The generic nuclear option to hide terrible web design, bypass (some) paywalls, and improve performance 1000x is to disable javascript. ublock and adnauseam both have a button to disable all javascript on a page, which is handy when reading articles on sites filled with garbage.
On Chrome/Firefox I use uBlock Origin which works well. I’m not sure if the community recommends something else at this point.
I also use various other extensions like StopTheMadness to disable right click hijacking and other bad behavior and Banish on iOS to prevent certain banners from appearing.
For example, YouTube has no ads in iOS Brave. Since iOS doesn't allow real browsers and extensions, Brave has been a sanity-saver for me.
Pair that with uBlock on desktop and you're golden. 98% of the sites don't break at all either.
Be slightly careful, there's a known issue (limitation of Chrome really) where requests and javascript are not blocked in the first few seconds of launching a browser or an incognito window (you can test this yourself). And this is true even with "Suspend network activity until all filter lists are loaded" enabled, because I think it's some limitation on Chrome as to when exactly extensions get loaded.
So if you do rely on javascript being disabled for safety, after a fresh launch or new incognito window, you should visit a safe webpage first before going to the risky one.
Never using an adblocker again.
I now have 68 extensions on my Brave (desktop). Imagine seeing 68 additional icons on my macOS launchpad!
Oh you Apple users.
Just because I'm paranoid doesn't mean they're not out to get me ;)
Also, it's pretty cool that NextDNS has this: https://github.com/nextdns/nextdns/wiki
Single app, all devices, works great out of the box.
- blacklists entire domains using wildcards (using an "unbound" DNS resolver and forcing all traffic to my DNS resolver, preventing my browser to use DoH -- I can still then use DoH if I want, from unbound)
- reject or drop a huge number of known bad actors, regularly updated: they go into gigantic "ip sets" firewall rules
- (I came up with this one): use a little firewall rule that prevents any IDN from resolving. That's a one line UDP rule and it stops cold dead any IDN homograph attack. Basically searching any UDP packet for the "xn--" string.
I do not care about what this breaks. The Web still works totally fine for me, including Google's G Suite (yeah, I know).
EDIT: just to be clear seen the comments for I realize I wasn't very precise... I'm not saying all IDN domains are bad! What I'm saying is that in my day to day Web surfing, 99.99% of the websites I'm using do not use IDN and so, in my case, blocking IDN, up until today, is totally fine as it not only doesn't prevent me from surfing the Web (I haven't seen a single site I need breaking) but it also protects me from IDN homograph attacks. Your mileage may vary and you live in a country where it's normal to go on website with internationalized domain names, then obviously you cannot simply drop all UDP packets attempting to resolve IDNs.
Edit: changed "good" to "safe" for clarity
https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconf...
No idea if I should really trust them, or if there’s a better way to install profiles directly from CIRA or Mullvad like I use.
Nice thing is that it’s device wide and all free (hopefully not for malicious intents).
Every scrap of data collected about you will be used against you. It doesn't matter if it's accurate or not, nobody cares if they data they have about you is accurate, data brokers will happily sell your personal info to anyone even knowing full well that it's got inaccurate and conflicting info in it. Many won't even know because the process is entirely automated.
By automatically clicking on ads and "expressing interest" in random things you're just filling your dossier with ammo which gets handed to others to fire at you. Every random thing you add to your permanent record is one more thing that can only hurt you.
You cannot know what will prejudice someone against you. Maybe one day adnauseam decides to click on something that gets you flagged as having a certain political view, or having a certain sexual orientation, or being an alcoholic, or having a mental illness, or being at a certain income level, or belonging to a certain religion, etc. One day that exact data can cause you to get turned down for a job, or for housing. It can mean that a website charges you more than what your neighbor pays for the same product. It can mean your insurance rates go up next year.
You will never be told when it happens or why. Your health insurance company isn't going to tell you that they raised your rates because you (adnauseam) clicked on too many fast food ads last quarter. You're just suddenly getting a higher bill. Your auto insurance company won't tell you that they raised your rates after you were clicking ads for DUI lawyers, but suddenly they and every other insurance provider you try are quoting you higher monthly prices.
If your browser extension decides to go click on ads about abortions you could even end up being hauled into a texas courtroom and having to defend against charges. Sure, you'd get them thrown out eventually. Probably. But it would still cost you a ton of time and money and stress. The information in your dossier can get you targeted, harassed, or attacked by extremists. It can get be used against you in court rooms. It can get you investigated by three letter agencies. It can be used to impact your 'secret consumer score' or consumer trustworthiness rating.
The information being collected about you is sold to companies, employers, activists, extremists, and law enforcement. That data never goes away. It follows you for the rest of your life and will be used against you in ways you'll never be aware of and cannot today imagine. Filling your dossier with huge amounts of content (random or not) is dangerous and only increases your risk for zero benefit.
I had a user show me one of these Notification ads just this week, telling here that McAfee found a virus and click the Ad to remove the virus. We do not even use McAfee, it was a straight up attack ad. Thanks Chrome!
I am perfectly fine with ads, I've previously run sites where it was a small source of income myself. I know it would be in a cat and mouse game with the bad guys but if it blocked most of them it would certainly help a lot of people.
The upside though is big, stops all the insane bloat that runs on most pages. Many websites run fine with all their scripts blocked too.
Problems: * vetting ads costs a lot of time (= money). So you're getting less money per impression * requires a massive amount of infrastructure if you want to ensure that the ad doesn't change in between you vetting it and you serving it to your clients (= money).
Meaning the consumers of our company will get less money per ad they show to their visitors.
So they'll go to one that offers more. Simple as that.
In order to fix the bad actors we need to start making the websites serving the ads (like Reddit) and/or the networks (DoubleClick) responsible for what they offer up.
As long as that doesn't happen it'll remain a cesspool.
All other ads are physiological assault and should be made illegal. Particularly those ads which exist "IRL" and can't otherwise be blocked, such as billboards.
[0]: https://chromium.googlesource.com/chromium/src/+/main/docs/i...
There are a bunch of file variants to weed out specific bad actors.
It's well currated though I will disclaimer it has broken a few websites in the past for me. Maybe that's a good thing.
You can force traditional port 53 DNS protocol traffic to your own resolver with firewall rules, the same doesn't work for DoH. a DoH request to a domain your firewall blacklist doesn't have looks just like ordinary https/443 traffic and will pass unhindered.
It's why many browsers started defaulting to showing "xn--<whatever>" (punycode representation of IDN characters).
It sucks for domains that are emoji but whatevs. Scammers ruining things for everyone, as usual.
NoScript will break pretty much 50% of the web. It'll take you about a day to whitelist all the sites you use daily and then it's smooth sailing.
I would also highly recommend this privacy focused list. https://www.privacytools.io/
1 month ago: https://www.reddit.com/r/blender/comments/109yjxm/dont_click...
2 months ago: https://www.reddit.com/r/blender/comments/zewem3/beware_of_p...
