this post was submitted on 15 Apr 2025
19 points (100.0% liked)

Privacy

1986 readers
486 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No reposting of news that was already posted
  4. No crypto, blockchain, NFTs
  5. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 5 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
19
Dark mode (lemmy.dbzer0.com)
submitted 6 days ago by HoracyDarcy@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
18 comments fedilink hide all child comments
 

Are there any privacy-respecting dark mode add-ons for Firefox that you would recommend? I've read online that Dark Reader isn't great for privacy.

you are viewing a single comment's thread
view the rest of the comments
[–] lambalicious@lemmy.sdf.org 3 points 5 days ago (1 children)

and this injected CSS is used for fingerprinting.

Which, if I'm understanding correctly, would be exactly the same as if the viewer had set their browser theme to dark, so it's not like the extension is more a loss of privacy than enabling the setting in the browser?

In the end, what we really need is a browsing mode that allows(maybe?) javascript, but doesn't allow it to read properties of the renderer (viewport size, resolution, colors, fonts, etc). Since having that info stopped being necessary for customizing pages back in, like, CSS 2.1.

[–] muntedcrocodile@lemm.ee 3 points 5 days ago (1 children)

Yes.

Yeah, we essentially need to split the renderer from the rest of the browser in a significant manner. But HTML, css, js is a fucking mess so its pretty unreasonable to restrict it much further u can't restrict viewport sizing or resolution cos that will fundamentally break almost every framework. Also I'm sure their would be like 1000 exploits to get that data indirectly by comparing the sizes of CSS relative and absolute components.

Swapping out colours/fonts at the rendering layer is essentially what I was thinking but I go a step further by completely separating the rendering/interaction from the actual web sandbox running any code. U could even do something where u only input keyboard/mouse data to the proxy in a way that obfuscates behavioural analysis. If u also do a vm u can introduce noise into webgl making canvas fingerprinting impossible.

[–] lambalicious@lemmy.sdf.org 2 points 5 days ago (1 children)

Swapping out colours/fonts at the rendering layer is essentially what I was thinking but I go a step further by completely separating the rendering/interaction from the actual web sandbox running any code.

Do you have a proof-of-concept? What does this run on?

[–] muntedcrocodile@lemm.ee 2 points 5 days ago

I haven't written any code yet. Just a concept I was playing with. I mean if u wanted a proof of concept then u could probably do it in js with a browser extension and some python code in a docker image.

U use playwrite to send the Dom over a web socket (keeping the content in sync with decent performance might not be the easiest task) and the extension just passes keyboard and mouse back. Then u just put the virtual browser in docker container.

I wrote and run the bot for !news_summary@hilariouschaos.com and if u go have a look at its source u can see that its pretty easy to have a virtual browser controlled with playwrite.

This would be quite a bit of a shit experience and would probably break extension like ublock that rely on filtering what pages u can access but it would work as a proof of concept.