this post was submitted on 27 May 2026
87 points (97.8% liked)
Privacy
5701 readers
204 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
canvasblocker ublockorigin privacybadger
about:config ->
-> javascript.options.shared_memory = FALSE
-> privacy.firstparty.isolate = TRUE
-> privacy.partition.network_state = TRUE
-> privacy.partition.network_state.oscp_cache= TRUE
-> privacy.partition.network_state.oscp_cache.pbmode = TRUE
-> privacy.partition.serviceWorkers = TRUE
-> privacy.reduceTimerPrecision = TRUE
-> privacy.resistFingerprinting.reduceTimerPrecision.jitter = TRUE
-> privacy.resistFingerprinting.reduceTimerPrecision.microseconds = 1000 ... or... more?
... might do something to stymie this?
From the paper:
Well I have no idea what the 'default configuration' of ... Linux ... is...
But uh, theoretically this is something you could harden against by going balls to the wall with security preferences and options in firefox, waterfox, librewolf, ironfox, something like that... maybe?
Also, its maybe possible that using a seperate container for each seperate tab could also stymie this.
Interesting ideas in here, particularly the timer precision
Waterfox seems to already have a default of 1000 microseconds, if... I think, you go with 'strict' privacy settings option?
So on the one hand, a very brief perusal of the paper shows that the method needs like, sub 200 timings to work well.
On the other hand... I have no idea if the exploit method effectively circumvents the way this timing speed limit actually works.
I basically just sped read everything lol.
So, you're saying you only needed one timer?
Seems like a feature vendors need reconsider unimplementing/threat remodeling.
Yeah I apparently missed all this but yeah, there seems to have been a significant hubub of basically... wait why do we even need this at all?
To satisfy lazy corporate web devs who can't be bothered to use existing APIs properly?
That's basically my take after after a light review of reading several threads in various places around this, over the last few years.
Mullvad browser maybe better for this than librewolf?
Potentially?
Maybe?
I would not call myself an expert here, I don't... dev webbrowsers, more like I'm a privacy minded power user.
I'm literally just spitballing, I can guarantee nothing.
Maybe if I did a full crash course over like a month or two, I could have what I would call a 'semi-informed' opinion.
Because mullvad based on torbrowser which known very fingerprint resistant.