this post was submitted on 14 Mar 2025
31 points (86.0% liked)
Privacy
35642 readers
981 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I wouldn’t use Copilot for this, as it may be using some older info on you that it already has. There are lots of “whatismyip” type sites that can try to guess your location. Failing that, see what region Google serves you ads from—any YouTube ads I get are always from my VPN endpoint country/region.
Also, just try plain old Tor Browser to compare with your setup.
Maybe, but it's a brand new Linux install. New browser and everything, just a bit unnerving you know?
It might have been your DNS that was identified? It depends on whether you enabled proxy DNS for SOCKS5.
For best fingerprinting protection, use either:
Avoid using Tor with a normal browser because you will stick out like a sore thumb.
Librewolf, strict browser privacy settings. Delete cookies on exit. Don't store history. Using Mulvad's secure DNS. I have a dynamic IP address setup with the ISP. Then I enable the VPN using NL as my node. THEN I start the Tor relay and connect to it through socks 5. No Captcha presented, visit the AI, asks me for a name.
"Hey, Copilot, where am I?"
Immediately got me.
Yeah, Librewolf by default doesn't use DoT neither DoH, and so your IP is still exposed, but Librewolf had made it fairly easy to change through preferences or the librewolf overrides, whatever more convenient, as stated on its DoH enabling documentation.
That is not what I was referring to. DoH is easy to access in the settings, but with a SOCKS5 proxy you want DNS from the provider to avoid fingerprinting of your location by using a network or DoH provider, which may be a geographically closer server because of your host IP.
Under about:config, change "network.proxy.socks5_remote_dns" to true.
I don't know definitively why they were fingerprinted to there local city, this is just a theoretical reason.
Usually it uses your IP address first, bit it's not the only information in cases where the IP address is a known VPN or similar. Are you saying you were tunneling over TOR the first time?
When you switched to VPN you didn't mention what browser. If it's one that supports advertising IDs, that could be used, for example.
And when you connected to copilot did you get a captcha popup? If so, did you have to actually solve a captcha or click a button? If not, then it likely is getting information from somewhere that you are trustworthy.
Clear all browser data, make sure enhanced tracking protection is not disabled for the site. Go to a site that tells your IP address and verify it's the Tor endpoint to verify the setup there is correct. Then try again.
Also, assuming you're not clicking through any popups to allow tracking info or logging in to any accounts on this browser beforehand. If you log into a Microsoft account or any other account for a site that Microsoft gets info from first, it can use those logins to track you. You can disable this in the browser, but so many sites will break without it.
Yeah so, Dynamic IP set up with the ISP. Running Librewolf, on the strictest browser settings, using Mullvad's secure DNS and Riseup-VPN, with my IP address being NL (Nowhere close to my part of the world). No pop-ups enabled, resist finger printing enabled, no cookies, delete temporary files and cache upon exit. Sharing location disabled (obviously) requests to use any of the hardware all blocked. Only thing running to get the site to work is Java, that I turn on after already getting to the site. Still knows where I am. Start Tor Relay with browser configured to route traffic over socks5, try again with New DNS, Try a 3rd time now with Tor over vpn, still nothing. I actually had a much spookier thing happen with Brave's Leo attempting this from my phone. I use a chinese phone, banned where I live, never for sale. I lived on a different continent when I purchased it. I asked it a question about enabling developer options. It gave me the specific instructions then my make, model and firmware version. When I asked how it knew what phone I had, it told me it was guessing and denied being able to see all the data on my device. This is on the android web browser, with the embedded AI. Fuck me, dude, how do we stop them from collecting data on our hardware? Like, I would love to use Qubes, but the architecture of my machine, just doesn't support it.