gautamkrishnar/nothing-private

Sentry CDN usage

Ghostbird opened this issue · 2 comments

Is your feature request related to a problem? Please describe.
I assume the fingerprint functionality is loaded from sentry CDN. If the load is prevented, you might still be fingerprintable by non-external scripts. I visited the page, and it didn't manage to fingerprint me. However, I'm using NoScript and sentry-cdn is marked as untrusted. I've got at least one more layer of protection like it. Those layers do not protect against fingerprinting in-and-of itself. Instead they prevent known finger-print scripts from being loaded in the first place.

Describe the solution you'd like
Consider hosting the fingerprint script on the page itself. If the script is self-hosted, several preventative layers of protection can probably be bypassed, which makes the page better test how fingerprintable the browser is.

Describe alternatives you've considered
Maybe that's not what you want to test.

Additional context
The trade-off is that updates to the fingerprint script are not automatically applied.

@Ghostbird sentry is used just for error monitoring. Not for fingerprinting. Fingerpinting code is hosted at: https://www.nothingprivate.ml/main.js

Then I made a wrong assumption. I'll close this.