For example: non-consensual phoning to google.com when using Trivalent.
Do you have evidence of this? Please don’t just throw out stuff like this without evidence
That said, it’s nearly impossible to use the internet without interfacing with google in some fashion. Are you going to block https://pki.goog/? That’s going to break sites that use google’s CA. Then there’s https://gstatic.com, https://fonts.google.com, etc
Hardening done to Trivalent makes you stand out (fingerprint is more unique) more than other browsers out there.
“fingerprinting” as a concept is more a marketing term than anything, so you’ll have to be much more specific. And on top of that, even if I grant your premise, you’d have to somehow get from “more unique fingerprint” to “less secure”, and I don’t see the connection there.
Like you said, if not being fingerprinted is someone’s priority, they should be using TB.
If say disabling JIT/WASM makes the fingerprint “more unique”, what does that enable them to do that they couldn’t do on a browser with JIT/WASM on? On the contrary, the attack surface is reduced, so they’d have fewer vectors to work with.
I gave an example of what could be considered PII in scope of secureblue’s project (Trivalent as their browser).
Why would a browser ever block these domains? Ublock Origin doesn’t even block them by default. It’s not browser’s business to block bad privacy practices by websites. depends on how you would like to approach it, both Tor browser on Safer & Safest security level and Safari in lockdown mode disable some fonts
hypothetically speaking, with lack of anti-fingerprinting techniques whether you agree on its premise or not, will reduce the chances of specially crafted attack that targets a specific visitor on some website.
Not really, it is just not as easy to protect against when the possibilities of tracking increases when there’s new addition to the specification of JS & CSS, and depending on how secure the engine implements it.
I gave an example of what could be considered PII in scope of secureblue’s project (Trivalent as their browser).
Is this a real example or an imaginary one? If it’s real, open a bug report with evidence. If it’s imaginary, say so
will reduce the chances of specially crafted attack that targets a specific visitor on some website.
Your assumption is in thinking that hardening makes this easier. It’s the opposite. Users are already trivially fingerprinted, and hardening measures make entire categories of vulnerability go away. So it makes an attacker’s life harder.
tracking
This is another nebulous term that would need more definition
spoof that you have such hardening enabled
None of this seems security related so I’m not terribly keen on continuing further.
Sorry for causing drama)
I use firefox for vpn extension to separate profiles on the trusted websites that I rarely visit. I use chromium based browsers for most of the time.