i2p doesn’t really have exit nodes, it’s mostly for i2p internal connections.
The only exit I know is stormycloud.i2p, and that one is somehow immensely limited ro the point of it being hard to load clear-net text pages.

Careful, Google is currently forcing apps to migrate from SafetyNet to PlayProtect!
SafetyNet is used by tons of security theater apps like banking 2FA. It is an API of play services.
PlayProtect is basically the same but you have to talk to it though google play. This is a blatant move by google to make exactly what OP is suggesting impossible, and means that if you do this, you may soon see many apps break that you are forced to use.

Yes, those could be detected.
Ill see how large that portion is on my system in a bit, but I would expect it to come out as the minority.

Non-detectible ones I can think of rn:

• Tab muting manager
• VPN manager
• link redirect skippers
• stats printers, like a tab counter
• dynamic shortcuts, like opening the archived version of the current page on archive.org
• old reddit redirect
• cookie managers

Many more of the ones you listed won’t be detectable on most websites.

userscript managers (grease/tamper/violentmonkey etc.)

A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.

User theme managers should be similar, but I can’t comment on them as I don’t use any.

page translators

Translators are only detectible when enabled.

addons serving in-browser ads

Why would you have an addon that serves ads?

site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)

Are site-specific, i.e. not detectible anywhere else

privacy blockers (CanvasBlocker/JShelter/etc.)

Please don’t use those anymore, use only uBo. Same for uMatrix.
uBo is pretty good about not being detected, for obvious reasons.

I found this is the only thing I found on a quick search.
It would indicate that chrome does disclose addons (so maybe don’t use it for yet another reason).
For Firefox you can only look for changes typically performed by an addon, something like adblock should be detectible but networking layer stuff like an I2P tunnel should definitely not be.

Most firefox addons dont even have the permissions needed to change anything a website could observe.

I don’t see any extension info and I don’t see how there could be any. There isn’t any api for gaining this info in ff at the very least.

There are other issues, but most extensions can in fact not be detected by websites, unless they specifically add something that makes them detectable.

TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.

Talking to windows or through it to the TPM also seems sketchy.

In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).

The default on android is to give every wifi network its own random but static mac.

Default linux works too ofc, I didn’t know they took that route.
Most other browsers have very specific useragents, so the main pool of same useragents will be hardened browsers anyway.

Thank you for checking

edit:
https://github.com/TheTorProject/tor-messenger-build/blob/581ba7d2f5f9c22d9c9182a45c12bcf8c1f57e6e/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch#L354 would indicate it should be Windows, Ill check later.
Try it with high security settings in tor, it might be something like canvas. Did you enable any permissions for the website?

That would be a fail of the fingerprinting protection. A properly set up TOR browser for example should not allow that detection by any means. If you know how to detect it, please report it as a critical vulnerability.

I could think of maybe some edge case behavior in webrenderer or js cavas etc., which would mainly expose info on the specific browser and underlying hardware, but that is all of course blocked of or fixed in hardened browsers.

Further, if you have a reliable method, you could sell it off to for example Netflix, who are trying to block higher resolutions for Linux browsers but are currently foiled by changing the useragent (if you have widevine set up).

That can’t have been the reason, rather the fact it could tell.
Your browser sends information about its version and the os in the useragent string. It is supposed to lie and say it is a very commonly used useragent, specifically for purposes of fingerprinting. That would be windows, default configuration, firefox version something not you firefox version

ssds are a really cheap upgrade, and have been for a while. My systems of similsr age have had ssd upgrades for about 5 years now. It’ll likely be limited to sata speeds though.

The missing number is drive speed, because 4GB ram are not nearly enough, swapping is necessary. But with fast moder drives (were pcie ssds a thing back then?) expect half a day

On lineageOS 20 it records the exact android build string as the Software for me, so “Android lineage_pdx215-userdebug 13 TQ3A.230901.001 b30079afa2”. Which is probably enough to uniquely identify me, and you if you have a less common phone or are on an older or uncommon version.

Needless to say I am pissed.

Yes, the deletion would have to be federated, there is no way to guarantee anything at that point. But as I understand OP this is about acting quickly, on an upload that isn’t even part of a post yet.

If I doxx myself on any service, someone can take a screenshot, it could be archived. But If I delete it before anyone sees it, there is a good chance it will never get out, if the primary platform properly removes it.

In boost I have a list of all my uploaded pictures, where I can delete them.

It outright prevents any legislation mandating backdoors, on a level harder to change than even a constitution.

Which of the two?
DroidRec works for me. I have quality on normal, codec on default, and record stereo. Selecting just mic or device audio and mic records to an m4a file.

E: smt simple voice recorder v5.12.3 works fine on default settings too for me

Simplest path is probably to use the old simple mobile tools recorder app on fdroid, which won’t be getting any updates. Fossify will likely release their recorder app very shortly, which will essentially be the next update for the smt recorder app.
It is already under active development, they just haven’t gotten the first release yet.

Edit:
Another interesting one is DroidRec. It is usually used and seen as a screen recorder, but it has three simple toggles for screen video, device audio, and microphone. If you turn off screen and device audio, it becomes a very nice voice recorder.

It’s a necessary feature if you are using phone numbers. Signal has to tell you if your message has any chance of being received.

I don’t want to message someones number, to find out they never got my message and don’t have signal a few days later, and I don’t want to message them via whatsapp too, giving them a chance to use that when they have signal.

You can check that in the phone app too. Hit new message, enter the numer, hit "New message to… " and it’ll tell you if it isn’t known. There is rate limiting in that function, you’d need a lot of signal accounts to sweep all phone numbers.
You could also try signing up to signal using the number you want to check.

Neither way however you would get the signal name or profile pic of the number if I understand it correctly, that would get sent if they reply to you.

Can you install a detailled permission control app like and disable whatsapps permission to see the list of installed apps?
If it thinks instagram isn’t installed, it ought to fall back on using the regular url system if its ignoring that purposefully here, right?

I think no autocorrections (for now). I never used them so idk.

Swipe is different to gboard, but imo better. gboard tried some things with snapping to certain parts, but I always found it unintuitive, it mostly got in my way. Florisboards swipes are more “plain” as in that I find them very predictable.

You can add a permanent number line. It also won’t vanish on random inputs like gboards does. Clipboard has arbitrary history size, and is also available everywhere (It annoyed me to no end to not have it for password fields in gboard).

Dictation is quick, it will switch the keyboard, but not the screen. To continue typing you need to press one button to return the keys.

With the symbols and layouts you have far more choices. I could have 1-1 recreated my gboard, but I found an even better layout (still need to readjust to it tho).

Used gboard for the longest time and juat recently managed to move on to florisboard. It lacks some features but has enough other niceities on its own that are just enough to justify the move based on functionality

You can use my setup as a starting point if you want, it is a proper oled theme with no colors or bright surfaces, behavior very gboard-like. I use sayboard for stt (dictating). https://cloud.redjard.com/s/redjards-florisboard-setup_zip