4 months ago: https://www.reddit.com/r/blender/comments/xxkx5s/warning_som...
7 months ago: https://www.reddit.com/r/blender/comments/vuqu1r/hey_so_what...
Pretty sad state of affairs that Google can't or won't stop this, especially since they gradually redesigned the ads spots to look practically identical to the search results. Be very careful clicking anything on Google's search results.
I don't like to have to set rules in browsers: I'll do it when mandatory but I prefer things that the browser won't change during it's next update and, also, I use several browsers.
Oh I know but so far you can still ask both Firefox and Chromium to not use DoH and hence force them to use port 53 and from what I've seen they really honor that. For the moment.
I don't doubt that in a not so distant future we may see companies hardcoding DoH into apps without any possibility of removing that setting!
What I do is no panacea but it gets rid of a lot of things.
> There are so many sneaky ways to resolve a hostname an app or device can choose to use now.
But I whitelist apps that can connect to the net. Browsers, apt (for Debian/Devuan package update), the one that update the NTP/time, SSH out and that's basically it.
I know it's a game of whack-a-mole, but I'm still playing it : )
I don’t care if I get wrongly labeled/categorized due to this. It’s not like my profile was an accurate representation of who I am before I turned on ad nauseam. If someone gets dragged into a court room for clicking ads, that would be funny, and I doubt they would have a hard time finding support from orgs like the EFF, gofundme, etc.
One long term benefit of this is that if a lot of people use it, advertisers will start seeing diminishing returns on their investment in internet ads. This will lead to reduced spending and less ads overall.
https://apps.apple.com/gb/app/wipr/id1030595027
no issues, works great.
adnauseam does not do this. It only adds to your personal information. It doesn't hide anything.
> I don’t care if I get wrongly labeled/categorized due to this.
Then you must not care when you suffer the consequences of having been wrongly labeled/categorized. Nobody can make you care about yourself, your money, your safety, or your time if you refuse to.
> It’s not like my profile was an accurate representation of who I am before I turned on ad nauseam.
Again, nobody cares about how accurate it is or not. It's about quantity, not quality. Accurate or not, that data will increasingly impact your life in very real ways. The more data they have, the worse it will be for you.
> One long term benefit of this is that if a lot of people use it, advertisers will start seeing diminishing returns on their investment in internet ads.
this isn't actually true, because advertisers don't care. That's why the world is still and increasingly filled with ads that aren't laser focused on you as an individual. We have more and more ads on network TV, on billboards, on radio etc. None of them were stopped because they sometimes showed an ad to someone who doesn't care about it. Seriously, they don't care. You clicked, that's good enough for them. Sales aren't even always the goal. Being seen (or the appearance of being seen) is often all they need.
You're honestly only hurting yourself.
Maybe this is so but I have yet to see it. AFAIK all the DoT/DoH are on known dedicated IP addresses. I know they don't have to be. They could be on generic Akamai/CF/BunnyCDN/etc... end points but I have yet to come across one utilized in the wild. Have you found any? What are their IP addresses? I would like to add them to my DNS timing/monitoring scripts.
I null route about 24 DoT/DoH IP addresses and my one smartphone seemed to figure out automagically that my router was serving up DoT on 853. I can tell if something is bypassing Unbound because there are things I know should not resolve correctly.
And weird speech-synthesied rousing music: ‘Jim worked for a big electronics manufacturer, and had an idea. <Electronic item>s for the people. They they wouldn’t let him make it. They stole his idea and made a bad version. Now Jim is making <Electronic item>s himself that are twice as good and only a quarter the cost! Buy one to support Jim and stick it to the big evil corporation!”. How did that get to be a genre?
And “buy my video course to learn how to make thousands of dollars a day!” scams.
I find it frankly astounding how much obviously fraudulent advertising there is. Isn’t it illegal? Is there no authority that police’s it?
It's a rational assumption and should be taken in to consideration to the extent any particular threat-model should or shouldn't.
Will be interested to hear if you've tried it out and what may have been missing?
The only things we don't block at the moment is some non-English content and Adult sites. With a small team these haven't been the primary focus for the time being. Other than those though we should stop pretty much everything else.
Right: regardless of what the ad is, just by auto-clicking on it you provide a signal that when aggregated together can roughly piece together your browsing history. As a toy scenario, maybe you only visit tech blogs, and tech blogs usually have tech related advertisements. The fact that you have auto-clicked on ads that were on tech sites, and not say fashion sites, is itself a strong signal that can be used to infer browsing history.
Also I think advertisers are already used to dealing with click fraud and so track metrics that won't meaningfully be impacted by this strategy.
Little pro-tip for anyone who tries to run their own private DoH infrastructure too, Firefox doesn't like RFC1918 addresses for the DoH resolver. Set `network.trr.allow-rfc1918=true` if you run DoH on a private IP.
For system wide (including apps) ad blocking, Lockdown has a "local VPN".
We recently moved to a paid app model with a 30-day free trial available (from a freemium app model).
Understand that this is not as appealing as a free-forever product. We found that we had hundreds of thousands of free users and not enough paid users. After developing the app for many years under this model, we had to make some changes so that we could continue to fund the ongoing app development and updates.
The notification prompt can also be declined in the alert that appears; though we could make this more obvious with a clear 'Skip' button.
If you use an ad blocker for a long time, it's easy to forget how bad the web can be without one.
What if you're out and about disconnected from WiFi? What if you need to turn the thing off for a sec to click on a sale/promotion in an email?
And bonus points - my ad blocker works with embedded web views
1. couldn’t you “just” (yea yea I know) install a cert on all your devices and force all 443 traffic though a proxy (like some corporate networks do)?
2. (Something I’ve been meaning to get around to trying for a while) default-block outgoing connections unless unless the external host was recently resolved for the corresponding internal host via your internal resolver? That seems like it would kill anything that tries to avoid your ad-blocking resolver. It seems like that might block hard-coded addresses too, but that could be a good thing..
If I invited crack dealers to deal out of my house for a small cut of the proceeds, I'm pretty sure I go to jail when they're caught. That's essentially what search engines are doing here.
It's a nice way to block ads for any wifi connected device in your house without additional setup. There are probably 10+ ad-serving devices in my house between the TV's, laptops, tablets, and phones.
Do iPhones still really not have a way to block in-app ads?
That’s the design intent. Because not all network administration is benign.
DoH is a tool like any other. Good or bad entirely on why and how it’s used. And your own perspective on that use case.
Not that it plugs _into_ PiHole per se, but rather that the Self Hosted VPN makes your phone use your home DNS server (including the PiHole itself). It works! I use https://www.pivpn.io/ but there are many others.
True.
I had to install a system to MITM all my https traffic in order to block DoH requests.
DoH opens me up to security problems that I wouldn't otherwise have, and the extent I have to go to in order to stop it is crazy.
