[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Bitwarden? Browser fingerprintin?


#21

From that link:

Maxim Kammerer, developer of Liberté Linux [3], has disparate ideas on anonymity and pseudonymity which should not be withheld from the reader: [4]

I have not seen a compelling argument for anonymity, as opposed to pseudonymity. Enlarging anonymity sets is something that Tor developers do in order to publish incremental papers and justify funding. Most users only need to be pseudonymous, where their location is hidden. Having a unique browser does not magically uncover user's location, if that user does not use that browser for non-pseudonymous activities. Having good browser header results on anonymity checkers equally does not mean much, because there are many ways to uncover more client details (e.g., via Javascript oddities). 

I agree and would further add, that if your type of activity allows you to be anonymous (no log-ins etc) then you are in fact in less need of tools such as Whonix than others who cannot afford it.

Everyone here logged in, commented… kept identities over weeks, months or years. I think the realistic discussion is how to make the best out of a pseudonymity.


#22

XMR.to uses javascript if it’s not disabled. So if you moved from here to there at the same tab you might have used it with javascript.


#23

I didn’t say I use them. I just said that people like to phish that site.

But if I did use them, I’d have my https-everywhere set to automatically redirect me to the /no-js/ version of the site. Just in case my JS kept enabling itself in the new TB


#24

I get your point, I’m just saying there is no way to completely avoid JS. What you describe is a correct course of action in my opinion but if you use JS for some sites and not in others that’s yet another place where mistakes can happen.


#25

I have pseudonyms where JS is never allowed on in the browser for any reason. They have their own workstation. In others, I turn it on as needed.


#26

Agree - user behaviour is often the greatest danger.

When it comes down to it, I’m sure the long-termers here accept that with best practices they are:

a) Anonymous to plebs, skiddies, the majority of web servers and unskilled network observers if they are not using JS and not logging in anywhere.

b) Pseudonymous to the big bad major corporates with their tentacles in data-mining and generous government contracts related to the military-surveillance complex i.e. Amazon, Google, Facebook etc.

c) Identified a long time ago and already placed on a “special list” by any nation states who care about the activity here (like 5 eyes). Dead easy to do based on stylometry, end-to-end correlation attacks and so on over an extended period.

If c applies, I say it is great to have such a captive and enthralled audience :wink: