Show HN: Privacy Experiment – Rewriting HTTPS, TLS, and TCP/IP Packet Headers https://ift.tt/OeGBmcp

-
Show HN: Privacy Experiment – Rewriting HTTPS, TLS, and TCP/IP Packet Headers The README: https://ift.tt/Knslaw9 Or the LP: https://404-nf/carrd.co Or read on... In a small enough group of people, your TLS-handshake can be enough to identify you as a unique client. Around six-months ago, I began learning about client-fingerprinting. I had understood that it was getting better and more precise, but did not realize the ease with which a server could fingerprint a user - after all, you're just giving up all the cookies! Fingerprinting, for the modern internet experience, has become almost a necessity. It was concerning to me that servers began using the very features that we rely on for security to identify and fingerprint clients. - JS - Collection of your JS property values - Font - Collection of your downloaded fonts - JA3/4 - TLS cipher-suite FP - JA4/T - TCP packet header FP (TTL, MSS, Window Size/Scale, TSval/ecr, etc.) - HTTPS - HTTPS header FP (UA, sec-ch, etc.) - Much more... So, I built a tool to give me control of my fingerprint at multiple layers: - Localhost mitmproxy handles HTTPS headers and TLS cipher-suite negotiation - eBPF + Linux TC rewrites TCP packet headers (TTL, window size, etc.) - Coordinated spoofing ensures all layers present a consistent, chosen fingerprint - (not yet cohesive) Current Status: This is a proof-of-concept that successfully spoofs JA3/JA4 (TLS), JA4T (TCP), and HTTP fingerprints. It's rough around the edges and requires some Linux knowledge to set up. When there are so many telemetry points collected from a single SYN/ACK interaction, the precision with which a server can identify a unique client becomes concerning. Certain individuals and organizations began to notice this and produced sources to help people better understand the amount of data they're leaving behind on the internet: amiunique.org, browserleaks.com, and coveryourtracks.eff.org to name a few. This is the bare bones, but it's a fight against server-side passive surveillance. Tools like nmap and p0f have been exploiting this for the last two-decades, and almost no tooling has been developed to fight it - with the viable options (burpsuite) not being marketed for privacy. Even beyond this, with all values comprehensively and cohesively spoofed, SSO tokens can still follow us around and reveal our identity. When the SDKs of the largest companies like Google are so deeply ingrained into development flows, this is a no-go. So, this project will evolve, I'm looking to add some sort of headless/headful swarm that pollutes your SSO history - legal hurdles be damned. I haven't shared this in a substantial way, and really just finished polishing up a prerelease, barely working version about a week ago. I am not a computer science or cysec engineer, just someone with a passion for privacy that is okay with computers. This is proof of concept for a larger tool. Due to the nature of TCP/IP packet headers, if this software were to run on a distributed mesh network, privacy could be distributed on a mixnet like they're trying to achieve at Nym Technologies. All of the pieces are there, they just haven't been put together in the right way. I think I can almost see the whole puzzle... November 11, 2025 at 02:27AM

Comments

Post a Comment

Popular posts from this blog

Complete Guide to E-Commerce Business: Meaning, Models, and How to Start

-
Image
Complete Guide to E-Commerce Business: Meaning, Models, and How to Start                      Discover the simple steps to start online store                    E-commerce is more than a trend — it’s the future of business. Whether you’re in Nigeria , India, Pakistan , or anywhere in the world, selling online is now one of the fastest ways to reach customers and grow your income. In this guide, we’ll cover: What e-commerce really means ( e-commerce business kya hota hai? ) Different e-commerce business models Popular business ideas you can start today Step-by-step guide on starting your online store Bonus: Free e-commerce startup checklist PDF By the end, you’ll be ready to start your own online business. What Is an E-Commerce Business E-commerce means buying and selling goods or services over the internet . In plain terms: You have an online store (web...
Read more

Micro Niches: The Secret Weapon for SaaS Startups Struggling to Gain Traction

-
Image
Micro Niches: The Secret Weapon for SaaS Startups Struggling to Gain Traction In today’s crowded SaaS landscape, launching a product for “everyone” is a fast track to being ignored. The real growth hack? Start small. Think niche. Micro niches are not limitations—they’re leverage.  Why Micro Niches Matter A micro niche is a hyper-specific segment of a broader market. Instead of building a generic CRM, imagine building a CRM for freelance photographers or independent fitness coaches . These focused audiences have unique needs—and fewer tailored solutions. Benefits of Going Micro:   Laser-focused messaging : Speak your audience’s language   Faster product-market fit : Solve a real, specific pain point   Lower CAC : Easier to target with content and ads   Organic growth : Happy users in tight communities = word of mouth  Real-World Examples ConvertKit started as a general email tool—then niched down to serve bloggers. That’s when growth exploded. Jobber bui...
Read more

"From Micro Niche to Money Maker: How I Validated My E-Commerce Idea with AI (No Budget Needed)" Published: September 23, 2025 Keywords: Micro niche, AI validation, e-commerce, free tools, startup strategy Introduction Ever wondered if your e-commerce idea is worth pursuing? In this post, I’ll walk you through how I used free AI tools to validate a micro niche, build a lean store, and test demand—without spending a dime. If you’re stuck between ideas or afraid of wasting time and money, this guide is your shortcut to clarity. Step-by-Step Breakdown 1. Finding the Micro Niche Used ChatGPT to brainstorm underserved product categories. Cross-referenced with Google Trends and AnswerThePublic to check search interest. 2. Validating Demand Leveraged Perplexity AI to analyze competitors and market gaps. Ran polls using Typeform and Twitter/X to gauge interest. 3. Building the Store Created a free storefront using Shopify Starter and Canva for branding. Used Durable.co to generate landing page copy in minutes. 4. Driving Traffic Scheduled posts with Buffer across Instagram, Threads, and LinkedIn. Used Notion AI to draft blog content and email sequences. 5. Tracking Results Monitored engagement with Google Analytics and Hotjar. Adjusted product positioning based on feedback from Tally Forms. Key Takeaways Micro niches are goldmines when paired with smart AI validation. You don’t need a budget—just the right tools and strategy. Testing before investing saves time, money, and frustration. Thinking of launching your own store? Drop your niche idea in the comments and I’ll help you validate it with AI—free of charge!

-
Image
  "From Micro Niche to Money Maker: How I Validated My E-Commerce Idea with AI (No Budget Needed)" Published: September 23, 2025                   Micro niche, AI validation, e-commerce, free tools, startup strategy Introduction Ever wondered if your e-commerce idea is worth pursuing? In this post, I’ll walk you through how I used free AI tools to validate a micro niche, build a lean store, and test demand—without spending a dime. If you’re stuck between ideas or afraid of wasting time and money, this guide is your shortcut to clarity. Step-by-Step Breakdown 1. Finding the Micro Niche Used ChatGPT to brainstorm underserved product categories. Cross-referenced with Google Trends and AnswerThePublic to check search interest. 2. Validating Demand Leveraged Perplexity AI to analyze competitors and market gaps. Ran polls using Typeform and Twitter/X to gauge interest. 3. Building the Store Created a free storefront using Shopify Star...
Read more