> DoH is a tool like any other. Good or bad entirely on why and how it’s used.
Except that it's a tool I have little control over, and no control over how and why it's used. That's the problem.
DoH is a plague.
But, conversely, the way we interact online also changes to accommodate these trends. Twitter was an early example of that, and so is the focus on audiovisual content over text for the more recent social networks.
I clearly need more sleep...
AFAIK only Orion browser [1] comes with full 1st party and 3rd party ad and tracker blocking, by default.
Though yes, this story dates from December and was covered at the time (from a different source):
Though I seem to recall GPS shim that's available and which I really should swap in on my BOOX tablet.
There was also an HN discussion at the time: <https://news.ycombinator.com/item?id=34095107>
I personally use Timescale magicDNS on all my devices, with pihole DNS running on a home server. The magicDNS can make my home server the 1st responder for DNS queries and it'll block a lot of ad domains.
That's insufficient. There's nothing stopping a web site (or ad on a website) from forming its own DoH request that bypasses the browser and the port. It can be done entirely within the HTTPS stream.
And hey, maybe one day advertisements will be served directly via IP addresses, not domains:)
And with 2), that would work, though you'd probably want to whitelist port 53 so that you can resolve names in the first place. Sounds like it should be effective, though.
It's just not possible to use an Android phone as Google intended (and as the vast majority of users actually do) without that tracking mechanism taking center stage.
My solution is to disable or uninstall Google Play Services/apps and I never create a Google account. Also, wherever possible, I use a rooted phone.
The penalty for such action is that many of the attractive so-called free services are unavailable to me. However, the benefits of closing down or uninstalling all unnecessary services and apps and disabling JavaScript are that my battery now lasts for days, ads are a thing of the past and the phone and internet access are much faster.
I accept however the vast majority of users either aren't capable of making such a tradeoff or aren't prepared to do so and Google knows that—that's why it's a winner. For Google, users like me are just insignificant noise.
These things are not as tightly woven into the OS as you make it seem.
It is very much possible. GrapheneOS, CalyxOS, roll your own AOSP-based image.
A completely degoogled Pixel series is even practical and realistic for casuals. As you say you miss out or have to fiddle a big for many apps which break without SafetyNet and other malware.
1Blocker is fantastic.
AdGuard for iOS is fantastic.
MagicLasso is free.
You can even run uBlock on Kagi Orion if that's your thing.
I use one of the above + NextDNS* and am entirely ad free all the time everywhere.
* See also the new AdGuard DNS.
You can't control it as a malicious censor who's trying to control what Web sites other people's computers can access just because they're on your Wi-Fi. You can absolutely control it on computers that are actually yours.
That's not true when the just the network itself is yours. It's only true when all of the computers on it are too.
> DoH opens me up to security problems that I wouldn't otherwise have, and the extent I have to go to in order to stop it is crazy.
What? No it doesn't.
> Except that it's a tool I have little control over, and no control over how and why it's used. That's the problem.
You're not supposed to be able to have control over what tools other people use on their own computers.
Chrome iOS app is just a skin over safari with some of the history/bookmark/etc syncing.
https://cloudinfrastructureservices.co.uk/how-to-block-websi...
Have you tried advertising? :)
Er, not as a group they aren't. Like, I'm sure there are bad adblockers, but if you stick with uBlock Origin you'll be fine.
Lately, I find myself using more and more plugins to make the "modern web" tolerable. To list a few:
Channel Blocker (lets me block channels from search results on Youtube); uBlock Origin; Disconnect; F.B Purity; Consent-O-Matic (auto fill cookie consent forms); Kagi Search; PopUpOFF; Facebook Container; Privacy Badger; ClearURLs; Return YouTube Dislike
Basically, if I visit a website and don't like the experience, I either never go back (Kagi lets me exclude it from search results) or find a plugin to make it tolerable.
What I really want now is the ability to exclude entire websites from any permissions I grant to plugins. I feel like in the last year, I've read a couple stories about companies buying successful plugins and then using them to track you or show ads or whatever. I'm worried this will be the next stage in the battle for our attention -- best case: companies will buy popular plugins to track us and show us intrusive ads; worst case: nefarious actors will buy them to scrape information we think is private and collect it.
IE: I just want to be able to say "Hey, Firefox... those permissions that I granted to plugins x, y, and z? They don't apply to www.myfavoritebank.example.com"
Is there a browser that has that feature yet? I spent a few hours trying to figure out if Firefox did. It did not appear to.
edit: Added semicolons to separate plugins in list b/c HN stripped the newlines from my comment.
Similarly to all the stories (with two currently in the front page of HN, eBay and PayPal) about algorithms that are just insufficient for the range of realistic scenarios these companies must deal with on a regular basis.
It's merely the equation of profit outweighing customer service. Admittedly, they're working on a scale that's difficult to comprehend, but that shouldn't absolve them of aiding and abetting criminal use of their systems.
Google's and Meta's profit motives are the base cause of this continuing escalation of the ubiquity and user-hostility (to put it mildly) of internet advertising.
It's only been predictable for the last 20 years...
https://youtu.be/YlGklt4BSQ8 (first aired in March 2000)
https://youtu.be/XPGgTy5YJ-g (April 1999)
It's gross.
I know that but try and tell it to the average user. Even many of my techie colleagues aren't game to make changes to their phones for fear of losing some beloved feature. Frankly, I'm amazed at how tolerant people are to this level of surveillance.
That said, much can and does go wrong, resurrecting bricked phones seems to be a pastime of mine. As you know, whether one can decouple Google's spyware subsystem easily or not depends on the phone. If you can't gain access to the OS then it's not possible to roll one's own ASOP-based image or use some other one.
These days, many manufacturers are making it harder and harder to bypass security features, unlock the boot loader and install custom ROMs. Nevertheless I won't buy a phone without first checking whether I can install a custom ROM and it's definitely harder now than it was say five years ago.
I do uBlock origin with pretty standard lists and have a list of allowed persistent cookies. Are the uBlock lists doing all that work in the background?
In absolutely no way is it the plugin's decision where it should be allowed to run. It's great if it self-restricts and we should encourage that, but it's absurd in the extreme that any version of plugin support ever shipped without a way for users to override and restrict them further. Trusting the author of a thing to do what they claim to do is literal security insanity, and it always has been.
Chrome is sightly improving here, with click-to-activate extensions, but it's still pretty far from just giving me a frickin list field.
That said, I know many can't.
I believe this will be supported by manifest v3 extensions in Firefox[1] which is one of the features I'm looking forward to for the same reason.
[1]: https://blog.mozilla.org/addons/2022/10/31/begin-your-mv3-mi...
