@lanodan @p No, of course they don't isolate each tab, that would be trouble. You can assign which container the tab uses manually. This way if you log in to Facebook in the Facebook container, cookies and persistent data can't get outside. It's like using a different profile, but all within one browser instance. That is why it should be immune only if used properly. If all your tabs use the default container — it's not.

@m0xee @p So in your mind you create a container for each thing you log into?

Are you not aware of things like shadow-accounts? Facebook has been doing this for absolute ages. (Those people probably hate me :D)

And fingerprinting apparently got good enough that some are advertising it as an authentication method, and it probably works well enough.

@lanodan @p Exactly! For each thing I have to use and I don't trust.
Well, I do a lot more than that. I have Forget Me Not to clean up cookies and persistent data on leaving the domain. I only keep cookies for a few things I need actually.
And I don't have and never had Facebook, Instagram or WhatsApp accounts in the first place. So I think I'm fine 😄

@m0xee @p I guess the difference ends up that I don't trust by default, to the point where I aggressively self-host.

@lanodan @p Self-hosting is great, but takes a lot of time to maintain. I have my own nitter instance, but I'm too lazy to host something like matrix server.

@m0xee @p Matrix is a shitshow, don't even try.

Hosting XMPP? Painless, it's essentially just installing prosody and enabling few plugins in the config, few more things if you care about VoIP and IPv4.

Hosting mumble? Pretty easy.

Hosting IRC? Easy until you have bots.

Hosting email? Also works well, the ones yelling about Google/Microsoft/… online are probably mailing-list hosters, not the same kind of deal at all. And I wouldn't host mailing-lists except very small ones, subscription management is hell, there is better protocols.

@lanodan @p Isn't hosting e-mail a similar shitshow nowadays? I mean configuring sendmail is pain, but at least I did it sometime ago. But all this DKIM-stuff is a fsckery of its own.

@m0xee @p
> sendmail

Are you from the previous millenium?

I would recommend OpenSMTPd.
As for DKIM… I hate this shit but dkim-proxy just works.

@lanodan @p
>Are you from the previous millenium?
Damn! My cover has been blown! 🤣

@m0xee @lanodan You can ignore DKIM if you don't mind GMail usually marking you as spam. (Fine by me.)

@m0xee @lanodan (SPF you can't ignore; a lot of hosts just drop you without even a courtesy notice. SPF should default to "v=spf1 mx -all".)

@p @m0xee I think drop stuff also drops your email if they got it through a mailing-list (I hate this hack, get a real protocol people, usenet/forums/… are a thing).

@lanodan @m0xee Mailing lists are nice compared to forums.

@p @m0xee I'm not a forum person but to me it's because of their scattered away decentralisation.
But that's typical web stuff, even for the fediverse there is very few things that allow to use multiple accounts at once.

@m0xee @lanodan

> And I don't have and never had Facebook, Instagram or WhatsApp accounts in the first place.

https://en.wikipedia.org/wiki/Shadow_profile

@lanodan
The extension is smart enough to do things like "every time you open a facebook tab, it's automatically in the facebook gay baby jail container"

@p @m0xee

@neo @p @m0xee Nice but how does that prevents shadow profiles?

@lanodan
if they already know about you, it really wont, but it might keep them from learning new things about you

@p @m0xee

@m0xee @lanodan ...Or just avoid JS and null-route malicious networks (Facebook, Google, ad networks, etc.). This works cross-browser, cross-system, and eliminates this entire class of vulnerability instead of having to wade through the swamp to spot-weld a million holes.

@p @lanodan Of course! I have media larger than 8Kb, third party fonts and scripts blocked by default in UBO and only enable them when I absolutely must.
Ideally, you should have IP routes set only to the servers you want to connect to and not have the default route. But maybe that's a bit overkill 😅

@m0xee @p Blocking at IP level is sadly currently using a bazooka to kill a swarm of mosquitoes.

I tried blocking cloudflare, it didn't last: https://hacktivis.me/articles/blocking%20cloudflare%20IP-range%20be%20like

@lanodan @p Yep, sadly, this breaks a lot of things.
What also irks me is that a lot of websites including websites of companies that should be about privacy, like VPN providers, use reCAPTCHA. This is just wrong in every possible way 🤬

@m0xee @p I once got blocked out from the electricity grid provider website because I'm terrible at clicking on the bloat apparently…

@lanodan @p Happened to me too! My cell provider blocked me for a couple of days for refusing to find all the bicycles or something like that 😆

@m0xee @lanodan

> companies that should be about privacy, like VPN providers

"Should" is a mistake; they have no reason to. Tor.

@p @m0xee Yeah, VPN providers are probably even worse.

I could sue my ISP if it would do any shit and they also have to follow the local laws.

Suing a VPN provider? You might as well sue a dead person.
And a lot of them can follow *any* law they want, even worse than Facebook law HQ being Santa-Clara but taxes HQ being Ireland. (Forcing Facebook into EU would be funny given GDPR :D)

@lanodan @m0xee

> VPN providers are probably even worse.

In the case of Epik's VPN, NordVPN, "probably" can be changed to "provably".

> Suing a VPN provider? You might as well sue a dead person.

Such a mess.

