This is exactly how ebpf was implemented for the Linux kernel. You can build watchdog processes that can see what’s happening in the kernel and build kernel interrupts but it’s actually all executed in user space and not rewriting the kernel itself. Since it’s a proper api, it also means it’s incredibly hard to fundamentally break the system, unlike when you’re just blowing away kernel code with your own shit like all these security products do.
Exactly what I just said? Don’t use unique screens and you are less identifiable. The most anonymous browser is a freshly wiped two year old Apple device running safari or chrome from a university campus or coffee shop. A million other laptops have the same base canvas fingerprint.
Fewer people use Linux. Fewer people use specialized browsers. Fewer people have external displays. All those things make you easier to fingerprint than a vanilla machine.
The least unique setup is not to keep doing more special shit. You underestimate how many people run a vanilla safari or chrome browser on a MacBook with no external displays.
Linux, external monitor, special browser? That all makes you more unique
When we wrote malware in labs in college one of the first places we looked was unemptied trash. This is almost certainly a pattern that’s going to leave your crap in trash in plaintext and even the dumbest script kiddie will find it the very first time you slip and something gets in your system.
This is exactly how ebpf was implemented for the Linux kernel. You can build watchdog processes that can see what’s happening in the kernel and build kernel interrupts but it’s actually all executed in user space and not rewriting the kernel itself. Since it’s a proper api, it also means it’s incredibly hard to fundamentally break the system, unlike when you’re just blowing away kernel code with your own shit like all these security products do.