In the opinion of the vast majority of adblocker users, agree with it or not, ALL advertisers are bad actors. So they will never voluntarily choose filter lists which allow "good ads" the vast majority of the time. As such this will only happen if you get the adblocker to set allowing "acceptable ads" as a default, which makes what you're talking about INTRINSICALLY corrupt and paternalistic. If you want people to actually do this, show up at the houses of Adblock developers with suitcases of money, plenty of drugs, and beautiful prostitutes and whisper sweet stories into their ears about how they can help small businesses find markets for their products. Sadly ublock origin's developers appear to be incorruptible.
Google has figured out trying to push "acceptable ads" any harder is pointless and has instead moved to simply make adblocking technically harder to do by taking control of web standards.
> adnauseam does not do this. It only adds to your personal information. It doesn't hide anything.
It does hide it. It hides it between a bunch of garbage data. That’s the point.
If the CIA wants to assassinate me, a browser extension isn’t going to help. But if I start seeing ads for adult diapers while I’m browsing the internet, I’m going to laugh and feel good about knowing they wasted a few cents.
> Accurate or not, that data will increasingly impact your life in very real ways. The more data they have, the worse it will be for you.
Sorry, but that’s ridiculous. It sounds like FUD a spam blog operator would say lol.
> this isn't actually true, because advertisers don't care. That's why the world is still and increasingly filled with ads that aren't laser focused on you as an individual. We have more and more ads on network TV, on billboards, on radio etc. None of them were stopped because they sometimes showed an ad to someone who doesn't care about it. Seriously, they don't care. You clicked, that's good enough for them. Sales aren't even always the goal. Being seen (or the appearance of being seen) is often all they need.
When something isn’t working, you stop wasting money on it. Ads aren’t going to completely disappear, but if collecting personal data on individuals stops being effective, then marketers will need to turn to other means of targeting. It won’t happen tomorrow, but I did say “long term”
"Read and change all your data on all websites" "Change your privacy-related settings"
It feels like this could give the US Government one stop shopping to ... me.
Oh boy, I get my Christmas Goose early this year!
Consent-O-Matic: use annoyances filter list PopUpOFF: sounds useless, use filter list Privacy Badger: sounds useless, use filter list ClearURLs: use url cleaning filter list
You might be wrong about PopUpOFF, though. I started using it as a solution to websites that pop-up an overlay asking me to subscribe to their newsletter when I mouse-out of the window. It is fantastic at putting an end to that.
For reference, ClearURLs can bypass redirects, has etags protection, both features which uBlock origin does not have (or at least didn't have last time I checked). Privacy Badger removes outgoing link tracking by Facebook and Google, has custom well-tested lists to block cookies or blocking third-party without blocking them entirely when necessary/useful. It also has quite a few smart learning features (not the ones Google tells are "fingerprinting" you) such as blocking canvas-based fingerprinting on the go.
uBlock Origin is awesome. The default blocking lists are great. The other ones provided with the extension are even better. But it's not a magic silver bullet. What you're going to use really depends on what you want out of your browsing experience, what your threat model is, etc.
At least on Android there's a way to use a custom rom even if it's difficult.
I may be hallucinating that shim, though I'm pretty sure it actually exists...
That said, URL filtering isn't necessarily effective at keeping your behavior private either. There's an argument to be made about ClearURLs and URL filtering in general being counter intuitive, as you might stick out among a sea of other users with marketing params in their URLs.
Still wishing for a Tor-like solution to anonymizing all users on a browser configuration level.
I had to thoroughly wipe my computer and the computers of two others that fell to the same malicious ads.
Now ublock origin is standard and no Adobe products are allowed.
I wish this were possible for the phone app. Every now and then I am recommended a video from one YouTuber in particular that I can't stand. Is there an app for that? I don't think you can block within YouTube, which would be great.
By that I mean, if you're a site about say, board wargames, and there's some new board wargame that wants to advertise on your site, ok. Edit your page to add an ad graphic with a link to the seller. That's cool. And maybe the people reading your page will actually want to buy it!
But there's just no way that third-party ads through some generic ad network will ever achieve that fit or reliability. And ads based on tracking people's data and suggesting things based on what you interacted with on social media or whatever? That's always going to be hot garbage at best. Adding in a third-party ad network (and probably behind that brokers and other middlemen) can't possibly make it better, it can only make it worse. So that's what we have today.
But go back to simple static ads relevant to the content of the page and problem solved.
If so, how do you ensure that none of these plugins and extensions steal your data?
> Original commenter is right about the feature obsolescence and didn't seem condescending to me
> That said, URL filtering isn't necessarily effective at keeping your behavior private either. There's an argument to be made about ClearURLs and URL filtering in general being counter intuitive, as you might stick out among a sea of other users with marketing params in their URLs.
> Still wishing for a Tor-like solution to anonymizing all users on a browser configuration level.
What frustrates me the most is that this is one place where mine and Google's interests actually align! Let me help train them to not show me crap I don't want to see... then I'll use their products (YouTube and Search) more and give them more opportunities to show me ads! (Well, theoretically -- I block as many ads as I can right now).
That was one of the big reasons I looked for an alternative to Google search. IIRC, you used to be able to exclude results from Google search. In order to do so, you HAD TO LOGIN TO GOOGLE (another huge win for Google!). Now I use Kagi -- primarily because they allow me to exclude sites from their search results.
Simply put, I trust the password manager. Recently, however, I have considered uninstalling that plugin and using only the desktop version of the password manager -- and then copy/pasting username/pw from the password manager to websites.
One reason I don't do that, though... is because having the password manager as a browser plugin guarantees (?) that the password it presents to me is for the site I am visiting. If I end up on a webiste with an IDN that was chosen very carefully to look like my bank's domain, my password manager plugin won't present me with a password -- which will trigger my paranoia.
If you can't tell, I wrestle with this decision pretty regularly...
Yes you can. Do what corporate firewalls do. MITM all TLS connections with your own personal CA. Don't allow any traffic streams that you can't MITM to leave your network.
Not the same, COM handles far more than the annoyance feature list.
I geek out a bit and use Surge for iOS (pricey and not for non-techie users) and run a few proxies. It'll also allow for DNS override, which I use NextDNS's DNS over HTTPS.
Which is the problem.
Distributors of ads need a solid Know Your Customer program, so you can find the crooks. Otherwise, they have to accept liability for scams they help promote.
Buy an iPhone, install an ad blocker, disable all the tracking, and be done with it while still being able to use the features of the phone you bought.
I mean, the comment is pretty straightforward, I don’t really see the need to come to this person’s defense. I agree that the iOS policy is dumb, but deliberately misinterpreting this person to make them correct is silly.
https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-don...
Really these days about the only privacy extension you might need is uBO and possibly CanvasBlocker if you haven't set RFP.
https://support.mozilla.org/en-US/kb/firefox-protection-agai...
The former team left Privacy Tools and that is now just arbitrary recommendations by one guy who mostly spruiks cryptocurrency bullshit. He also has no experience when it comes to auditing, verifying any of what is recommended, not a sysop, not a programmer either.
