Hacker News new | ask | show | jobs
by jqpabc123 530 days ago
The simplest, readily available solution ---use Brave or LibreWolf.

These can't prevent all fingerprinting but they can make it less reliable and more difficult and costly for a fingerprint to be relayed back to the mother ship.

Personalized advertising is one of the dumbest ideas of the 21st century. Studies show it is less effective than context sensitive ads and it costs more. Participants in ad auctions are essentially flying blind with little reliable, verifiable insight into the process.
2 comments
iLoveOncall 530 days ago
Ah yes, Brave, the browser that highjacks websites to inject their own referral code, that's the right browser to use for privacy conscious people.
link
pseudo0 530 days ago
They were adding their own referral code to queries made in the search bar, not replacing or altering referral codes on websites. They apologized and reversed this after criticism back in 2020 (https://brave.com/blog/referral-codes-in-suggested-sites/).

Overall Brave is pretty good, they build in ad-blocking by default and their own ad service is opt-in. They also have Tor and IPFS support that does not exist in Chromium, and are maintaining Manifest V2 support.

link
LightBug1 530 days ago
What's your suggestion? Genuine question. I'm on Firefox.
link
NemoNobody 530 days ago
Fr, ignore these people and try Brave Browser.

I care less about privacy than I do an annoying Internet. There NO ADS with Brave Browser - like I just DO NOT SEE ADS anywhere on the Internet.

Anyone that has been using Chrome can't possibly care about privacy anyways and they can't know what I mean about ads online.

link
iLoveOncall 530 days ago
> There NO ADS with Brave Browser - like I just DO NOT SEE ADS anywhere on the Internet.

There are no ads with any browser provided that you press one button and install a browser extension that blocks them.

Brave isn't an issue regarding privacy, it's a security issue, see what I said on https://news.ycombinator.com/item?id=42656123.

link
NemoNobody 529 days ago
I don't think you know what I mean about ads. The pages are setup different on Chrome and Google inserts ads into everything, over the website itself, it doesn't matter what content you are viewing, you just need to be viewing anything.

There are no ads on Brave. Not on the side of the pages, not in the middle the content scroll, not behind the content scroll, not before or after - no ads.

If you use pirate streaming sites - I rarely, rarely have a popup ad on those when I do use them.

It's not just ads, it's all about the user with Brave - most sites open in reader mode, I have to actually select to see the website itself, otherwise I just get all the content I want by default and only that content.

I have 2 different compromised gmails - both of which happened during my years using Chrome, tho one was the Experian hack I'm pretty sure, Google is not secure, I don't know why anyone would ever think that.

link
iLoveOncall 529 days ago
I never have any ads whatsoever on any website that I visit. I legitimately cannot understand what you're talking about. Pages on Chrome and Brave look exactly the same.

Seems like a user issue.

link
SlimyHog 530 days ago
Firefox.
link
jqpabc123 530 days ago
Ahh, yes. The browser that tags every install with a unique identifier.
link
NemoNobody 530 days ago
FF is too slow. Brave is where it's at.

I do wish I paid for Brave but again - I don't see ads online so I don't what they do with my information anyways.

I don't wonder about Google or Microsoft.

link
i_love_retros 530 days ago
Got any more info on this?
link
jqpabc123 530 days ago
https://www.ghacks.net/2022/03/17/each-firefox-download-has-...

This data will allow us to correlate telemetry IDs with download tokens and Google Analytics IDs.

link
yjftsjthsd-h 530 days ago
So... humor me... let's say that this is exactly true, and Brave adds or replaces referral codes. Is that a privacy problem? The only information that the website gets is that you're using Brave, but not where you got the link. We can absolutely talk about the ethics of the thing or such, but I can't see why privacy conscious people would care.
link
iLoveOncall 530 days ago
No, it's a security problem, which is much worse.
link
yjftsjthsd-h 530 days ago
Okay, then what's the security problem? What attacker does it enable, and what does it let them do?
link
iLoveOncall 529 days ago
The security problem is your very browser is performing man-in-the-middle attacks on you???
link
NemoNobody 530 days ago
Well, I don't know what they do with it bc I do not see ads on Brave Browser - it's an entirely different Internet.
link
jqpabc123 530 days ago
They use it for BAT tokens. You can "opt-in" to viewing some ads in exchange for crypto.

Don't opt-in and enjoy an ad free experience.

link
iLoveOncall 530 days ago
No, it's not that.

Brave was caught inserting their own referral code in signup forms on websites. This is basically exactly what Honey is doing and under fire for right now.

Brave basically does a man-in-the-middle attack on those websites. This goes MUCH further than just a privacy issue, it's a security issue.

I don't care about privacy, it doesn't exist, and I use Chrome. But I won't compromise my security by using a browser that is happy to pirate the pages I view.

link
NemoNobody 530 days ago
Oh, I suppose I do see some ads. Every now and then there will be a little popup recommending something - occasionally it's something even relevant. It's funny bc those ads are from Brave but they don't use the Browser, they come thru as desktop notifications and I only see them there. I do have an ad blocker that has always been on also, so I maybe augmenting the Brave experience a little but I just don't see ads online.

