Thanks for the correction. I can't recall where I sourced my information from for those claims, but Privacy Tests seems to agree with you. Sorry for getting that one wrong.
The literal third party cookies are only blocked by Brave, the rest not counting privacy forks don't do it. Firefox for example you need scrict mode or custom
I've yet to find a reliable way. A lot of people report success with a Pi-hole, which is basically a self-hosted DNS blocker. Otherwise DNS in apps is hit or miss for me. I wish I had a better solution.
The problem is, people talking about digital privacy keep using false analogies to make you care about this stuff, but these analogies don't actually apply. I mean the only reason you actually care about real-life stalkers, is because real-life stalkers almost certainly want to do something you don't want. But that's not necessarily the case with online tracking, the only thing they want to do, is show you some ads, they don't want to meet you, they don't want your signature, they don't want to snap photos of your private affairs, they don't want to murder your kids. So the actual fundamental reason to care about real-life stalkers don't actually apply to online tracking, therefore you cant' just use the same analogy and imply they are the same, they aren't.
This is objectively untrue. Advertisers want to influence you, and many want to influence you in ways beyond "buy this item." Some of them want to influence the way you vote, your beliefs, or the causes you support. They want to distort what you see in your algorithmic feed and the truths you believe. This can easily be verified with a little research online, looking up things like the Cambridge Analytica scandal, the use of microtargeting in political ads, the rampant spread of "fake news," and more.
I'm not sold that _session_ cookies are a good thing. Re: "... in some cases this is a good thing they can allow you to log into a website..." I would rather go back to everything host-side so that when someone takes their eye off the ball LTT doesn't get hacked.
It can be, which is why the best solutions (in my opinion) are one of the two mentioned. Simply blocking scripts individually makes you unique, but trying to blend in or use randomization is far more effective based on the studies I've seen.
@@TheNewOil Good point. I've found blending involves a lot of guesswork without knowledge of the sites traffic. There are ways to do it but it's usually limited to select targets. I work in the industry too and see pretty much everything. Randomization in all forms is basically signaling you are browser x, y, or z, and is always in the 0 - 5% bucket.
Sadly there's not a lot of options out there. You have to pick the one you feel is most effective and roll with it. You have the advantage of insider information and knowing which ones are most effective based on your experience.
I don't trust Startpage, personally, after the System1 incident (among other things). I think there are better options like SearXNG, Whoogle, Mullvad Leta or better yet someone who does their own indexing like Brave, Mojeek, or Kagi. More info: thenewoil.org/en/guides/less-important/habits/#search-engines
I have 9 extensions, 5 of which are absolutely necessary. I would not use my browser without them. Is there any way to hide which extensions I'm using?
None that I would trust to be effective. We've even seen proofs of concept before that use CSS to detect extensions, and blocking that isn't really feasible.
How exactly do websites see exactly which extensions you have? I have heard this claim a lot but never seen exactly how it really works. (prompted from points made around 10:50)
There's several possible ways. User agent is one I mentioned, Javascript is - from what I can infer - a popular method, but even CSS can be used, which is why I don't recommend things like user agent spoofing or javascript blocking. There's lots of ways to do it but the most effective way is simply to not have too many extensions.
@@suedoe4316 In Chrome and Firefox the extension ID can be retrieved from the stack trace by invoking errors. A lot of extensions also add stuff to the page or JavaScript scope, all of which can be profiled and used to fingerprint the browser.
just a heads-up Vivaldi since the beginning has blocked third party cookies
Thanks for the correction. I can't recall where I sourced my information from for those claims, but Privacy Tests seems to agree with you. Sorry for getting that one wrong.
Not true, do a fresh install and you wont see the option enabled.
Its hidden only accessible by chrome://settings
@@TheNewOil Vivaldi are one of the good guys in the browser space
@@ultravio1et don't forget librewolf browser and mullvad browser
Oh and nice video ofc. Any upload from The New Oil is always a great day
Funny enough this video was recommended to me by RUclips to farm money with ads.