If you want to know specifics about that see https://www.privacyguides.org/about/privacytools
Also see https://github.com/arkenfox/user.js/wiki/4.1-Extensions
We have instructions for that
This will modify the browser fringerprint making you more unique.
I would not install so many extensions as you're trusting a huge number of organizations/people with privileged access to your browser. Anything that modifies CSS, Document Object Model (DOM) will make your browser stand out.
We wrote a blog post about this: https://blog.privacyguides.org/2021/12/01/firefox-privacy-20...
That includes any extensions that modify what is requested etc. See:
https://github.com/arkenfox/user.js/wiki/4.1-Extensions
See https://www.privacyguides.org/desktop-browsers/#firefox, you really don't need to do anything more than that.
> Facebook Container
etc, not needed unless you login to multiple Facebook accounts.
> Disconnect
Not needed, you should enable Firefox's ETP Enhanced Tracking Protection, this includes anything on that list. https://support.mozilla.org/en-US/kb/enhanced-tracking-prote...
Once upon a time, we used programs to guard against malware. AdAware, ccleaner, a whole bunch of them. I feel so old calling them "programs" here, instead of apps or extensions.
There's actually two protocols DNS over QUIC https://datatracker.ietf.org/doc/rfc9250/ which has a specific port 853. This can be blocked.
Then there is DNS over HTTP3 https://security.googleblog.com/2022/07/dns-over-http3-in-an...
It's actually not too difficult if your users use Firefox. You can use enterprise policies https://support.mozilla.org/en-US/products/firefox-enterpris...
/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
* 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
* see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
* [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
* [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
// user_pref("network.trr.mode", 5);
I also like Awesome RSS to bring back Firefox's RSS feed finder, Old Reddit Reddirect (brings back old reddit), Search By Image, Theater Mode For Youtube, User-Agent Switcher, Youtube-shorts Blocker (you can still view them, but the layout is the same as a normal video), View Image Context Menu, Smart Referer (adds a bit of privacy)
* ublock origin: block ads
* uBlacklist: block domains from Google search results
* SponsorBlock: skip sponsored segments in youtube videos
* Thumbnail Rating Bar for YouTube™: show a rating bar along the bottom of each YouTube search result
* Firefox Multi-Account containers: Site storage segmentation
* Bypass Paywalls Clean: bypass site paywalls (mostly news)
* Clear URLs: clean tracking / referrals from URLs
* TTV LOL: block some Twitch ads
* ViolentMonkey: Greasemonkey scripts for further site customization
This is because the desktop browser uses the full "Gecko" renderer, but mobile uses "GeckoView", that doesn't have that implemented yet.
Chinese is the most popular, but only 760 for 2022 and the aggregate trend is down:
2016: 2378
2018: 2252
2020: 1675
2022: 1518
Internationalized Domain Name (IDN) Annual Report 2022
[1] https://www.icann.org/en/system/files/files/idn-annual-repor...
No "let Onedrive cloud your photos" in my gallery app, no "keep using Edge" when downloading Chrome, no recommended apps on my Samsung phone.
The FTC, other regulators or courts in the countless cases against Google may also use such a statement as validation that fraud is rampant.
Of course, this is not the fault of DoH providers themselves - at worst, they have just made it easier to perform this.
I really like the idea about a sort of global blacklist for your permissions.
2. When I make phone calls I use a feature phone, it's incapable of doing anything else. That is, it has no Internet access—not even Bluetooth.
3. I wouldn't be seen dead on social media or using a Gmail account, and I've no need of Apple's store or Netflix, etc. so the functionality you refer to isn't an issue.
4. My Android phones are for limited internet use only and or portable computer use. Similarly, the functionality you speak of just doesn't apply. They are hacked and tailored specifically for my requirement and they do exactly what I want. Right, I'm in control (unlike iPhone users).
5. Even then, as a rule, my Android phones don't use SIM cards, they connect to the internet wirelessly via separate pocket routers which further isolates them from internet gumpf and garbage.
It is more comfortable, but it's preferred using a wide DNS ad blocker as sites can only know that for some reason the DNS server can't resolve their domains. DNS ad blocker can also increase uniqueness.
Using an ad blocker extension can also cause security issues, as the extension has full control on network traffic and has potential to be exploited.
But loading ad's are the much greater security issue.
And if you care about "uniqueness" you have that already with your IP, so you should start there with yourOwnVPN, TOR etc.
Clearly you're right (sometimes I'm overcautious). :-)
I use a separate portable FF[0] for that. That makes "cross contamination" impossible.
It was too unbearable to do a simple search for some technical info and end up on a website that would LITERALLY slow the OS as a whole due to spike on Edge's CPU and memory usage.
cp -a /my/firefox/profile/template "$TMPDIR"
firefox --no-remote --profile "$TMPDIR"
How so? You're just retrieving the data and displaying it.
> And if you care about "uniqueness" you have that already with your IP
There are many ISP's that use NAT to save IP addresses, hence an IP is not really an identifier. Even if not, an IP is identifieing the all network, and all the ones that are connected to the same network. You can see how in YouTube (incognito mode) you will always get personalized videos based on your IP approximate geolocation (usually just the state) if it's your first time.
For everyone else: you're going to leak identity information one way or another, and it's going to get correlated. The more plugged-in and connected you are, the harder it is to remain anonymous.
If you really value your privacy, don't use the internet or any types of computers, including phones, and never go outside.
It's a cat and mouse game, and the cats have won.
1.https://sneak.berlin/20230115/macos-scans-your-local-files-n...
The more feeds you subscribe to, the more unique your fingerprint.
https://sneak.berlin/20230115/macos-scans-your-local-files-n...
Yeah displaying data...that cant be dangerous ;)
>There are many ISP's that use NAT to save IP addresses, hence an IP is not really an identifier.
Do you really think your argumentation is good?
I know by experience that the key isn't about refusing them, but letting them having those "user accepted" KPI values, even if it goes nowhere behind.
then again, mainstream computing as a hole is largely built upon volunteer work as linux and open source are the basis of mobile _and_ cloud.
But that's mostly just a habit of mine that I know is pretty useless, as websites don't need cookies to track you, and I really don't know why they even bother anymore.
just blocklist known garbage
> Is there a browser that has that feature yet? I spent a few hours trying to figure out if Firefox did. It did not appear to.
Safari has the ability to enable/disable extension on a per-site basis... Even on a "ask every time" basis. Thankfully the ask shows up as a lock badge on the extension's icon rather than a popup.
If you like a site to go back to it repeatedly don't you think it would be fair to "pay the fee" of seeing the ads, thus supporting that site, however annoying they are?
People sell popular browser extensions to malicious parties all the time and AFAIK there's no systematic way to notify users when this happens.
FBI: "Rather than search...type the business’s URL into an internet browser’s address bar..." I'm not sure about this one. Typos easily happen, and it's the typo'd domain that scammers might own. Risky whatever way you go I suppose. For well known businesses I'd rather search and click on organic links than trust my own typing of a URL.
