this post was submitted on 14 Feb 2024
128 points (98.5% liked)

Privacy

32103 readers
952 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I use Firefox whenever I can.

On first install of the browser I usually end up following a hardening guide which includes stuff like blocking cross site cookies, setting a few things in about:config to disable Pocket/etc, and installing uBlock Origin. I've taken what I consider a relatively balanced approach, I don't use anything like noScript, uMatrix, etc that ultimately just cost a lot of time fiddling to get the 10th website of the week working.

I've been more or less fine browsing the web this way for years, but around the start of 2024 I've started seeing way more "Access Denied" pages than I used to. I think part of it is Cloudflare or similar, but I don't know exactly what's changed or what's triggering it to occur.

It usually goes away and I can re access the site in 10-30 minutes as usual, but I've had it occur in really weird instances, such as trying to change my Minecraft skin and getting blocked by the website. The server block often goes away immediately if I switch my user agent, so I know that it has something to do with how I've got everything set up.

Not sure what anyone else's experience with this has been. I'd like to hear some of your thoughts and tips

you are viewing a single comment's thread
view the rest of the comments
[โ€“] SerotoninSwells@lemmy.world 4 points 9 months ago

Thanks for sharing that!

Truthfully, Firefox is fairly easy to detect. Several facets of the API it uses makes for quick identification. For example, Firefox should be able to report its build ID. Also, it won't report specifics about the WebGL renderer you're using like the vendor and architecture.

The link you shared is great and really highlights something I was thinking about today regarding this subject. The more you harden and change things the more you stand out. You're also more likely to trigger bot detection when you alter specifics about your browser like the major version you're on. I've seen some extensions change the user agent to much older major versions like Firefox 60. That's a big red flag.

The user agent thing was bizarre, especially since it was also on Minecraft.net! I swapped to a generic Chrome on Windows agent and it instantly started working again and let me use the site as normal again.

Yes that is bizarre ๐Ÿ˜‚ It's not clear to me if Microsoft is using their own anti-bot solution or a third party one, but it doesn't sound really successful with the way it's reacting.

Overall, I can't help but thinking the best route is to use the same thing as everyone else but roll your own VPN and change MAC addresses. Ideally, we would have some laws against all of this but I don't foresee that anytime soon.

I wish I could do more to help. I'm happy to answer questions you might have, though.