> Forcing Facebook into EU would be funny given GDPR

That's the great thing about GDPR: it's absurd enough be costly, but it's also easy enough to ignore if you are small. There was that one provision that allowed that guy to get Facebook to send him a 900-page printout of all the data they had on him, that was hilarious.

@p @m0xee
> There was that one provision that allowed that guy to get Facebook to send him a 900-page printout of all the data they had on him, that was hilarious.

Yeah, Max Schrems, which is founder or something of https://noyb.eu/en
He done it multiple times btw.

@p @m0xee Incidentally I should try to do GDPR data requests to ~everything, specially things I haven't used, could get to learn few things.
Like how pharmacies here had their cashiers sending customer data back to the mothership, making me glad I always paid in cash there so far.

@lanodan @m0xee

> Like how pharmacies here had their cashiers sending customer data back to the mothership

Oh, we've got that here now, too.

> making me glad I always paid in cash there so far.

I wonder if they're doing the bluetooth shit in Europe too.

@p @m0xee bluetooth shit?

I heard of supermarkets tracking people with wifi.
But well, I don't have a smartphone and I don't go in supermarkets, they've always been mischievous assholes, last time I went there was returning a gas ~rubber pipe that was very nearly expired and I just bought.
Glad I checked the date before opening the package and that in EU there is mandatory free 15-days return.

@lanodan @m0xee

> bluetooth shit?

Yeah, not just wifi but Bluetooth pings. Any radio. In the US, it's currently illegal to do this with cell network stuff, but there are a lot of antennas on a person nowadays.

Did I tell you when I worked across the street from the Beverly Wilshire? There's some paparazzi operation that runs out of there, they were, at the time, making Pringles yagis for their Bluetooth antennas and then using those to capture MAC addresses, which they could confirm at public events. So the politician or celebrity (or their friends, or anyone in their security detail), if they had a Bluetooth device, these guys could tell what room of the hotel they were in and who they were there with.

@p @lanodan @m0xee shit like this is why farraday bags have gone from ‘you’re a paranoid maniac’ fashion to ‘hm, seems reasonable’ accessory. It took 30 years from radio beacons landing aircraft in bad weather to measuring how long you linger around the cereal section before you bought those fruit loops, just to wring a few more cents out of you.

@slash @lanodan @m0xee There was that guy, I think he was a garbage man or something, his employer made the drivers install this spyware thing on their phones, right? So after lunch he'd play golf instead of driving, and they didn't catch on for a year or two because he kept his phone in the bag from his chips, which was apparently able to act as a pretty good Faraday cage.

@p @lanodan @m0xee Rodeo Dr?

Classy shit.

@ins0mniak @lanodan @m0xee You'd think so, but Beverly Hills is all just either skeevy bastards or rich skeevy bastards.

@ins0mniak @lanodan @m0xee But think for a second about all those Bluetooth butt-plugs. Now the paparazzi knows!

@p @lanodan @m0xee

@p @lanodan @m0xee word.

@p @lanodan Wow! That is some seriously sick shit! 😱
Good thing bluetooth gets disabled automatically if you don't use it for like 10 mins on most modern phones. Some use bluetooth headphones, smartwatches etc, so it stays on.
And there is no way to get rid of all the radios.

@m0xee @p Just leave your phone at home for most cases, bonus for forgetting it in a room you usually aren't in.

Do you even want to answer the phone while doing something outside?

@lanodan @p I started doing this a couple of years before all this COVID shit broke loose and kept doing it throughout the pandemic.
Because I was afraid that using alcohol to clean my phone too often might ruin its case 🤭

@m0xee @p I tend to have rugged phones so actually the only times where I make sure to take my phone is for music festivals :D

@lanodan @m0xee I don't like answering the phone while doing something *inside*. I hate vox. (Why doesn't my bank have an IRC server?)

@p @lanodan @m0xee

https://arstechnica.com/tech-policy/2022/06/facebook-is-receiving-sensitive-medical-information-from-hospital-websites/

@ins0mniak @lanodan @m0xee

@p @lanodan @m0xee VPN's won't protect people from browser fingerprinting. Something that was once attempted to be explained to the Epik guy....very slowly.

@ins0mniak @p @m0xee I don't think it's worth taking the time to explain it to some people.

There will always be people that think it's a good idea to reroute all their communications to whatever fad of the day, and then not even learn when it turns out it was a false company done by a three-letter agency.
Or these days people who think it's great to have a microphone, door camera, … connected to a mothership.

What should be done instead is making sure people *ignore* them, as they have no idea what they're talking about.

And I totally would sue people in my town, specially neighbors if they would install an Amazon Ring.

@lanodan @ins0mniak @p No one's using VPN to avoid browser fingerprinting I think. It still prevents your ISP from spying on you, helps circumvent georestrictions, countrywide IP blocks, etc.

@m0xee @lanodan @p It has it's uses, but it doesn't protect people as much as many think it does.

@ins0mniak @p @lanodan That is true. It is necessary, but not sufficient.

@m0xee @p @lanodan Exactly. Epik for the longest time was touting their VPN as this ultimate bullet proof privacy solution which is just not accurate. It drives me crazy when these outfits do stuff like that.