I use Edge occasionally - which is far superior to Google and I don't kno how ppl deal with browsing the Internet like that, it's wildly frustrating.

link
dewey 530 days ago
Simplest solution is Firefox or Safari, not another Chromium browser or niche Firefox Fork.
link
bobajeff 530 days ago
Simplest solution is to not use computers anymore. Move to a cabin in the woods, away from civilization, and live off the fat of the land.
link
fsflover 530 days ago
https://news.ycombinator.com/item?id=27897975
link
tholdem 530 days ago
If security is not that important, Firefox or Safari. If you care about security, Chromium.
link
dewey 530 days ago
Any widespread recent security issues that were only affecting Safari and Firefox? That sounds like scaremongering to me.
link
timtom123 530 days ago
Yes, there was a big one for FF in Oct https://nvd.nist.gov/vuln/detail/CVE-2024-9680
link
dewey 530 days ago
And Chrome had one with severity "High" just three days ago, browsers will always have security issues that seem to be patched reasonably fast in the big three. Might as well pick one that's not part of the monoculture by a big advertising company, depending on your threat model of course.

https://chromereleases.googleblog.com/2025/01/stable-channel...

link
tholdem 530 days ago
Yes all software will have security issues, but Chromium is much harder target to exploit than Firefox.
link
fsflover 530 days ago
Using Firefox on Qubes OS. Show me any good attack vector affecting me.
link
tholdem 530 days ago
QubesOS is great if you need to do work and personal stuff on the same computer. I do most of my stuff in the browser and have a separate computer for work. I am mostly interested in making initial access as expensive and difficult as possible.

You are still just as vulnerable or more vulnerable to malware stealing browser sessions, passwords, and everything you have on the AppVM the browser is running on than you are on a regular Fedora Workstation. Unless you only use disposable VMs, which you probably don't. If QubesOS had hardened templates, I would use it. When I used it, SELinux was not enforced, and I believe it still has passwordless sudo. Not sure what other mitigations are disabled in the default templates compared to regular, non-QubesOS Fedora Workstation.

link
fsflover 530 days ago
> QubesOS is great if you need to do work and personal stuff on the same computer

This is significantly underestimating the benefits of Qubes. Are you using your online banking in the same browser that you use for random web surfing? I do it in separate VMs with hardware isolation. Same compartmentalization with all other things.

> You are still just as vulnerable or more vulnerable to malware stealing browser sessions, passwords, and everything you have on the AppVM the browser is running on than you are on a regular Fedora Workstation

This is not true. I'm not using the same VM for everything but dedicated VMs for bank, email, HN, instant messaging and so on. A malware on a random website would only get the access to an empty VM, nothing more. Passwords can be securely saved in the related single-purpose browsers and in a plain text file (in an offline VM).

> If QubesOS had hardened templates, I would use it.

You misinterpret the Qubes' approach to security. If your VM is compromised, no hardening will save your data (https://xkcd.com/1200/). On Qubes, you should compartmentalize your digital live into security domains, such that you never run anything untrusted in trusted ones and never have anything valuable in untrusted ones. With such approach, hardening is irrelevant. More examples: https://www.qubes-os.org/news/2022/10/28/how-to-organize-you...

> Unless you only use disposable VMs, which you probably don't.

I don't understand why one wouldn't use them for everything not requiring saving the data. Of course I do use them and wrote this comment from one.

More benefits: https://forum.qubes-os.org/t/how-to-pitch-qubes-os/4499/15

link
tholdem 529 days ago
> This is significantly underestimating the benefits of Qubes. Are you using your online banking in the same browser that you use for random web surfing? I do it in separate VMs with hardware isolation. Same compartmentalization with all other things.

What about NetVM? All AppVMs us that so what if that get's compromised? Since the templates are not hardened at all, could the attacker jump from NetVM to AppVM?

> I'm not using the same VM for everything but dedicated VMs for bank, email, HN, instant messaging and so on. A malware on a random website would only get the access to an empty VM, nothing more.

So how many Templates and AppVMs do you have? Each of those dedicated VMs would need their own AppVMs at least. You have Domain: Bank, Domain: Email (do all email accounts get their own domain?), Domain: HN, Domain: Github, Domain: Stackoverflow, Domain: Signal and so on.

> If your VM is compromised, no hardening will save your data

So that means layered security is totally meaningless and instead of keeping it default, let's remove mitigations?

> you never run anything untrusted in trusted ones and never have anything valuable in untrusted ones.

In practice, this is close to impossible.

> I don't understand why one wouldn't use them for everything not requiring saving the data

Disposable VMs were the best part of QubesOS, but unfortunately, it's is pretty common that you need to login to something or save something, which means you can't use DisposableVMs for everything.

link