Reply to post: Re: But, does it work?

One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools

GIRZiM

Re: But, does it work?

What blockers, etc. are you using?

Decentraleyes helps specifically in that regard - although you have to hope the resources aren't updated too frequently for your local versions not to need constant updating (thus defeating the object)

CanvasBlocker can help to a certain extent.

uMatrix is the single most reliably useful tool in my armoury at the moment and has been for some time now; arguably more so than NoScript because it blocks at domain level and prevents things even entering the browser rather than letting them get loaded but not run (which could, possibly, betray something if there's some kind of "if <this browser characteristic> then <load that script> going on). You can. for instance, keep around 83% of what Youtube wants to load into your browser away from your viewing pleasure by only authorising the XHR elements of the ".googlevid" domain (usually only one required).

uMatrix also aids with some domains I may not instantly recognise because it highlights them in red and that clues me into the idea that I probably don't need whatever it's trying to sell me, as it were.

Adding uBlock Origin into the mix gives you some more control inasmuch as it still blocks ads even if you authorise a domain in uMatirx and, in the past, I've found that using uBlock Origin and NoScript together meant that mostly I just had to authorise images in uBlock and I could see everything I wanted - wordpress and .wp elements required a little more help as it were but most sites worked just fine without any more than images allowed through.

I'm currently trying out a combo of uMatrix, adNauseum and NoScript (NoScript has better XSS blocking than uMatrix) but I'm also finding I need to authorise a lot more scripts lately - I'm not sure why yet but it might say something about what gets loaded when you allow an element through uMatrix (e.g. because it blocks the domain, allowing ".googlevid" to load the XHR elements might allow scripts through as well as video and that's what NoScript is blocking locally)

Random Agent Spoofer did a fine job of messing things up for them insofar as it could - still hoping there'll be a Quantum version along.

So, I think it can still help to a point, provided you do what we've all had to do with these tools all along: block everything and then cautiously allow one element through at a time, starting with what are the least harmful (images) then slightly less dangerous (css) up through scripts (maybe necessary) and/or XHR elements (maybe necessary), until we work out what's essential, get to know certain domains over time and can make educated guesses from the name alone, you know how it goes.

It's a constant arms race of tools/information/experience (so, no change there really) and some days, when I'm particularly frustrated, I wonder what the neighbours must think of the number of times I (seemingly randomly) scream "C*NT!"at the top of my lungs but, otoh, it probably results in my putting myself at less risk in the first place because I don't visit sites just because they're there (the thought of all the hoops I'd have to jump through focuses my mind wonderfully) and, furthermore, if I have to authorise so many things that after two minutes I still haven't got the damn page loaded, I'll leave in frustration and that's probably a good thing because it means it's insisting on loading a LOT of stuff that isn't simply html/css/images/some-scripts and, furthermore, doesn't want me to know what it is beyond "some XHR stuff, don't worry about it, just load it into your browser" (which seldom bodes well really, if you stop and think about it).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020