We'll be gathering to for a community forum on data collection, mass surveillance, and data centers that threaten the Colorado way of life. Feel free to leave a comment here for talking points, or to discuss why these things are harming Coloradans.
For the last two years I've been building an open-source local TLS-terminating proxy that spoofs your devices fingerprint across four layers (AGPLv3). The goal is to allow a user to rewrite their fingerprint and mitigate cross-session tracking.
Github: un-nf/404
Browser fingerprinting is pervasive. It allows big-tech companies like Google and Meta to track you across the internet whether you're using a VPN or private browsing modes.
The four layers:
> Rewrites TLS cipher-suite fingerprint to match the advertised profile (via wreq).
> Injects JS runtime into the <head> tag of the HTTP Response. Spoofs dozens of JS APIs. Spoofing works on Browserleaks and FingerprintJS.
> Rewrites HTTP headers to match advertised profile.
> Linux eBPF module, integration with WSL2 within the week. Rewrites network level values that tools like p0f and nmap use to fingerprint your device, OS, or browser.
Open source, AGPLv3.
All of the spoofed values are pulled from a predefined profile with dozens of values. This ensures that the spoofed values all align with each other and allow for the proxy to generate a coherent, believable profile that is not linked to your native fingerprint.
I am happy to have conversations about architecture decisions, use-cases, or assist with configuration. Let me know what you guys think!
For the last two years I've been building an open-source local TLS-terminating proxy that rewrites browser fingerprints across four layers (AGPLv3). The goal is to allow a user to rewrite their device fingerprint and mitigate cross-session tracking.
Website: 404privacy.com
Github: un-nf/404
Browser fingerprinting is pervasive. It allows big-tech companies like Google and Meta to track you across the internet whether you're using a VPN or private browsing modes.
The four layers:
>Rewrites TLS cipher-suite fingerprint to match the advertised profile (via wreq).
>Injects JS runtime into the <head> tag of the HTTP Response. Spoofs dozens of JS APIs. Spoofing works on Browserleaks and FingerprintJS.
>Rewrites HTTP headers to match advertised profile.
>Linux eBPF module, integration with WSL2 within the week. Rewrites network level values that tools like p0f and nmap use to fingerprint your device, OS, or browser.
Open source, AGPLv3.
All of the spoofed values are pulled from a predefined profile with dozens of values. This ensures that the spoofed values all align with each other and allow for the proxy to generate a coherent, believable profile that is not linked to your native fingerprint.
I am happy to have conversations about architecture decisions, use-cases, or give you access to the application. Let me know what you guys think!
I've been developing this proxy for the last two years and it's finally ready. It's a TLS-terminating localhost proxy (think mitmproxy HAproxy, Burp).
404 offers JS injection to the likes of an anti-detect browser, but detects what browser you're running and applies a profile accordingly (there are Blink and Gecko profiles right now). It also modifies TLS cipher-suite and HTTPS headers. I know the suspect score is high here, but it's because I was using a windows profile on a mac while I recorded this demo and cross-OS spoofing is not fully implemented, though it works. When running a chrome-windows profile on a blink-windows native device, the suspect score goes down to 0! Try it yourself.
404 is critical privacy infrastructure. The government is using our advertising profiles to build behavioral profiles on anyone who's ever been online. VPNs don't solve this problem. Ad blockers don't solve this problem. Tor/Mullvad and a VPN are definitely more hardened options, but those will soon be obsolete or even completely blocked. I know I have a hard time getting on certain sites with Mullvad that I don't have an issue getting on with 404.
You can use the CLI app for free, it's pretty simple. The binary is here and it takes like three commands to setup.
If you want a more polished experience (automatic CA management, auto profile selection) you can visit the site for a free trial or reach out to me and I'll get you a dev-license for helping me finish developing this beast.