Chrome's private browsing is broken
This defeats the purpose of Incognito. If any website is able to tell you're browsing in private mode, then the browser is leaking data that shows it's not private
Here's the article I was viewing. No, I will not turn off private browsing for any reason. I'll avoid visiting your site if I have to https://archive.fo/2GDSE
@alyx The number of plugins you have also increases your attack surface. uBlock and Privacy Badger are brought to you by the Good Guys(tm), but they still add to the risk that one of these can be compromised at some point
Ideally, the browser itself will have this functionality built in, but with the exception of "Brave" browser, I don't know of any others that do
@cypnk right, add-ons and system specs, even fonts, add to your fingerprint which is shitty
i tried to minimize that a couple years ago but at least in FF on windows it was pretty hopeless feeling unless i wanted to ditch all add-ons
but beside the fingerprinting risk, i was wondering if i'm still hitting most of the incognito checkboxes w/ this (simple) add-on combo
@cypnk re-reading your comment i don't think you were exclusively referring to the fingerprint issue re: increased attack surface
to that point, i wonder how FF's massive add-on infrastructure revamp will affect size of attack surface. i don't know about that.
@alyx I don't use FF for casual browsing these days; Only dev work so I do need quite a few plugins
In Chrome these are currently installed:
uBlock Origin
Privacy Badger
HTTPS Everywhere and
Disable HTML5 Autoplay
@cypnk mm. i use HTTPS Everywhere as well
(it's not ready for FF57 yet, but there is a webextension alternative that tries to indiscriminately use HTTPS on every site (vs. HTTPS E's whitelist approach))
i guess i will investigate incognito / private browsing to better understand them
@alyx I think the hiccups should be ironed out pretty soon. They've been announcing webextensions for quite some time, so I'm sure they're already working on a stable version that doesn't try HTTPS on everything
@cypnk yes, HTTPS E WE for FF is in the works. just mentioned cuz i've been going through that WE status worksheet today
@cypnk @alyx Brave browser changes what ads you see, not sure it prevents ad-network malware delivery.
If you're blocking 3rd-party cookies, which breaks almost nothing, fingerprinting should be basically restricted to the site you visit. If they're pushing that function to third parties, then not even that.
As for attack surface, I suspect the couple of add-ons that otherwise drastically reduce the attack surface for compromised content delivery are always going to be a net win.
@cypnk i have never used these modes
i have wondered how they differ from my normal FF setup running anti-tracking (privacybadger), extensive adblocking (ublock origin), and manual cookie whitelisting (denies cookie by default)?
i know incognito mode deletes history when you quit...