[HN Gopher] Achieving Great Privacy with Safari
___________________________________________________________________
Achieving Great Privacy with Safari
Author : matanabudy
Score : 88 points
Date : 2025-03-23 14:57 UTC (8 hours ago)
(HTM) web link (matanabudy.com)
(TXT) w3m dump (matanabudy.com)
| freeone3000 wrote:
| I think the author might be misunderstanding the fingerprint test
| -- having a unique fingerprint is _bad_ , as it allows tracking
| of you by fingerprinting, without the need for cookies.
| adamtaylor_13 wrote:
| Okay, I came here to ask that. I figured it's better if my
| browser appears like 200k other ones; not being unique is the
| goal in my mind.
| matanabudy wrote:
| Hi! I'm the author, I have indeed misunderstood that (and
| updated the post text to reflect that better, thanks!), but
| also - can someone really avoid having a unique fingerprint?
| Or randomizing it is the only way to go? (Referencing
| something along the lines of this: https://www.reddit.com/r/b
| rowsers/comments/17mp39r/does_it_m...).
| friedtofu wrote:
| This would be a good read for you - https://tb-
| manual.torproject.org/anti-fingerprinting/. There's also
| Linux distributions like my current daily driver -
| https://wiki.cachyos.org/support/faq/#rfp-resist-
| fingerprint... that implement their own forks of Firefox
| and may add additional sandboxing like bubblewrap or
| firejail on top of it.
|
| That being said I was a lifelong Windows user up until 5-6
| years ago, and while everyone else in my family uses apple
| devices I was never interested in using one(since I like
| building my own PCs :p)
| rafram wrote:
| Yup. I use a more generic setup (just AdGuard and Hush) and
| have a less unique fingerprint. At some point, adding more
| "privacy" extensions will just make you stand out more with
| very little tangible benefit.
| FirstLvR wrote:
| installing nothing at all is far better, that's why Orion and
| brave are better for privacy, at least in apple ecosystem
| Etheryte wrote:
| Is that your gut feel or is that actually measurable? How
| many bits of information do you get?
| yzydserd wrote:
| Not the poster, but for me MacOS Orion (without stop the
| madness or little snitch etc) or anything else scores
| 16.07 bits and 98% ad block.
|
| I had a look at Kagi official discord and Vlad (HN:
| @freediver) says they let the eff test run as non-
| malicious, i.e. other sites may not be able to see as
| much.
| lapcat wrote:
| > having a unique fingerprint is bad, as it allows tracking of
| you by fingerprinting, without the need for cookies.
|
| Correct.
|
| FWIW (disclaimer: I'm the developer of StopTheMadness Pro,
| mentioned in the article) I just ran two tests in Mac Safari,
| with StopTheMadness Pro enabled and disabled, and the results
| were exactly the same each time: "at least 18.06 bits of
| identifying information". Alas, that's a unique fingerprint,
| but apparently my extension doesn't make anything worse. If you
| look at the detailed results, the identifiers are things like
| User-Agent, screen size, time zone, and language.
| Etheryte wrote:
| That's the same amount of bits I got with every browser I
| tried (Safari, Chrome, Firefox). Not sure what the takeaway
| is, but at least for me, all browsers seem to leak roughly
| the same amount.
| selykg wrote:
| StopTheMadness is my favorite extension. So awesome thanks
| for making it!
| drcongo wrote:
| I got exactly 18.06 too, seems fishy.
|
| (also, thanks for StopTheMadness Pro!)
| cassianoleal wrote:
| Thank you for the extension. I've been a Pro user for quite a
| while now. I wish it existed for Linux as well, as I really
| miss it when I'm not on the Mac.
|
| One relatively small complaint if you don't mind me hijacking
| this thread. The update process could be a lot better!
| Especially on Firefox. I'm used to it now, so it's become
| just a bit of an annoyance but the first few times were tense
| moments, and especially panic inducing a couple times when I
| was pressed for time and couldn't use the browser before
| updating the extension.
|
| In any case, it's an awesome extension and I recommend it to
| others frequently!
| ezfe wrote:
| Unless it's been edited, it acknowledges that.
| matanabudy wrote:
| Yep I have edited it because of this comment :)
| https://news.ycombinator.com/item?id=43454038
| charcircuit wrote:
| The uniqueness if the fingerprint doesn't matter nearly as much
| as whether the fingerprint is stable or if it is constantly
| changing.
| snackernews wrote:
| Yes, a unique fingerprint allows tracking. But which sites that
| most of us visit, without logging in, actually have and use
| that capability to build a unique profile?
|
| I assume ad networks and analytics are the main ones actually
| fingerprinting based on client-side factors. I could be totally
| wrong.
|
| Any reasonable adblocker that prevents requests to those
| services probably neuters 99% of any fingerprinting capability
| that anyone is going to encounter day to day.
| eddyg wrote:
| https://fingerprint.com/ seems to provide a very resilient
| way to identify repeat visitors
| BenFranklin100 wrote:
| The article misses the probably one of the biggest advantage
| Firefox offers privacy-wise versus other browsers: Firefox Multi-
| Account Containers. Containers allow you to isolate different
| websites into separate browsing environments.
|
| Recently Mozilla integrated their VPN service directly into the
| browser too and it is Container aware.
|
| https://support.mozilla.org/en-US/kb/protect-your-container-...
| st3fan wrote:
| "Starting with Safari 17, you can use profiles to keep your
| browsing separate for topics like work, personal, or school.