We're also on PeerTube. No account required, can subscribe via RSS, no ads or trackers.
Thank you! Really good video
Great video, well put together.
The literal third party cookies are only blocked by Brave, the rest not counting privacy forks don't do it.
Firefox for example you need scrict mode or custom
Then what is Firefox doing out of the box? Does Mozilla just pull a "trust me bro" and call it a day? 🤣
maybe there is a way to block embedded ads in android apps? dns won't help here
I've yet to find a reliable way. A lot of people report success with a Pi-hole, which is basically a self-hosted DNS blocker. Otherwise DNS in apps is hit or miss for me. I wish I had a better solution.
@@TheNewOil amaik the pihole option must be run on rooted android, witch is, well, not for everyone
Can't it run on a Raspberry Pi? Isn't that why it's called a Pihole?
The problem is, people talking about digital privacy keep using false analogies to make you care about this stuff, but these analogies don't actually apply.
I mean the only reason you actually care about real-life stalkers, is because real-life stalkers almost certainly want to do something you don't want.
But that's not necessarily the case with online tracking, the only thing they want to do, is show you some ads, they don't want to meet you, they don't want your signature, they don't want to snap photos of your private affairs, they don't want to murder your kids.
So the actual fundamental reason to care about real-life stalkers don't actually apply to online tracking, therefore you cant' just use the same analogy and imply they are the same, they aren't.
This is objectively untrue. Advertisers want to influence you, and many want to influence you in ways beyond "buy this item." Some of them want to influence the way you vote, your beliefs, or the causes you support. They want to distort what you see in your algorithmic feed and the truths you believe. This can easily be verified with a little research online, looking up things like the Cambridge Analytica scandal, the use of microtargeting in political ads, the rampant spread of "fake news," and more.
Mullvad my beloved.
Better than librewolf?
I'm not sold that _session_ cookies are a good thing. Re: "... in some cases this is a good thing they can allow you to log into a website..." I would rather go back to everything host-side so that when someone takes their eye off the ball LTT doesn't get hacked.
I like this new setup. Is opting out of fingerprinting really a thing? I mean the opting out is itself a fingerprint.
It can be, which is why the best solutions (in my opinion) are one of the two mentioned. Simply blocking scripts individually makes you unique, but trying to blend in or use randomization is far more effective based on the studies I've seen.
@@TheNewOil Good point. I've found blending involves a lot of guesswork without knowledge of the sites traffic. There are ways to do it but it's usually limited to select targets. I work in the industry too and see pretty much everything. Randomization in all forms is basically signaling you are browser x, y, or z, and is always in the 0 - 5% bucket.
Sadly there's not a lot of options out there. You have to pick the one you feel is most effective and roll with it. You have the advantage of insider information and knowing which ones are most effective based on your experience.
What do you think about the option to open sites in "anonymous view" in startpage?
I don't trust Startpage, personally, after the System1 incident (among other things). I think there are better options like SearXNG, Whoogle, Mullvad Leta or better yet someone who does their own indexing like Brave, Mojeek, or Kagi.
More info: thenewoil.org/en/guides/less-important/habits/#search-engines
I have 9 extensions, 5 of which are absolutely necessary. I would not use my browser without them.
Is there any way to hide which extensions I'm using?
None that I would trust to be effective. We've even seen proofs of concept before that use CSS to detect extensions, and blocking that isn't really feasible.
Reincarnated irl Geto
How exactly do websites see exactly which extensions you have? I have heard this claim a lot but never seen exactly how it really works. (prompted from points made around 10:50)
There's several possible ways. User agent is one I mentioned, Javascript is - from what I can infer - a popular method, but even CSS can be used, which is why I don't recommend things like user agent spoofing or javascript blocking. There's lots of ways to do it but the most effective way is simply to not have too many extensions.
@@suedoe4316 In Chrome and Firefox the extension ID can be retrieved from the stack trace by invoking errors. A lot of extensions also add stuff to the page or JavaScript scope, all of which can be profiled and used to fingerprint the browser.
✌️ promote your video. This is cool.
👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍!!!