Not up to me, I would have done the same as you suggested.

But we’re taking about this in the context of this infographic. So we have to distill this down to:

Should FF be with, or above, Brave?

I assume we’re also taking about relatively low-barrier changes that most users can implement. So vanilla FF vs vanilla Brave, there’s a difference. Can we harden FF? Sure. Will 95%+ of people do that with Librewolf or 3 dozen other forks out there? Why bother when there’s nuance to be gained with other forks? So now vanilla FF stops being relevant.

And to be clear, I don’t use Brave unless I absolutely have to. I don’t love it, but vs. normie Vanilla FF, there’s a slight edge.

Lol, no. Here’s a list of all the things that panel doesn’t account for.

https://forum.level1techs.com/t/browser-hardening-privacy-anti-fingerprint-and-anti-telemetry-guide/198039

Also, there’s nothing close to even attempting privacy without strong fingerprint protection anyway, which I should have also mentioned. Vanilla FF allows a bright shining canvas fingerprint that Brave and Librewolf disable.

FF doesnt deserve much better than Brave as it sends telemetry, so both on tier 2. LibreWolf would fit for tier 3 or maaaybe 4.

Not even. Young man shakes fist at phone.

Spoiler: Author discovers gossip can be fueled by social media, blames social media for human propensity to gossip.

Of course, but at that point I have no passport and I’m the victim of a crime, so I have to go to the embassy to get a temp passport and ask them to help me figure out how to get a new flight and cancel credit cards.

At this point the question is where are my house keys to get in and pay a taxi guy mad cash from the airport to my house?

Y’all know they give you backup codes for your 2FA, right?

Coded printout in my fire box. Encrypted version on my home laptop. Worst case scenario is losing my phone and passport on day 1 of a long trip.

And may The Force also be with you.

And don’t take it personally, it’s a fair question with an answer that it’s exactly why people get degrees in things like public policy.

The way to “solve” this for the average person is two steps: services like DeleteMe making them feel like they can “get back” their privacy. Second is dumbed down education with easy means. 1 year ago, uBlock did amazing stuff, and only 33% of internet users were using it. Exclude 25% of the remainder as enterprise setups not allowing extensions, and you still have 40+% of people online just rawdogging MSN and Yahoo and Drudge Report. Like, have you seen that internet lately? It’s fucking intolerable. But the same peoe that install searchbars won’t install uBlock. You have to be aggressive explaining value for 10 seconds of time.

It’s a genuine campaign that takes time and alluring promos.

There’s several overlapping problems:

First, that the problem is complex. It’s not just “Microsoft bad.” There’s a turducken lasagna of layered problems that make it hard for the average person to wrap their heads around the issue.

Next, there’s no direct monetary incentive. You can’t say “you lose $500 a year because data brokers know your address.” Most people also have relied their whole lives on free email, so the average person in already in “debt” in terms of trade offs already.

You’re also starting from a point of blaming the victim in a way. It’s the same problem companies have with cybersecurity, blaming everyone except the executive that didn’t know the risks of skimping on cyber budgets. Hiding the problem to avoid public shame is the natural human response.

Finally, that resolving the problem is fucking hard. I know, we all know, it’s a constantly moving target that requires at the very least moderate technical skill. My partner wants to have more privacy online, but would rather have conveniences in many cases. And has zero patience for keeping up with changes, so I have to be a CISO for a household. So the average person, and the average household, does not have the skillset to care “effectively” if they wanted to.

You can’t force people to care or act in their own self interest. The US will sooner adopt the metric system and mandatory digital IDs.

Vibecoding games about cats in HTML. All retro style, easy to play type stuff.

Up to 5 so far.

Well, to be fair it’s also proof that people do not value privacy, and that the means by which actual privacy can be obtained are few and narrow.

It also really drives home the fact that our systems of IDs, licensure, taxes, property purchase, etc. are designed for an analog 20th century world. We need new systems based on modern technology, bit not in a way that simply contracts out to the very companies that put us here.

I’ve done OSINT research and that alone converted me into a privacy advocate. Seeing how Alphabet, Meta, and MS have allowed creep to get training data… Whew. It’s breathtaking and complicated beyond the ability to explain in 114 characters.

Y’all, we are cooked. Currently. Present tense. If you aren’t freaked out already, you’re missing about 85% of reality.

The easy solution is to stop engagement on Lemmy. Cool. Cool cool cool.

The short version is to network yourself into a relationship and job where you don’t need to apply by throwing your resume against the castle wall with 83848770188573937 other people.

Also, get a specific resume email address that you can trash once you have a job. “HireBob@yourcustomdomain.com” is easy, cheap, and helps you stand out from the crowd of gmail addresses.

You’re correct. I was thinking of how I have Floorp set up.

CreepJS doesn’t see NoScript as an extension and only catches me if I don’t switch IPs. Time zone is also worth adjusting of one is serious.

And I pass this test, plus the EFF cover your tracks test, and AmIUnique, all the time.

Of course, and I’m saying that while turning JS on for Bob’s website is maybe acceptable, leaving it turned off for gstatic, googleadmamager, etc. also on Bob’s website is easier than the other way around. Layers of defense. Don’t count on canvas blocker.

Though this is just for what you want to obscure. It doesn’t make any sense to openly interact with Google or Meta products with all this going on. Use for your socials, anything tied to your name or face, regular vanilla FF with containers for safety. Let G associate that IP/geography and fingerprint with what you HAVE to do publicly visible. Then you close FF, change VPN locations, and open private mode Librewolf. It’s full plausible deniability. Or use TOR, same same.

Convenience and security are a trade off. Find the balance that works for you based on your threat model. It’s different for everyone.

You can. Librewolf with canvas blocker, turned on in settings, Chameleon, and uBlock and/or(?) JS blocker like NoScript. Edit.

Canvas blocker and a JS blocker limits a lot of what Google can see and fingerprint per page. And you’ll be shocked at first how many pages have google trackers that a JS blocker kills. It’s easier to turn things on one at a time than claw back data once it’s out of your hands.

Chameleon spoofs a lot of other details, like browser, system time, languages, headers, etc. So for what can be seen, it’s always changing and harder to corroborate. This plus moving VPN locations is what is needed.

Also, TOR does the job, but not the most fun internet experience.