| Each profile has separate history, cookies, website data,
| extensions, Tab Groups, and favorites."
|
| https://support.apple.com/en-ca/105100
| Etheryte wrote:
| For context, Safari 17 was released September 18, 2023.
| BenFranklin100 wrote:
| I did not know that. Thanks.
|
| Edit: see jshier's response.
| cosmic_cheese wrote:
| Additionally, installed PWAs on macOS and iOS live in their
| own little detached universes which can be helpful.
| jshier wrote:
| You can create profiles, but as I understand it, Firefox
| containers allow you to scope profile-like containment to
| specific websites, which is not possible with Safari
| containers. In fact, I abandoned my look at Safari profiles
| because you can't bind particular sites to particular
| profiles, nor can you open sites using a specific profile
| within a particular tab, it must always be a window.
| BenFranklin100 wrote:
| That is exactly how Firefox containers work. That's much
| more powerful than what the person you are responding to
| implied.
| mnot wrote:
| You can bind sites to containers in safari.
| hnburnsy wrote:
| Love Apple, profiles for MacOS and Safari, but not iOS.
| snackernews wrote:
| What do Firefox Containers mitigate that isn't already covered
| by simply disabling third party cookies in any browser?
| BenFranklin100 wrote:
| https://blog.mozilla.org/en/products/firefox/how-firefoxs-
| to...
| isodev wrote:
| The post conveniently forgetting Apple has at least two "helps us
| improve" toggles on by default, using content from Safari and
| Spotlight searches to "improve their services". Privacy is really
| "redefined" here.
| jeff_tyrrill wrote:
| Two little-appreciated privacy features in Safari not mentioned
| in the article:
|
| Each private browsing tab has its own cookie / data bucket[1];
| and
|
| Private browsing tabs and windows are preserved across restarts.
| (This is optional and can be configured to forget them upon
| restart.)
|
| These make it practical to use private browsing for nearly all
| browsing, which isn't really the case in other browsers, where
| private browsing is clearly designed as an occasional-use thing.
| (And of course if you use private browsing for most things, you
| can still open regular windows for sites where you want to stay
| logged in.)
|
| [1] If a link or script in a tab opens a new tab or window, then
| they share the same cookie bucket. This preserves compatibility
| with sites that require such a flow.
| gjsman-1000 wrote:
| Not only that, but every private tab has its own proxy
| connection. You can see this if you turn off the iCloud Relay's
| default setting of trying to find servers near your area - one
| tab will be in Texas, another in Tennessee.
| b5 wrote:
| _Private browsing tabs and windows are preserved across
| restarts. (This is optional and can be configured to forget
| them upon restart.)_
|
| I am totally stumped - how do you enable this on the Mac? I
| can't find the option at all, and Google is no help.
| jeff_tyrrill wrote:
| In Settings, on the General tab, for "Safari opens with",
| select either "All windows from last session" or "All non-
| private windows from last session".
| 1oooqooq wrote:
| > each private tab is isolated
|
| google relations with Firefox always prevented this.
|
| they explained to users that having 4 containers was good
| enough and screwed up every step of the ui implementation.
| sabellito wrote:
| My goodness the container UX is tragic. I thought it was just
| an initial release, they would make it better It's been more
| than year. I can't even recommend it to non-tech friends
| because I have trouble using it myself.
| layo wrote:
| I achieved the same score by simply using Pi-hole.
|
| Tested on Chrome for Android and Firefox with (and without)
| ublock Origin.
| mjlee wrote:
| I recently stopped using Pi-hole. I honestly think it's great,
| but it just breaks too many websites in really subtle ways.
| With DNS caching it's tricky to troubleshoot too.
| ementally wrote:
| Not a good article with a lot of privacy theatre
|
| adblock testing websites http://brave.com/blog/adblocker-testing-
| websites-harm-users/
|
| fingerprinting test websites
| https://github.com/orgs/privacyguides/discussions/7#discussi...
|
| Used useless extensions[1] for example "Privacy Badger"[2]
|
| [1] https://github.com/arkenfox/user.js/wiki/4.1-Extensions
|
| [2]
| https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-don...
| scyzoryk_xyz wrote:
| Oh great and here i was convinced my setup is private tth_tth
| havaloc wrote:
| Safari is too good in this regard, it deletes first party cookies
| after 7 days, so any site you haven't used in a week it acts like
| it's never seen you before and is completely signed out.
|
| As far as I know, you can't change this setting.
| lapcat wrote:
| > it deletes first party cookies after 7 days
|
| Technically, all script-writable storage.
|
| > you can't change this setting.
|
| Settings, Feature Flags, Disable Removal of Non-Cookie Data
| After 7 Days of No User Interaction
| fefe23 wrote:
| Hahaha holy moly they are linking to
| https://adblock.turtlecute.org/index.html to prove how great
| their adblocking is.
|
| That site then says:
|
| I found that the uBlock Origin extension breaks the final result.
| To fix it, add adblock.turtlecute.org as an exception in uBlock
| rules.
|
| Exactly the kind of belly laugh I needed right now. That side
| also falsely "measures" that my ad blocker lets all kinds of
| sites through when in fact my setup lets absolute zero third
| party sites through. Hilarious!
|
| I wonder how many people fall for sites like that.
| mary-ext wrote:
| gorhill spoke against these sorts of testing sites back in Oct
| 2022
|
| https://twitter.com/gorhill/status/1583581072197312512
___________________________________________________________________
(page generated 2025-03-23 23:01 UTC)