"Use an ad blocking extension". Third time's the charm. Great to see this advice coming from the FBI.
For the rest of the web in my Default browser profile, I do have ad-blocker extensions installed (uBlock Origin, some Violentmonkey scripts), but they're not linked to the Chrome store. I prefer loading them as unpacked extensions and updating them once in a while manually. Mainly in case some malicious actor takes control of these extensions pushes an update that does something wild.
There's a bunch of settings in there not available under the main settings. Eg privacy.resistFingerprinting -- which actually has a bug where your browser suddenly stops opening full screen, even with this setting disabled. Solution is to toggle this setting on and off, restarting browser between toggles, and Firefox will remember to open full screen again next time if that's how you left it.
Later thought. I also occasionally install Play Store apps via Aurora Store and it's worth noting that some state that they require Google Play Services but in fact they do work without it (I normally have GPS/Google Play disabled or uninstalled).
I've not bothered to research why but I presume it's the reporting mechanism that's not working, the core operation of these programs being independent of GPS (presumably this would simplify programming if the programmer is also coding the program for iPhone).
I'd be most interested if you or anyone else has more info about this.
They really don’t. Some YouTube videos (and channels) are way more profitable for Google than others, on a CPM basis. I think there are even some videos that are just plain money losers (long videos that aren’t packed with mid rolls).
Google wants to steer you towards the most profitable videos and away from the unprofitable ones. They don’t care about your interests. They’d rather trick you into watching videos you don’t like and that get you angry (but keep you engaged) than to watch videos you’re really interested in but are too long and niche and unprofitable.
As for myself, I use both regularly but for serious work the PC/large screen predominates.
In recent years I've often found myself working on the PC with a collection of phones about me all with different but related information on them. It's akin to having multiple textbooks open on one's desk for reference. It's also a handy way of not cluttering up my PC screens with multiple windows/tabs open.
Try to remember that policy, law, and major social trends tend to have slower feedback loops than other machines. It's hard to know today where we will innovate that will ultimately make a contribution to societal progress, but I can tell you with pretty high certainty that giving up won't help change anything for the better.
Like the lady said, "We live in capitalism, its power seems inescapable--but then, so did the divine right of kings."
Similarly, I use Firefox on Linux but I also regularly browse the web or post to HN on a phone that's been heavily deloused of Google using Firefox and other browsers—but never Chrome.
It's not dangerous because it's coming from a good source, such as google ads.
> Do you really think your argumentation is good?
Yes, because that's what happens. I don't really think an IP is a good identifier because it's shared by others. Using cookies is a much better option.
The rest is just fear mongering, I'm sorry, not sure how to phrase that more elegantly or politely. I'm not an uber smart domain expert wrt certs, but we shouldn't have to be to know that valid device MITM with certs is a normal use case. And it shouldn't be used as a boogeyman man on layman users.
Firefox on Android can have the full powered ublock origin addon installed in it. Same as desktop. It makes things so much better.
I struggle with this. Of course I want the producers of content that I like to make money. And it seems obvious to me that if I'm one of the people consuming (and liking) that content... some of that money I want them to make should come from me.
But the pipeline that the "modern web" provides to complete that transaction is openly hostile towards me. It makes content creators that I want to support participants in a giant machine designed to build a dossier on me (and every other user of the "modern web"). It also encourages VERY LARGE numbers of content creators I do not want to support -- those whose primary goal is to be participant in that machine; who only produce content because the machine requires it.
I would argue that this machine has never built this dossier with my "informed" consent (but lawyers could make the case that it has). But now, the machine builds it without even bothering to get my "uninformed" consent. For example: Facebook is known to build profiles on people that don't have Facebook accounts -- ie: people that could never have agreed to their TOS.
The top priority of this giant machine is putting ads in front of my face. Helping me discover content that I want to consume is only a secondary priority.
And there is a GOOD reason for why this machine evolved: people don't want to pay money _directly_ to content creators, so a way evolved for them to receive compensation _indirectly_. So yes, this is -- at least in part -- my (our) fault.
But I really feel like things have shifted to the point where the large majority of compensation that content creators receive is a function of their value to that machine... not a function of the value they create for the people who consume their content.
This is all a very long way of saying: I don't believe the value of a content creator _to me_ should be calculated based on their value _to this machine_.
I don't know what the solution is. Find a way to accurately assess the value _to me_, not _to the machine_ -- and then provide a way for me to pay the content creator directly. If I like the content enough -- and IF I'm not shown ads or tracked once I'm a paying customer -- I will pay. This is how newspapers worked for... centuries? (Save that newspapers did show ads, though they did not track you).
The problem is... I think that being part of the machine is more lucrative than selling content directly to consumers. And the hostility of this machine towards me has turned this into a fight. Of course I'm going to fight back.
> ...however annoying they are?
This is where you start to lose me. I don't think "annoying" captures just how "hostile" this machine has become.
I'm old enough to remember switching from Yahoo Search to Google Search -- NOT because the results were better, but because Google's ads were less intrusive. I never blocked those ads. I even clicked a few...
When I say register, I meant sign up for the wireless service. I did not already have an account. I was on my wifi and browsed to the wireless provider to activate my sim card and get a phone number. I could have done this on my PC but doing that on my cell verified with the vendor that my phone was supported since I am using an off-brand device. It was easier to copy the IMEI that way.
For Googles app store I used a throw away Gmail address that is not used anywhere else. I would love to put a new image on the phone but AFAIK there are no custom roms for my make/model of device. I would love to install GrapheneOS but they have sadly limited device support to Pixel. I am learning more about using adb since this is my first smart phone and with time I will neuter Google without replacing the rom, hopefully. It's mostly harmless for now since I rarely have the phone on.
It's excellent. I have needed to disable it occasionally to make basic site functionality work on some sites that I absolutely need to use, though I'm forgetting which ones.
1. I was all but certain it couldn't provide worse search results than Google (that bar is pretty low now).
2. I knew it would let me exclude websites from search results.
The fact that it provides pretty decent search results and a nice user experience were just icing on the cake.
The personal and societal effect of ads are more tangible than the personal effect of tracking. Even if networks are truly able to use this data, it doesn't matter how precisely you can be served with ads if you don't see them.
And it's a good thing that DoH is easy, because it helps protect vulnerable people from censorship and surveillance.
I couldn't see how to do this in Windows Firewall. Which OS/firewall/rule are you using?
I know you have your reasonings, but I’ll give you my raw unfiltered train of thought of why I wouldn’t sign up in case it helps you in your business:
“It’s only 30 bucks a year” say 100 other apps. I get it, you’re trying to make money, but there are many other ways of doing this for free. You’re not offering that much product to me that’s worth a subscription. Netflix? I actively use it every night. Spotify? Several hours a day. Blocking ads? Maybe a one time fee.
