Javascript was a mistake, #9001: https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/
@p "New attack" my ass. Described "attack" seems to be depending on third-party embeds and cross-site cookie/storage access, both of which are severely trimmed down by any privacy-conscious web user.
@mint A lot of people use the "just slap some Tor on it" approach.
I actually nix traffic from my home network to almost all of the api.whatever and widget.whatever and jscdn.whatever hosts for those embedded things. (This spoils me to some extent because if I take a device outside and try to view a website, there's a constant ridiculous barrage of ads and embedded whatsises.)
I actually nix traffic from my home network to almost all of the api.whatever and widget.whatever and jscdn.whatever hosts for those embedded things. (This spoils me to some extent because if I take a device outside and try to view a website, there's a constant ridiculous barrage of ads and embedded whatsises.)
Follow
@p @mint Browser on my laptop is configured to use something like localhost:3128 as a proxy, and that port is redirected with ssh to the actual squid proxy running on a different machine. When I take it outside the redirect still works, along with ajax.googleapis.com mirror I have at home. All the web traffic is encrypted too this way, no VPN required ☺
