Heyha ! This is probably going to be long take and it's late here in europe... So for those who bare with me and are ready to read through my broken English, thank you. I'm personally concerned about how my data and my identity is used against my will while surfing the web or using/hosting services. Self-hoster and networking enthousiast, I have some entry/medium security infrastructure. Ranging from self-hosted adblocker, dns, router, vlans, containers, server, firewall, wireguard, VPN... you name it ! I was pretty happy to see all my traffic being encrypted through wireshark and having what I consider a solid homelab. Also having most undesired dns/ads blocked with adguard in firefox with custom configuration, blocking everything, and changing some about:config options: - privacy.resistFingerprinting - privacy.trackingprotection.fingerprinting.enabled - ... I though I had some pretty harden security and safe browsing experience, but oh my I was wrong... **From pixel tracking, to WebRTC leaking your real ip, fonts fingreprinting, canvas fingreprinting, audio fingerprinting, android default keyboard sending samples, ssl certificate with known vulnerabilities...** And most of them are not even some new tracking tech... I mean even firefox 54 was aware of most of these way of fingerprinting the user, and it makes me feel firefox is just another hidden evil-corp hiding with a fancy privacy facade ! Uhhg... And even if you somehow randomize those fingerprint, user-agent and block most of those things, this makes you stand out of the mass and makes you even easier to track or fingerprint. Yeah something I read recently and it actually make sense... the best way to be somehow invisible is actually to blend into the mass... If you stand out, you are pretty sure to be notices and identified (if that makes sense :/) This really makes me depressed right now... It feels like a losing battle where my energy is just being wasted to try to have some privacy and anonimity on the web... While fighting against the new laws ringing on our doors and big tech company always having two steps ahead... I'm really asking myself if it really matters and if it actually make sense to use harden technology or browsers like arkenfox or the tor browser whose end node are mostly intercepted by private institutions and governemental institutions... I'm probably overthinking and falling into a deep hole... But the more i dig into security and privacy, the more I get the feeling that this is an already lost battle against big tech... Some recent source: https://avoidthehack.com/firefox-privacy-config

Hi everyone ! Right now I use: - Firefox's full protection with everything blocked by default - AdGuard adblocker extension - Adguardhome DNS blocker - ProtonVPN through wireguard - Selfhosted searxng instance (metasearch engine aggregator). While this gives me reasonable doubt of protection/privacy, this blocks me out to interact with FOSS projects on github, which kindda sucks!! I don't want to accepts [GitHub's long cookie list of tracking and statistics](https://github.com/privacy/cookies/), but not being able too interact and help FOSS project to thrive, improve, get some visibility, will in the long term hurt FOSS projects. I'm aware of [GitHub's cookie management preferences](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-your-cookie-preferences-for-githubs-enterprise-marketing-pages), but I don't trust them to manage and choose what should be accepted or not ! Firefox only allows to block/accept everything and all extensions are just to delete them. I couldn't find any related and somehow workaround on this issue. **Q: Is there anyway to only accept cookies allowing me to login and interact with repos without accepting those tracking and analytic cookies?** If you have any solution/workaround to share, I'm all ears ! --- ## Edit I learned a few new things today: - Adguard AdBlocker extension for firefox allows to block cookies before they enter into your system - [User Agent spoofing addon](https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/) - Firefox privacy.fingerprintingProtection is not activated by default for everthing ### – How to block specific cookies with the Adguard Adblocker extension ⚠️ **This can and will cause the website to malfunction if you block the wrongs cookies** ⚠️ To find out what specific cookie you want to block, you first need to know his name. For firefox you need to open the application menu -> more tools -> web developer tools **OR** right click inspect (keyboard shurtcuts depends on your system). In the web developer tools windows go to **STORAGE** -> cookies.  After you found out what additional non-essential cookies you want to block out you need to add them in the AdGuard user rules: ``` ||github.com/$cookie=tz ||github.com/$cookie=preferred_color_mode ||github.com/$cookie=color_mode ||github.com/$cookie=saved_user_sessions ||github.com/^$third-party ``` To read more about on how to create you own ad filters read [the official documentation](https://adguard.com/kb/general/ad-filtering/create-own-filters/). ### – User Agent spoofing [User agent string switcher](https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/) > This extension allows you to spoof your browser "user-agent" string to a custom designation, making it impossible for websites to know specific details about your browsing arrangement. ### – Firefox about:config privacy.fingerprintingProtection = true [Firefox's documentation](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) is pretty straightforward but here is what they are saying about: >However, the Canvas Permission Prompt is not the only thing that Fingerprinting Protection is doing. Fingerprinting Detection changes how you are detected online: - Your timezone is reported to be UTC - Not all fonts installed on your computer are available to webpages - The browser window prefers to be set to a specific size - Your browser reports a specific, common version number and operating system - Your keyboard layout and language is disguised - Your webcam and microphone capabilities are disguised - The Media Statistics Web API reports misleading information - Any Site-Specific Zoom settings are not applied - The WebSpeech, Gamepad, Sensors, and Performance Web APIs are disabled Type about:config in the address bar and press EnterReturn. A warning page may appear. Click Accept the Risk and Continue to go to the about:config page. Search for **privacy.resistFingerprinting** and set it to true. You can double-click the preference or click the Toggle Fx71aboutconfig-ToggleButton button to toggle the setting. If it is bolded and already set to true, you, or an extension you installed, may have enabled this preference. If you discover the setting has become re-enabled, it is likely a Web Extension you have installed is setting it for you. --- ### Closing thoughts This may seem overkill for some people and I get it, but if you are really concerned about your privacy/security, there is nothing as "one-click/done" privacy. It's hard-work and a every day battle with E-corp and other hidden institutions that gather every bit of fingerprints/trace you leave behind ! I hope this long edit will help some people to have a more private and safer web browsing !