Companies are using every scrap of data they can get their hands on to take more of our money and they want more. The government is buying up data they can't legally collect directly. It's pretty likely that you've already experienced real world consequences of the data taken from your online activities. (https://epic.org/issues/consumer-privacy/data-brokers/)
They tell us that all the tracking we're subjected to is just about ads, but the data being collected is used all over the place offline. What we really need is privacy regulation with real teeth, but that's probably not going to happen any time soon because it's making companies tons of money. There's a multi-billion dollar a year industry around the buying and selling of the our data for a reason.
I was unclear. This is exactly the case I'm talking about. The network, and all of the devices on the network, are mine.
> What? No it doesn't.
It does. It makes it easier for bad actors -- mostly advertising networks -- to bypass my DNS filtering. They can do it all with their own code, encrypted through HTTPS to hide it, and never touch my DNS systems, nor be affected by browser settings.
> You're not supposed to be able to have control over what tools other people use on their own computers.
Again, I'm talking about having control over my own machines, not anyone else's.
Basically the same process that some companies use for similar purposes.
This only works with devices that I can install my own CA key onto. I have not figured out how to do that with the vehicle diagnostic tool.
If that makes DoH bad, then privacy is bad too since it makes it easier for terrorists and pedophiles to evade the law.
You have to get updates here: https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clea...
https://www.androidpolice.com/i-dont-care-about-cookies-acqu...
DoH is literally just "DNS over HTTPS" (hence the TCP a lot of the time) and you can build this a ton of different ways, including as a basic RESTful API. Local javascript on the page could literally just call any old HTTPS web API to get hostnames resolved, and thanks to HTTPS is much harder to detect, inspect and interfere with than traditional DNS. Fundamentally, a DNS request is a really basic API to implement.
This is why DoH is so hard to conclusively block - its by design to look like "normal" web traffic so bad actors are prevented from manipulating your DNS responses, and the implementation can be done pretty much anyway you want - there are a million different ways to pass a message over HTTPS, and to a firewall they all look like the exact same normal HTTPS traffic if you don't explicitly block the IP or domain serving the DoH.
There is no such thing as right or wrong way to do DoH so long as the DNS messages are passing over HTTPS - the standards are largely to help make it easier to deploy and avoid common pitfalls of course (simpler to integrate to browsers and other software "for free" if the message response body format is standardised), but devices, apps and even javascript in the browser are free to solve this anyway they want, with whatever kind of message payload they can dream up.
DoH is just an HTTP request over SSL in most implementations, nothing more, with the record usually in the payload body in a JSON message or similar.
Yes, that's why I don't use any commercial IoT devices. I have no actual control over them. Before I shed the few I did have, I kept them segregated on their own subnet so that at least their presence didn't have to impact anything else.
The only privacy they are affording is specifically to entities that I don't want operating on my machines to begin with, who are mostly interested in violating my privacy.
So this privacy mechanism, in this use case, really is bad because it reduces my privacy.
If that's what you want, you need to give me time to put it together. I set this up a number of years ago and don't remember the details off the top of my head.
here's what I do remember: I use a squid proxy and replace all of the HTTPS certs on my other machines with my own. When HTTPS is negotiated, it's with my proxy, not the end destination.
Then the proxy does its proxy thing and sets up a normal HTTPS connection with the destination.
In my proxy, I have a script that is looking for the HTTP lookup exchanges detailed in RFC8484 (https://www.rfc-editor.org/rfc/rfc8484). When it finds them, it drops them on the floor. Everything else just gets passed through.
The actual thing is that simply each app embedding Gecko needs to be brought up to speed separately, and if Android is lagging behind, it just is, "GeckoView" or not. (Even before the invention of GeckoView, due to understaffing Android Firefox used to lag behind in terms of multi-process capability, so nothing new under the sun…)
If their money comes from advertisers and not users, they serve advertisers and not users. Supporting them as a temporary solution just means if they succeed we have all the same problems when the same incentives come into play.
dns blocking would only see the domain coolblog.org, and doesn't see that it loads ad.js, so it won't block anything.
But e.g. uBlock, also sees that your browser tries to visit ad.js, if uBlock had ad.js in its blocklists it can block loading this script.
Or, perhaps, take a bit of a more nuanced view of things. Perfect privacy, exactly like perfect security, is and always has been an unattainable ideal. But less than perfection is still very useful.
Locking your front door won't stop someone with a battering ram, but you might want to do it anyway.
Configurable.
> Will that last through a financial crisis if advertisers offer them more money?
Will Brazil win the 2090 world cup? I'm not sure I get your point...
> Supporting them as a temporary solution just means if they succeed we have all the same problems when the same incentives come into play.
Internet services are run by ads. Unless we can transfer to a model which is publicly funded or subscription based (even free software needs to pay for servers and employees -- the money has to come from somewhere) then the best we can hope for is an ad-funded service which allows you enough control to turn everything off if you want to.
Do you have a better solution and are you willing to start working on it?
Otherwise, you are making 'perfect' the enemy of 'good'.
Sure I can:
It was built to block ads. You have to tell it to do so in a way that blocks "all of them" otherwise it just blocks the terrible/annoying/malicious ones.
On a related point, the push to the cloud is befuddling when everyone has a phone with "free" (from the developer's point of view) computing power sitting there unused. Everyone's wasting money on centralizing compute despite more distributed compute being available than ever before.
Carrying a smartphone is incompatible with privacy. Unfortunately, so is using a credit card (https://www.fastcompany.com/90490923/credit-card-companies-a...) and having a face (https://www.wired.com/story/get-used-to-face-recognition-in-...).
We're all doomed, so you may as well just use the software that makes you happy.
I also used to use Chaff (https://chrome.google.com/webstore/detail/chaff/jgjhamliocfh...), which opens up a tab and browses on its own when the browser is idle and disappears when you start using it again. As with Ad Nauseam, the means of protecting privacy behind it is not anonymity, but rather obfuscation - muddifying your actual browsing behavior by flooding the data you leave behind with junk data (at which point it ceases to be data, I suppose). The problem with that extension was that I would sit back and wait for it to start browsing, and then I’d waste too much time watching it / customizing its behavior.
The book _Obfuscation: A User's Guide for Privacy and Protest_, written by the authors who developed Ad Nauseam and TrackMeNot, has a great chapter on chaff (the obfuscation tactic, not the Chaff extension mentioned above).
Don't do this, you're not making your browser any more private than just blocking using uBlock Origin.
Any kind of "obfuscation" extensions that change browsing behavior significantly modify the fingerprint. There are a lot of uBO and other adblocking users but very few Ad Nauseam users or users of other weird extensions.
I also wouldn't be surprised if there isn't a way to filter out those "clicks" anyway from the ad provider's side.
They are risky and mostly written by people who think they sound cool without thinking of the side effects.
Don't bother with this extension as it can't delete other storage locations where there is persistant storage. Also Firefox has TCP, Total Cookie Protection so you don't need them anyway.
https://blog.mozilla.org/security/2021/02/23/total-cookie-pr...
