Tiny Tiny RSS: Community

Missing material-icons ff config


#41

Seriously? WOW. \20char


#42

Can you provide evidence? If so, do it. If not, shut up.

Appeal to authority is a logical fallacy. Try again.


#43

ftfy

\20char and then some


#44

you don’t audit scripts before enabling them so i fail to see how webfonts are special in this regard. it’s a lot easier to track you using scripts, they only need to make sure the site you’re on doesn’t work without them, thus making you enable it.

do you also disable images because you are tracked through them?
do you disable HSTS because HSTS cookies are also used for tracking?

again, this seems like a very inconsistent and harmful approach to privacy and security.


best part about this idiotic spectacle is that going through all those useless motions is only serving to make your profile more visible and unique among others. the more addons and shit you pile on your browser the easier you are to identify.


#45

Many tracking services now use this technology. The study Dusting the web for fingerprinters by KU Leuven (2013) concludes that at least 0.5 - 1.0% of websites read the installed fonts for tracking purposes.

Loading fonts from the Internet is also a security risk because it allows attacks directly on the operating system. Bugs in the font rendering libraries that allowed remote code execution by loading malicious fonts have been reported for Windows (ms11-087 or ms15-078), Linux (CVE-2010-3855) or OpenBSD (CVE-2013-6462).

ms15-078 was used by Hacking Team to install a monitoring strojaner. Between 2015 and 2017, the Google Security Team found another 40 bugs in the Windows kernel and font rendering with the code fuzzing software BrokenType, which an attacker could use to attack the computer with malicious fonts and execute their own code with system rights.

that’s what you’re saying, but not how I work.
yes the browser fingerprinting is a problem but unfortunately there is no 100% way to bypass this.


#46

i’m sorry but it’s very obvious that you don’t. also, listing CVEs from 2010 is not really doing much to enhance your position. even windows no longer uses in-kernel font renderer.

if you really cared about your privacy you’d be using tor browser with javascript disabled (always, not when you feel like it) and reading RSS feeds in something like Newsbeuter. running in a VM, of course.

e: you also would definitely not use X11 on linux because of how fundamentally insecure it is. this list can go on pretty much forever tbh. :thinking:


#47

Nurse! The Bubblewrap™, stat!

</ot>


#48

Finally some evidence! Well done. :cookie: BTW, the rest is basically saying “OS are full of security bugs”…

Around 1% of web sites use that, it’s almost fly fucking territory.

If you feel that strongly about it, why not write a plugin or a PR for Fox to merge in? You clearly must know PHP and Javascript if you can review $random_plugins. It should take you no time at all. Go for it.


#49

:male_detective: /

mom, hold my meetings. i need to audit not_evil.js from this one site that doesn’t open.


i think we’ve discussed this before but the way i’m seeing it the only reasonable way to deal with tracking and fingerprinting is reading everything through readability (either using tt-rss or whatever else) and an image proxy.

everything else, especially browser addons / privacy-freak settings normal people don’t use, are only serving to make you easier to track.

vvv


#50

That is actually good reading. Thanks for that.


#51

I can’t believe I missed the party because I needed sleep.

You seem to be mixing the concepts of security and anonymity. Nevertheless, I would hazard a guess that images have been used more frequently for malicious purposes than fonts and you make no mention of disabling those.

It seems pretty obvious how your suggest has been handled. No one but you feels fonts are an issue.

If your concern is tracking the goal needs to be to make your system as similar as possible to the majority of other users out there. Going to the extreme with disabling things actually makes you stand out. I’m going to repeat fox here to just reiterate his point:

On the other hand, if your goal is security so your system is not compromised then maybe just run a Linux Live image from RAM on a laptop at a public wifi hotspot randomly chosen by rolling dice. Be sure to reboot often to clear out anything installed (cookies, malware, etc.). Keep your home systems airgapped.


#52

There’s already a solution for that.


#53

What are you on about?

If you want respect, you have to show us something respect worthy, not pasting random projects that fixed random issues that have nothing to do with TTRSS…


#54

It is about the problem of material design icons and the firefox parameter.

It is nothing random but a solution.


#55

alright since we’re just posting random shit now i guess it’s time for some moderation


#56

Did you try that “solution” in TTRSS?

Can you provide either a patch or a PR?

Or do you think that a patch from one project can be applied to any project whatsoever?

You want respect but you keep on acting like an imbecile. That attitude will get you no where in life. Seriously, do grow up.