Our great sponsors
-
-
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
From a technological point of view, TOR still has a couple of flaws which make it vulnerable to the metadata logging systems of ISPs:
- it needs a trailing non-zero buffer, randomized by the size of the payload, so that stream sizes and durations don't match
- it needs a request scattering feature, so that the requests for a specific website don't get proxied through the same nodes/paths
- it needs a failsafe browser engine, which doesn't give a flying damn about WebRTC and decides to actively drop features.
- it needs to stop monkey-patching out ("stubbing") the APIs that are compromising user privacy, and start removing those features.
I myself started a WebKit fork a while ago but eventually had to give up due to the sheer amount of work required to maintain such an engine project. I called it RetroKit [1], and I documented what kind of features in WebKit were already usable for tracking and had to be removed.
I'm sorry to be blunt here, but all that user privacy valueing electron bullshit that uses embedded chrome in the background doesn't cut it anymore. And neither does Firefox that literally goes rogue in an endless loop of requests when you block their tracking domains. The config settings in Firefox don't change shit anymore, and it will keep requesting the tracking domains. It does it also in Librefox and all the *wolf profile variants, just use a local eBPF firewall to verify. I added my non-complete opensnitch ruleset to my dotfiles for others to try out. [3]
If I would rewrite a browser engine today, I'd probably go for golang. But golang probably makes handling arbitrary network data a huge pain, so it's kinda useless for failsafe html5 parsing.
[1] https://github.com/tholian-network/retrokit
[2] (the browser using retrokit) https://github.com/tholian-network/stealth
[3] https://github.com/cookiengineer/dotfiles/tree/master/softwa...
From a technological point of view, TOR still has a couple of flaws which make it vulnerable to the metadata logging systems of ISPs:
- it needs a trailing non-zero buffer, randomized by the size of the payload, so that stream sizes and durations don't match
- it needs a request scattering feature, so that the requests for a specific website don't get proxied through the same nodes/paths
- it needs a failsafe browser engine, which doesn't give a flying damn about WebRTC and decides to actively drop features.
- it needs to stop monkey-patching out ("stubbing") the APIs that are compromising user privacy, and start removing those features.
I myself started a WebKit fork a while ago but eventually had to give up due to the sheer amount of work required to maintain such an engine project. I called it RetroKit [1], and I documented what kind of features in WebKit were already usable for tracking and had to be removed.
I'm sorry to be blunt here, but all that user privacy valueing electron bullshit that uses embedded chrome in the background doesn't cut it anymore. And neither does Firefox that literally goes rogue in an endless loop of requests when you block their tracking domains. The config settings in Firefox don't change shit anymore, and it will keep requesting the tracking domains. It does it also in Librefox and all the *wolf profile variants, just use a local eBPF firewall to verify. I added my non-complete opensnitch ruleset to my dotfiles for others to try out. [3]
If I would rewrite a browser engine today, I'd probably go for golang. But golang probably makes handling arbitrary network data a huge pain, so it's kinda useless for failsafe html5 parsing.
[1] https://github.com/tholian-network/retrokit
[2] (the browser using retrokit) https://github.com/tholian-network/stealth
[3] https://github.com/cookiengineer/dotfiles/tree/master/softwa...
From a technological point of view, TOR still has a couple of flaws which make it vulnerable to the metadata logging systems of ISPs:
- it needs a trailing non-zero buffer, randomized by the size of the payload, so that stream sizes and durations don't match
- it needs a request scattering feature, so that the requests for a specific website don't get proxied through the same nodes/paths
- it needs a failsafe browser engine, which doesn't give a flying damn about WebRTC and decides to actively drop features.
- it needs to stop monkey-patching out ("stubbing") the APIs that are compromising user privacy, and start removing those features.
I myself started a WebKit fork a while ago but eventually had to give up due to the sheer amount of work required to maintain such an engine project. I called it RetroKit [1], and I documented what kind of features in WebKit were already usable for tracking and had to be removed.
I'm sorry to be blunt here, but all that user privacy valueing electron bullshit that uses embedded chrome in the background doesn't cut it anymore. And neither does Firefox that literally goes rogue in an endless loop of requests when you block their tracking domains. The config settings in Firefox don't change shit anymore, and it will keep requesting the tracking domains. It does it also in Librefox and all the *wolf profile variants, just use a local eBPF firewall to verify. I added my non-complete opensnitch ruleset to my dotfiles for others to try out. [3]
If I would rewrite a browser engine today, I'd probably go for golang. But golang probably makes handling arbitrary network data a huge pain, so it's kinda useless for failsafe html5 parsing.
[1] https://github.com/tholian-network/retrokit
[2] (the browser using retrokit) https://github.com/tholian-network/stealth
[3] https://github.com/cookiengineer/dotfiles/tree/master/softwa...
Related posts
- There are no Internet Browsers that cannot be tracked, or are there?
- Ask HN: How you would redesign a web browser?
- TholianĀ® Stealth - Secure, Peer-to-Peer, Private and Automatable Web Browser/Scraper/Proxy for the Web of Truth and Knowledge. Goals: increased Privacy, increased Automation, adaptive Semantic Understanding. Web Scraper + Web Service + Web Proxy
- Pirate Party member: GDPR-compliant Whois will lead to 'doxxing and death lists'
- Request for Feedback on Network Concept