The FBI Identified a Tor User

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
  • retrokit

    :joystick: Bring back the old Web(Kit) and make it secure

  • From a technological point of view, TOR still has a couple of flaws which make it vulnerable to the metadata logging systems of ISPs:

    - it needs a trailing non-zero buffer, randomized by the size of the payload, so that stream sizes and durations don't match

    - it needs a request scattering feature, so that the requests for a specific website don't get proxied through the same nodes/paths

    - it needs a failsafe browser engine, which doesn't give a flying damn about WebRTC and decides to actively drop features.

    - it needs to stop monkey-patching out ("stubbing") the APIs that are compromising user privacy, and start removing those features.

    I myself started a WebKit fork a while ago but eventually had to give up due to the sheer amount of work required to maintain such an engine project. I called it RetroKit [1], and I documented what kind of features in WebKit were already usable for tracking and had to be removed.

    I'm sorry to be blunt here, but all that user privacy valueing electron bullshit that uses embedded chrome in the background doesn't cut it anymore. And neither does Firefox that literally goes rogue in an endless loop of requests when you block their tracking domains. The config settings in Firefox don't change shit anymore, and it will keep requesting the tracking domains. It does it also in Librefox and all the *wolf profile variants, just use a local eBPF firewall to verify. I added my non-complete opensnitch ruleset to my dotfiles for others to try out. [3]

    If I would rewrite a browser engine today, I'd probably go for golang. But golang probably makes handling arbitrary network data a huge pain, so it's kinda useless for failsafe html5 parsing.

    [1] https://github.com/tholian-network/retrokit

    [2] (the browser using retrokit) https://github.com/tholian-network/stealth

    [3] https://github.com/cookiengineer/dotfiles/tree/master/softwa...

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
  • stealth

    :rocket: Stealth - Secure, Peer-to-Peer, Private and Automateable Web Browser/Scraper/Proxy

  • From a technological point of view, TOR still has a couple of flaws which make it vulnerable to the metadata logging systems of ISPs:

    - it needs a trailing non-zero buffer, randomized by the size of the payload, so that stream sizes and durations don't match

    - it needs a request scattering feature, so that the requests for a specific website don't get proxied through the same nodes/paths

    - it needs a failsafe browser engine, which doesn't give a flying damn about WebRTC and decides to actively drop features.

    - it needs to stop monkey-patching out ("stubbing") the APIs that are compromising user privacy, and start removing those features.

    I myself started a WebKit fork a while ago but eventually had to give up due to the sheer amount of work required to maintain such an engine project. I called it RetroKit [1], and I documented what kind of features in WebKit were already usable for tracking and had to be removed.

    I'm sorry to be blunt here, but all that user privacy valueing electron bullshit that uses embedded chrome in the background doesn't cut it anymore. And neither does Firefox that literally goes rogue in an endless loop of requests when you block their tracking domains. The config settings in Firefox don't change shit anymore, and it will keep requesting the tracking domains. It does it also in Librefox and all the *wolf profile variants, just use a local eBPF firewall to verify. I added my non-complete opensnitch ruleset to my dotfiles for others to try out. [3]

    If I would rewrite a browser engine today, I'd probably go for golang. But golang probably makes handling arbitrary network data a huge pain, so it's kinda useless for failsafe html5 parsing.

    [1] https://github.com/tholian-network/retrokit

    [2] (the browser using retrokit) https://github.com/tholian-network/stealth

    [3] https://github.com/cookiengineer/dotfiles/tree/master/softwa...

  • dotfiles

    :boom: My system installation profile (by cookiengineer)

  • From a technological point of view, TOR still has a couple of flaws which make it vulnerable to the metadata logging systems of ISPs:

    - it needs a trailing non-zero buffer, randomized by the size of the payload, so that stream sizes and durations don't match

    - it needs a request scattering feature, so that the requests for a specific website don't get proxied through the same nodes/paths

    - it needs a failsafe browser engine, which doesn't give a flying damn about WebRTC and decides to actively drop features.

    - it needs to stop monkey-patching out ("stubbing") the APIs that are compromising user privacy, and start removing those features.

    I myself started a WebKit fork a while ago but eventually had to give up due to the sheer amount of work required to maintain such an engine project. I called it RetroKit [1], and I documented what kind of features in WebKit were already usable for tracking and had to be removed.

    I'm sorry to be blunt here, but all that user privacy valueing electron bullshit that uses embedded chrome in the background doesn't cut it anymore. And neither does Firefox that literally goes rogue in an endless loop of requests when you block their tracking domains. The config settings in Firefox don't change shit anymore, and it will keep requesting the tracking domains. It does it also in Librefox and all the *wolf profile variants, just use a local eBPF firewall to verify. I added my non-complete opensnitch ruleset to my dotfiles for others to try out. [3]

    If I would rewrite a browser engine today, I'd probably go for golang. But golang probably makes handling arbitrary network data a huge pain, so it's kinda useless for failsafe html5 parsing.

    [1] https://github.com/tholian-network/retrokit

    [2] (the browser using retrokit) https://github.com/tholian-network/stealth

    [3] https://github.com/cookiengineer/dotfiles/tree/master/softwa...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • There are no Internet Browsers that cannot be tracked, or are there?

    3 projects | /r/hacking | 17 Sep 2022
  • Ask HN: How you would redesign a web browser?

    1 project | news.ycombinator.com | 14 Feb 2022
  • TholianĀ® Stealth - Secure, Peer-to-Peer, Private and Automatable Web Browser/Scraper/Proxy for the Web of Truth and Knowledge. Goals: increased Privacy, increased Automation, adaptive Semantic Understanding. Web Scraper + Web Service + Web Proxy

    1 project | /r/AltTech | 21 Oct 2021
  • Pirate Party member: GDPR-compliant Whois will lead to 'doxxing and death lists'

    3 projects | news.ycombinator.com | 17 Oct 2021
  • Request for Feedback on Network Concept

    1 project | /r/hacking | 1 Sep 2021