N.E.P.T.R

e/OS/ is often behind on Android monthly security patches by a month or more. Insecure and not very deblobbed of proprietary blobs, especially when compared to GrapheneOS.

For real, a good font.

Ironfox or Cromite

DuckDuckGo Browser is a webview browser which has weaker tab isolation and uses the system’s default webview implementation, most often chrome webview.

It’s Portuguese

Do you use libsodium for encryption? They is the gold standard.

Instead of canvas blocker, check out JShelter.

Canvas blocker is redundant with Librewolf’s protections (privacy.resistFingerprinting), same with JS blocker redundant with uBlock Origin. You make yourself more fingerprintable. It is better that you first understand what protections you have and why before adding new addons that increase attack surface. The features you are looking for are included already.

flatpak kill some.app.id

Instantly kills it.

I honestly dont know, I never use twitch. I use the add-on Libredirect to auto use alternative frontends.

https://ttv.vern.cc/

Yes there are. Actually quite a lot. They hate it because it isn’t a perfect solution in every single case that X.Org provided but ignore the long history of vulnerabilities, bugs, and cursed workarounds present in X.Org. it is getting harder for them to hate though as most of the pain points (eg. color management and global shortcuts) are part of the standard now.

That is not what I was referring to. DoH is easy to access in the settings, but with a SOCKS5 proxy you want DNS from the provider to avoid fingerprinting of your location by using a network or DoH provider, which may be a geographically closer server because of your host IP.

Under about:config, change “network.proxy.socks5_remote_dns” to true.

I don’t know definitively why they were fingerprinted to there local city, this is just a theoretical reason.

It might have been your DNS that was identified? It depends on whether you enabled proxy DNS for SOCKS5.

For best fingerprinting protection, use either:

• Mullvad Browser with a VPN (prefer Mullvad VPN)
• Tor Browser

Avoid using Tor with a normal browser because you will stick out like a sore thumb.

For example Richard Stallman

It’s a panel of tests for browsers. It isn’t the clearest what each mean (without doing a little research) and not all categories and subcategories have equal importance. I still like this website though just for the listed information.

I recommend Fedora or openSUSE Tumbleweed.

Lol, understandable.

It seems like an interesting setup. I don’t really have too much to say other than nitpicks.

Why not use Mullvad browser for both scenarios. Mullvad with security level safest should block all JS. You could create a 2nd profile for safest only mode.

Using Linux .desktop launcher scripts, you could:

• Create a .desktop launcher (in ~/.local/share/applications/) for each profile
• Edit default desktop launcher to always prompt to choice profile on start (using the launch option -P)
• Edit the default launcher to offer a menu option for each profile.

Related to your choice of host OS, I personally avoid Debian for desktop because it is slow to adapt (cus its Debian). I know it isnt directly applicable to situation since your main concern seems to be anti-fingerprinting, but a secure base is important. I’d like to know your reason for picking it. I don’t dislike Debian and I still use it for different things (mostly VMs and some dev work).

Thanks for the rant, I liked your write-up.

I think it may also help some people to create simple decision flowcharts to help with acting consistent and avoid making simple mistakes with a complex threat model. Basically a scenario and the decision tree. Say for example someone is using QubesOS and needs to keep consistent what each qube is for and why.

Of course creating charts that show your strategy and make your decision predictable is itself just even more privileged information you now need to protect.

Also, any effective threat model also requires consistent reevaluation to assess the effectiveness of your methods and adjust with the evolution of threats.