Better to just sanitize on close https://www.privacyguides.org/desktop-browsers/#sanitize-on-... and maybe keep history.
If you want to keep persistent logins then whitelist those specific cookies to those specific sites or use a password manager.
The extra functionality provided by ClearURLs is not not needed with Ublock Origin's removeparam feature.
They will tell you it is to defeat censorship though and to improve network resilience, because they are deeply committed to having the image of being a champion of internet freedom.
1. You trust every ad comes from "google"
2. You think ~everyone/most have ISP-NAT (hint nearly ~no one has it and IPv6 is a thing too (hint 2. those are 38% worldwide))
But you care about uniqueness because of ad-blockers who are used by ~40% of all users, but a IP is "not" unique, nor the browser, OS, resolution and GPU and the combination of all those factors, but NONO the Adblocker is the problem.
And besides, every browser that supports DoH also lets you pick what server to use, and adblocking DoH servers exist.
Remember when you responded to a post about blocking ads by default?
> Internet services are run by ads. Unless we can transfer to a model which is publicly funded or subscription based (even free software needs to pay for servers and employees -- the money has to come from somewhere) then the best we can hope for is an ad-funded service which allows you enough control to turn everything off if you want to.
Now we get to the point: you support ads, so you aren't actually committed to getting rid of them.
The internet existed before internet advertising, and the kinds of websites people built for intrinsic reasons rather than for money were far superior. If Facebook et al disappeared completely the world would be a better place.
There is not a shortage of content, there is a shortage of filterability created by low-effort garbage funded by ads. If people aren't willing to pay for something, it's because it's not that great.
Patreon shows that some people are willing to just make donations for free content. And incidentally, Patreon-supported content tends to be higher-quality because they're serving donors, not advertisers.
We don't need ads. Ads are a blight on humanity which provides negative value.
> Do you have a better solution and are you willing to start working on it?
You mean the < 10 lines of code necessary to have an ad blocker installed by default?
> Otherwise, you are making 'perfect' the enemy of 'good'.
Brave is not "good". It's literally no different in any way from a browser which supports adblocking extensions.
IP are also constantly changing, at least once a month. For sure, they can't rely on one identifier, which is the IP address, because after it changes, all of the data is gone.
Also, you say things I didn't say. I said THE IP is not a really good identifier, but you also say I meant also other identifiers.
The IP can't survive on its own. The algorithm needs more than just one thing. It needs multiple things while if one is not applicable then we get another one.
An ad blocker already eliminates you to 40% of the internet users, which is a lot.
It does block ads by default. You then asked about analytics.
> Now we get to the point: you support ads, so you aren't actually committed to getting rid of them.
I definitely do not support ads. I block them.
> The internet existed before internet advertising, and the kinds of websites people built for intrinsic reasons rather than for money were far superior. If Facebook et al disappeared completely the world would be a better place.
Yes it did. It was funded by the government, universities, the military, and people through personal servers (you can probably also count BBSs as well). These things had functions orders of magnitudes smaller than are available today (want to see a satellite picture of your house then get walking directions from there to Alaska?).
> If people aren't willing to pay for something, it's because it's not that great.
Someone pays for everything. Do you have a solution? I would happily pay more taxes to publicly fund services like search engines and browsers -- but that isn't politically viable right now.
> We don't need ads. Ads are a blight on humanity which provides negative value.
I agree. That's why I block them.
> You mean the < 10 lines of code necessary to have an ad blocker installed by default?
No, I mean how to fund massive projects and infrastructure without public funding.
> It's literally no different in any way from a browser which supports adblocking extensions.
I never said it was. I said it blocks ads by default.
But what if I want actually use the web instead of just blocking ads. Sponsorblock, TamperMonkey, 1Password, CamelCamelCamel, etc are all useful extensions as well that make browsing the web specifically for me better.
There are so many fingerprinting techniques that it seems pointless to have a detrimental experience generally instead of using a sandboxed computer for specific dangerous activities.
I'll continue to use Ad Nauseum, despite your recommendations against it, because I'd rather have a known worthless profile than a worthless browser.
>I also wouldn't be surprised if there isn't a way to filter out those "clicks" anyway from the ad provider's side.
Theres no evidence supporting this, but Google blocking it from the Chrome store is strong evidence that filtering out those clicks is actually difficult
Edit: Also its a moot point as extensions can't be used for fingerprinting if you just don't use Chrome https://github.com/z0ccc/extension-fingerprints#extension-fi... . I assume any activity I do in Chrome is sent back to Google (or Microsoft or Brave) regardless of plugins installed.
I don't know from where you have that one sided information (maybe you life in a bubble), but my IP changes never until i leave the router powerless for more then 12 hours.
>An ad blocker already eliminates you to 40% of the internet users, which is a lot.
No it's not, but your screen-resolution combined with GPU combined with OS combined with Browser(Version) combined with Cam/Mic combined with ~location is.
I guess it's company dependent.
> No it's not, but your screen-resolution combined with GPU combined with OS combined with Browser(Version) combined with Cam/Mic combined with ~location is.
You said it yourself. 40% of all users use an ad blocker, hence when you use one, the website will know, and you're part of them.
If you open google.com and search for 'mattress' in Brave, you will see Google ads in Brave, by default.
Furthermore, Brave is capable of blocking these ads, but chooses not to, therefore it does not block ads by default.
>> Now we get to the point: you support ads, so you aren't actually committed to getting rid of them.
> I definitely do not support ads. I block them.
"you" was referring to Brave, not yourself. The point is that Brave is a first part ad vendor (showing ads is how it makes money) so for this reason it is not commited to blocking first party ads by default (as it would be ironic I guess).
> Someone pays for everything. Do you have a solution?
Yes, you can chose to support paid search engines and browsers, paid by users, not advertisers.
> I agree. That's why I block them.
Original comment was about which browser is blocking all ads without discrimination, on default settings.
You can make any browser block ads with some effort, through for example extensions.
It doesn't block all ads everywhere -- I don't know any browser or extension that does. It certainly blocks most of them. I don't see google ads because I don't use google for search (and I also run a pi-hole), so I wouldn't know.
> "you" was referring to Brave, not yourself.
Well 'you' use strange sentence structure and grammar and it doesn't communicate your point clearly -- or you are retroactively changing what 'you' mean after 'you' write it.
> Yes, you can chose to support paid search engines and browsers, paid by users, not advertisers.
Does 'you' refer to 'me'? Because I already do that. 'I' was speaking of browsers and software and services in general. And I already brought up the subscription model but that doesn't work for browsers, apparently. Why don't you make one?
> Original comment was about which browser is blocking all ads without discrimination, on default settings.
Original comment was about browsers blocking ads. I mentioned Brave was built to block ads. You seem to have changed this conversation to be about Brave supporting ads and how if it does then it doesn't 'count' when it blocks them. Try to keep up.