Minimising Browser Telemetry
-
Due to the giant GOPstrich in the room. I have switched to linux and been actively trying to learn as much computer science as possible. I set up a TOR relay using Librewolf as the browser, using socks5 to send data from the browser, through the network. As an experiment, I asked Microsoft's AI where I was and it immediately returned my city. I tried again using a VPN, with a different browser and it still got it right. So, I wanted to ask, how can we limit the telemetry collected by these programs? How can we better limit their ability to spy on us?
-
System shared this topic on
-
Due to the giant GOPstrich in the room. I have switched to linux and been actively trying to learn as much computer science as possible. I set up a TOR relay using Librewolf as the browser, using socks5 to send data from the browser, through the network. As an experiment, I asked Microsoft's AI where I was and it immediately returned my city. I tried again using a VPN, with a different browser and it still got it right. So, I wanted to ask, how can we limit the telemetry collected by these programs? How can we better limit their ability to spy on us?
I wouldn’t use Copilot for this, as it may be using some older info on you that it already has. There are lots of “whatismyip” type sites that can try to guess your location. Failing that, see what region Google serves you ads from—any YouTube ads I get are always from my VPN endpoint country/region.
Also, just try plain old Tor Browser to compare with your setup.
-
I wouldn’t use Copilot for this, as it may be using some older info on you that it already has. There are lots of “whatismyip” type sites that can try to guess your location. Failing that, see what region Google serves you ads from—any YouTube ads I get are always from my VPN endpoint country/region.
Also, just try plain old Tor Browser to compare with your setup.
-
Maybe, but it's a brand new Linux install. New browser and everything, just a bit unnerving you know?
It might have been your DNS that was identified? It depends on whether you enabled proxy DNS for SOCKS5.
For best fingerprinting protection, use either:
- Mullvad Browser with a VPN (prefer Mullvad VPN)
- Tor Browser
Avoid using Tor with a normal browser because you will stick out like a sore thumb.
-
Maybe, but it's a brand new Linux install. New browser and everything, just a bit unnerving you know?
Usually it uses your IP address first, bit it's not the only information in cases where the IP address is a known VPN or similar. Are you saying you were tunneling over TOR the first time?
When you switched to VPN you didn't mention what browser. If it's one that supports advertising IDs, that could be used, for example.
And when you connected to copilot did you get a captcha popup? If so, did you have to actually solve a captcha or click a button? If not, then it likely is getting information from somewhere that you are trustworthy.
Clear all browser data, make sure enhanced tracking protection is not disabled for the site. Go to a site that tells your IP address and verify it's the Tor endpoint to verify the setup there is correct. Then try again.
Also, assuming you're not clicking through any popups to allow tracking info or logging in to any accounts on this browser beforehand. If you log into a Microsoft account or any other account for a site that Microsoft gets info from first, it can use those logins to track you. You can disable this in the browser, but so many sites will break without it.
-
Due to the giant GOPstrich in the room. I have switched to linux and been actively trying to learn as much computer science as possible. I set up a TOR relay using Librewolf as the browser, using socks5 to send data from the browser, through the network. As an experiment, I asked Microsoft's AI where I was and it immediately returned my city. I tried again using a VPN, with a different browser and it still got it right. So, I wanted to ask, how can we limit the telemetry collected by these programs? How can we better limit their ability to spy on us?
I laugh at the folks that think Ladybird will save us. If their developers & contributors & bug reporters require using the data-sucking Discord & MS GitHub with no alternatives, what makes anyone think they would take privacy seriously?
-
It might have been your DNS that was identified? It depends on whether you enabled proxy DNS for SOCKS5.
For best fingerprinting protection, use either:
- Mullvad Browser with a VPN (prefer Mullvad VPN)
- Tor Browser
Avoid using Tor with a normal browser because you will stick out like a sore thumb.
Yeah, Librewolf by default doesn't use DoT neither DoH, and so your IP is still exposed, but Librewolf had made it fairly easy to change through preferences or the librewolf overrides, whatever more convenient, as stated on its DoH enabling documentation.
-
Yeah, Librewolf by default doesn't use DoT neither DoH, and so your IP is still exposed, but Librewolf had made it fairly easy to change through preferences or the librewolf overrides, whatever more convenient, as stated on its DoH enabling documentation.
That is not what I was referring to. DoH is easy to access in the settings, but with a SOCKS5 proxy you want DNS from the provider to avoid fingerprinting of your location by using a network or DoH provider, which may be a geographically closer server because of your host IP.
Under about:config, change "network.proxy.socks5_remote_dns" to true.
I don't know definitively why they were fingerprinted to there local city, this is just a theoretical reason.
-
It might have been your DNS that was identified? It depends on whether you enabled proxy DNS for SOCKS5.
For best fingerprinting protection, use either:
- Mullvad Browser with a VPN (prefer Mullvad VPN)
- Tor Browser
Avoid using Tor with a normal browser because you will stick out like a sore thumb.
Librewolf, strict browser privacy settings. Delete cookies on exit. Don't store history. Using Mulvad's secure DNS. I have a dynamic IP address setup with the ISP. Then I enable the VPN using NL as my node. THEN I start the Tor relay and connect to it through socks 5. No Captcha presented, visit the AI, asks me for a name.
"Hey, Copilot, where am I?"
Immediately got me.
-
Usually it uses your IP address first, bit it's not the only information in cases where the IP address is a known VPN or similar. Are you saying you were tunneling over TOR the first time?
When you switched to VPN you didn't mention what browser. If it's one that supports advertising IDs, that could be used, for example.
And when you connected to copilot did you get a captcha popup? If so, did you have to actually solve a captcha or click a button? If not, then it likely is getting information from somewhere that you are trustworthy.
Clear all browser data, make sure enhanced tracking protection is not disabled for the site. Go to a site that tells your IP address and verify it's the Tor endpoint to verify the setup there is correct. Then try again.
Also, assuming you're not clicking through any popups to allow tracking info or logging in to any accounts on this browser beforehand. If you log into a Microsoft account or any other account for a site that Microsoft gets info from first, it can use those logins to track you. You can disable this in the browser, but so many sites will break without it.
Yeah so, Dynamic IP set up with the ISP. Running Librewolf, on the strictest browser settings, using Mullvad's secure DNS and Riseup-VPN, with my IP address being NL (Nowhere close to my part of the world). No pop-ups enabled, resist finger printing enabled, no cookies, delete temporary files and cache upon exit. Sharing location disabled (obviously) requests to use any of the hardware all blocked. Only thing running to get the site to work is Java, that I turn on after already getting to the site. Still knows where I am. Start Tor Relay with browser configured to route traffic over socks5, try again with New DNS, Try a 3rd time now with Tor over vpn, still nothing. I actually had a much spookier thing happen with Brave's Leo attempting this from my phone. I use a chinese phone, banned where I live, never for sale. I lived on a different continent when I purchased it. I asked it a question about enabling developer options. It gave me the specific instructions then my make, model and firmware version. When I asked how it knew what phone I had, it told me it was guessing and denied being able to see all the data on my device. This is on the android web browser, with the embedded AI. Fuck me, dude, how do we stop them from collecting data on our hardware? Like, I would love to use Qubes, but the architecture of my machine, just doesn't support it.
-
System shared this topic on
