find it. Edit: from the README it says failing = unique, but also goes on to say that a lower trust score is not necessarily bad. I’m still a bit confused at exactly what this is telling me, especially when I’m being clearly lumped in with a lot of other users in Mullvad, and very clearly being unique in Firefox. Yet, both datasets are almost entirely 0% under Predicitions.

4. And just to round it out, I’m curious what you see for the visits count at the top, and when the first visit was. When I’m in Mullvad, the visits count is almost touching 1000, and the first visit was at the beginning of January. These are definitely not me, as I have only run the test a handful of times, and yesterday was the first time I had ever used or heard of creepjs.

I still think there is potentially something I am misunderstanding about creepjs, so I may be wrong here. From what I understand, if the FP ID changes, visits is at 1, and first visit is timestamped right now, then you likely have been identified. The FP ID changing or remaining the same doesn’t really indicate anything without the context of the rest of the data, especially the visits counter. It’s clear that I am being lumped in with many, many other users.

Lastly, I think that you are making yourself standout from the crowd by manually installing the dark reader plugin (I assume that’s what you meant). That defeats the purpose and is likely why you are being identified so quickly. There’s a reason why Mullvad and Tor don’t make it easy to install plugins, and also why they recommend not maximizing the browser window. They actually specifically force the viewport to be a specific resolution, even if you maximize. This makes you look even more like everyone else, because out-of-the-box you are configured the same as everyone else. As soon as you add anything unique, you become unique.

We will have to agree to disagree.

At least you came back with reasons beyond “I don’t like typing.”

ETA: > learning new things is too difficult.

I could use this argument for folks that don’t want to learn CLI as well, doesn’t really track in either direction.

Lmao. Uses a computer, typing is too much. It took more typing to write your comment than to craft a tab-completed dd command, even if you had to call the help menu to refresh your available options, jus’ sayin’

I get it though, the general public are scared of the big bad 'puter magic and need GUIs.

Hell yea, fuck Google!

What OS are you running? What other apps are you having troubles replacing besides these?

I’ll give you whatever info you need to pull the plug on the crooked bastards.

I know, but just because someone doesn’t understand something or ignores it doesn’t mean it isn’t the best/simplest choice for 90% of cases.

Install Linux! /s