- Can we HN users help push Firefox to incorporate better fingerprint circumvention? (more than current) This is, imo, one of the worst technologies that has been developed around the web. This seems like a thing all privacy focused browsers, which includes FF, should be working on together. This seems like a thing that wins by the network effect, but can be done without an authoritative browser. You just need mass numbers, and while FF isn't that large of a user share, it is large enough that probably most local networks have at least a few connections and every ISP has thousands.
FWIW, using amiunique.org I am unique on FF, Safari, Mullvad, Chrome, and Edge on a M2 Air. Mullvad is 0.22% across the board btw, so looks like that's how many Mullvad/Tor users have tried it. Though I am a bit surprised by some of the results. Similarity is very low for: UTC-07 (3% of users are on the... west coast? This can't be right), screen sizes (I thought this was going to be a win because apple consistency, but all values are <0.1% -- except depth, which is best on Safari and identical on FF/Chrome/Edge. Do people not make their browsers the full screen size? (not clicking green expand)).
- Will the browser end up having a Tor connect switch? I'd imagine this would make Tor more accessible and could make the entry via VPN method easier and safer for many users. Is that why they're working together? I guess I'm a bit confused at the collaboration here? But it does seem natural that they could work to set up easy interfaces like x -> Mullvad -> Tor, x -> Tor -> Mullvad, or even x -> Mullvar -> Tor -> Mullvad? Is this the natural extension?
> Can we HN users help push Firefox to incorporate better fingerprint circumvention?
They can't win, no matter what there's going to a subset of sites that simply won't function when you block their fingerprinting techniques, and you'll get people every thread going "Firefox sucks! It doesn't run this website when Chrome happily does!" and then you get everyone on the other side going "Firefox sucks! It isn't as private as Librefox/Tor/my-other-obscure-fork!"
> Similarity is very low for: UTC-07 (3% of users are on the... west coast? This can't be right)
I dunno, seems about right to me. It's only something like 60ish million people and there are somewhere around 5 billion internet users. Obviously who will be checking the site isn't expected to be perfectly even but that's why the number is also 3x higher than plain user count would suggest.
> screen sizes (I thought this was going to be a win because apple consistency, but all values are <0.1% -- except depth, which is best on Safari and identical on FF/Chrome/Edge. Do people not make their browsers the full screen size? (not clicking green expand)).
Screen size, not browser size. Even on the exact same make and model hardware the OS UI scale setting will alter the reported screen dimensions in the browser. The same is true with people who change the default browser zoom in the browser instead.
> It's only something like 60ish million people and there are somewhere around 5 billion internet users.
You know, I feel dumb now that you're pointing this out. I'm not sure why I originally interpreted this value as an "amount of identifiablity" variable rather than the pure amount. You're right to point that this is a variable that can only be used in support of others and not unique in of itself.
> Screen size, not browser size.
I would think this would make it more likely to be less common. Apple has tight control and thus more consistency. But it is a good point, especially considering the prior point. The M2 Air has a different screen size than the M1 Air, which has a different screen size from *-Air which has a different from pros and so on. We don't need to get into UI scaling to change that. I was just thinking about consistency and popularity of the Apple ecosystem, in the West, compared to the variance in Windows machines. For example, I know that canvas fingerprints tend to have lower variance between apple machines of the same model than windows/linux machines of the same model. Just because there is different chip binning. I was thinking about the same thing with screens. But again, I clearly did a major brain fart and I appreciate the correction.
> FWIW, using amiunique.org I am unique on FF, Safari, Mullvad, Chrome, and Edge on a M2 Air.
Not sure if this is representative. According to their website, they have collected about 2 Million fingerprints. Firefox accounts for 42% of those fingerprints, which does not reflect the global market share.
Isn't this something that's already been in conversation though? Just not popular? I'm pretty sure I've seen discussion and pull requests for this on HN. I know even the strict privacy setting, which affects fingerprints, does not make it anywhere close to a Tor fingerprint.
I was more suggesting that maybe we can demonstrate the desire of this, to put positive pressure on making this, and other privacy measures, a higher priority of FF
You can't simply submit a patch to any self-respecting open source project on a decision so consequential. You have to do annoying things that mostly get in the way, like convince other people and build consensus.
Since there's no way ANYONE could make such a change without building consensus first, I don't think it's really a problem unique to submitting a patch. I simply answered accurately that, yes, there IS a way to get it changed, but it takes work.
- Can we HN users help push Firefox to incorporate better fingerprint circumvention? (more than current) This is, imo, one of the worst technologies that has been developed around the web. This seems like a thing all privacy focused browsers, which includes FF, should be working on together. This seems like a thing that wins by the network effect, but can be done without an authoritative browser. You just need mass numbers, and while FF isn't that large of a user share, it is large enough that probably most local networks have at least a few connections and every ISP has thousands.
FWIW, using amiunique.org I am unique on FF, Safari, Mullvad, Chrome, and Edge on a M2 Air. Mullvad is 0.22% across the board btw, so looks like that's how many Mullvad/Tor users have tried it. Though I am a bit surprised by some of the results. Similarity is very low for: UTC-07 (3% of users are on the... west coast? This can't be right), screen sizes (I thought this was going to be a win because apple consistency, but all values are <0.1% -- except depth, which is best on Safari and identical on FF/Chrome/Edge. Do people not make their browsers the full screen size? (not clicking green expand)).
- Will the browser end up having a Tor connect switch? I'd imagine this would make Tor more accessible and could make the entry via VPN method easier and safer for many users. Is that why they're working together? I guess I'm a bit confused at the collaboration here? But it does seem natural that they could work to set up easy interfaces like x -> Mullvad -> Tor, x -> Tor -> Mullvad, or even x -> Mullvar -> Tor -> Mullvad? Is this the natural extension?