Serious Discussion Privacy vs Security — Where Do You Personally Draw the Line?

[Parkinsond]

That's not the right approach.
Many infections, even in the recent past, used fingerprinting and privacy-invasive techniques to determine whether a potential target system could be efficiently compromised.
If not, the infection wouldn't even begin on overly secure operating systems.

P.S.

Our ultimate goal is to minimize the collection of information on our system.
It may seem strange, but this isn't done solely for commercial reasons.

Tested Brave shield two times, without tracking protection filters and with.
Surprisingly, it scored higher in two out of three tests without tracking protection filters!

Spoiler: Without

Spoiler: With

 

[Sampei.Nihira]

If malware has landed on drive, would browser fingerprinting help then?

You need to understand that malware is usually executed by the user, but in the very early stages (which may last only a few milliseconds), it carries out what I described earlier.
If the OS profiling and fingerprinting are correct for that malware—and by “correct” I mean that it has a high probability of success—the infection will continue.

At this stage, the malware has already bypassed the browser, almost certainly using social engineering techniques as well.

We must prevent this.
So after we’ve built a multi-layered defense for the OS, we must do the same for the browser.
If the malware remains confined to the browser, prevention is achieved.
This is the key concept.
If your browser has a stronger sandbox environment than that of default browsers—partitioned cookies, sandboxed iframes...

So, in practice, if your browser opens a compromised website—perhaps due to a malicious third-party script—after an initial phase that, in this case too, lasts only a moment, it may check a series of factors—such as user agent, language, and WebRTC status—to “better understand” whether you are a real user.
This is the fingerprinting/privacy violation phase.

If, on the other hand, you were a BOT, the website would almost certainly interrupt the next phase, which could be a redirect... or something else.

If dynamic filtering or your browser’s/ad blocker’s filter lists have neutralized the script from the start... the compromised website appears to your browser as a harmless website in every respect.

Obviously, I prefer dynamic filtering because it has a higher probability of blocking, but filter lists also play their part in prevention.

Do you see how important the browser is?

 

[Parkinsond]

it may check a series of factors—such as user agent, language, and WebRTC status—to “better understand” whether you are a real user.
This is the fingerprinting/privacy violation phase.

So what will happen next after the malware was able to fingerprint?

 

[Sampei.Nihira]

So what will happen next after the malware was able to fingerprint?

It is the compromised website that could be tracking you.
Imagine that this phase, if it occurs at all, lasts only a moment.
At this stage, we’re not talking about malware.
If you manage to limit the privacy breach occurring through your browser, it’s possible (though this is always a possibility, not a certainty) that the malicious activity will stop.

 

[Parkinsond]

It is the compromised website that could be tracking you.

What are the consequences of being tracked by a compromised website?

 

[Sampei.Nihira]

What are the consequences of being tracked by a compromised website?

Successfully tracked, I’d say.
You and your browser might see a fake CAPTCHA.

Another user might see a blank page, an error page, or a page that can’t be reached.
We can never know for sure because the malware writers are the ones who decide.

P.S.

Guys, I have to go it's my sister's birthday today.
Have a great evening, everyone.

 

[Parkinsond]

Guys, I have to go it's my sister's birthday today.

Happy birthday to your sister

 

[enaph]

I prefer keeping as much control over my own data as possible. That means I disable telemetry, automatic sharing etc. whenever I can.
For me, true security also includes not constantly feeding my activity, files or behavior to third parties.

 

[LinuxFan58]

Also security (URL filtering) often comes with privacy price, that is why I look at the privacy policies and choose the best balance.

Although I think that privacy as I considered it when I was young is a lost cause, privacy as "no more data collected for the service needed with a fair retention period and where possible stripped from identifying data" can be best achievef by spreading your eggs (data) in several baskets.

Best practice for me is, I only login when needed (so never log into my browser), remove advertising ID´s when possible, say no to "for my convieniance service extra's" and hope for the best.