Web pages are not allowed to list your extensions. They can indirectly surmise you have certain extensions based on how your requests differ from expectations. For example, if they have advertisements, but your browser never actually makes any requests to load the images, CSS, JS or HTML for the advertisements, they can deduce you have an ad-blocker. That’s a datapoint they now have to ID you: “has an ad-blocker”

Now let’s say they have an ad they know AdBlockPlus allows, but uBlock Origin doesn’t. They see your browser doesn’t load that ad. Another datapoint: “Not using AdBlockPlus”.

Based on what requests go back and forth between your browser and their servers, they map out a unique fingerprint.

Now you visit another site, and lo and behold, all the same quirks are found. Tada, they now say “hm, probably the same browser,” and start personalizing content. Site use an ad network, so it’s the common denominator, not the sites you visit. The ad networks do the between-sites tracking.

also, VPN does diddly squat when you login to some service like google, facebook, xitter, amazon, outlook, reddit, etc. You logged in as you. They don’t give a shit you’re logging in from another IP. And if the sites are working with the same ad network, if you’ve ever logged in from your real IP even once, they they just add another datapoint about you: “Sometimes uses a VPN” and that gets tucked away in your permanent record.

nothing you do online is private. I’m not saying “give up” but it’s pretty bleak and I don’t see it getting better anytime soon.

i fucking love that this exact problem was solved until Reddit unsolved it by charging exorbitant API fees and effectively killed 3rd party apps and forced everyone onto their shitty app.

e n s h i t t i f i c a t i o n

you dropped this: \

sudo chown user:user -R / will get me to reinstall.

That’s not the way they would track you. If you use the same email address for both accounts, a data broker on the back end will be able to connect them because you used the same email address. It’s not about the IP address. It’s about your identity. And if you’re like oh well I’ll just make a new email for each site, Gmail requires that you use a phone number to sign up. Most email providers do. So then they would just connect you by your phone number because you needed to use those on both email addresses. Privacy is nonexistent on the web. Mind you this happens because LinkedIn shares your data with “third-party partners and service providers”. There’s nothing that you can do to stop this.

only in theory. in reality, only one person would ever buy it then re-release the source code for free-as-in-beer. unless you’re talking about something other than GPL2/3.

weird way to spell “run DOOM” but okay.

Give it to the dev, and explain the situation. Let them know it seems too big/complex of a PR, but you’re willing to make additional changes, or break up PR to make it more palatable for merging. It’s in the dev’s hands after that.

I don’t think you should release your own fork without at least trying to work with the original project.

Make sure all your commits have detailed commit messages so that the dev can follow what you were doing (upgrading deps, refactor because xyz, etc.) Don’t just record what was changed, explain why it was changed.

anyway that’s what I would do.

well that’s like, your opinion, man.

I am absolutely not advocating rudeness to the cashier.

Give them the opportunity for malicious compliance.

Allow them to answer every question and have a pleasant break from the monotony, knowing full well that they are being cheerful and helpful just like the training videos and handbook demand they be.

Cool assumption bro. Hope that works out for you.
I am never rude to the poor people that have to work retail. I know the pain; I have been on the other side of the counter.

What I’m talking about is malicious compliance.

They tell the cashiers to push the program and be helpful? Fine. I will let that cashier be the most helpful employee ever and at the same time gum up the company data collection system with fake information.

At the same time as more punshment to the company they will see reduced sales and throughput requiring additional cashiers (more hours/pay for those people).

But please bring on the fake internet point brigade.

I didn’t say to be rude to the cashier. They make hourly wage, doesn’t matter how many people they check out.

Make the company pay. Cause less product to be sold per hour. Cause more cashiers to be required. Make it more expensive to have the data collection program than to not have it. Be the change you want to see in the world.

Or just let them get away with it. Your call.

Give fake information every time. Waste the cashiers time with questions. Make them pay for it.

Don’t forget the best place to whistleblow and/or change the system is from within. Privacy minded people can better influence what policies and practices happen at a company when they work there.

uBlock is a content filter. Cookies are set when a server responds to a web (http/https) request. So if uBlock has a domain blocked, not only are any cookies blocked, but no requests make it to that domain (whatever.com) at all.

If a domain is not blocked by uBlock Origin’s filters, then cookies are set per your browser’s configuration. Firefox I believe blocks some 3rd party tracking cookies by default, but can be configured to block all third-party cookies as well, but this may break site functionality like single sign-on.

It’s already trivial to see that you’re connecting. You’re not making anything at all more difficult for state level actors, just yourself.

There’s no point in hiding the transaction. A state level actor will see that you’re connecting to the Mullvad VPN addresses and won’t need to check your credit card statement to determine that you’re using it.

I understand the concerns of privacy, but working in academia means that you give up some of the privacy.

Yes people will have your real name and they will know what college you work at and if some crazy person decides that they want to stalk you on campus because you’re woke or part of the deep state turning the frogs gay with chemicals they’ll be able to easily do that.

You’re gonna have 100s of strangers in your classes during the year. You’re going to tell them exactly when you’re going to be in your office for office hours.

If you are unable to handle that I doubt academia is for you.

Academia is about furthering human knowledge especially a PhD. There are sacrifices involved; your privacy is probably one of them.

Part of being an academic is being available to discuss your publications. Your full name will not only be flying around the internet but recorded permanently in libraries and journals.

Science is about collaboration, and standing behind the work you do, publicly. You will find it extremely difficult or impossible to get your PhD without being known to the academic community.

I think you won’t find many anonymous scientific papers held in high regard.

The issueI have with the “always unique” plan is that if they can determine your browser was associated with some set of unique IDs, then they can track you. Imagine a TOTP where the keys were leaked so the adversary can determine the entire set of possible codes.

If everyone’s fingerprints always match each other’s, then you have plausible deniability.