laptop -> obfuscation tunnel (udp2raw/iodine/ssh/tor/wstunnel/etc.) -> wireguard UDP port. Though some protocols like ssh or tor only support TCP, so you have to run an additional tunnel in the machine to get to wireguard (udp-over-tcp).

>Deep Packet Inspection

>WireGuard does not focus on obfuscation. Obfuscation, rather, should happen at a layer above WireGuard, with WireGuard focused on providing solid crypto with a simple implementation. It is quite possible to plug in various forms of obfuscation, however.

>TCP Mode

>WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. Rather, transforming WireGuard's UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw.

Yeah, ideally businesses wouldn't be built on this model (free service funded by ads at the expense of privacy and now user control). Then we might not have had to worry about widespread fingerprinting AND we can maintain user control too.

>If EFF cares no much about privacy on the web they should be in favor of this proposal.

Privacy on the web by implementing remote attestation across the web will inevitably in practice reduce digital rights and user control/freedom. The EFF also cares a lot about this, so it makes sense that they would be against the proposal. Both of these goals could be achieved by websites providing the same behavior regardless of the client browser/software that is requesting pages. The reason we have to lie is because user-hostile businesses/sites don't want to adhere to this (advertising, DRM). (ignoring useful things like providing a mobile version of a site)

To note, fingerprinting is always going to be technically possible (especially given the larger and larger feature scope that businesses have wanted to impose upon the web since its inception), WEI is just an attempt to stop ad-driven sites from trying to do it.

Remote attestation might reduce the amount of cheaters in games and fraud in banks if implemented properly. So, through potential indirect means.

I don't think any of this is worth the loss of user freedom and functionality, though. So I will vehemently oppose WEI and similar to be used outside of internal facilities.

Doesn't having to give up a phone number for each account (and you can't use the same number on different accounts) make it difficult? (unless you haven't had to, maybe my browser is suspicious, but it's just regular old Chromium). Would like to do this so that I can separate IRL/weak pseudonym (from random people in servers, obviously you can't be truly anonymous on Discord)

Some services block Tor. Sometimes they can be bypassed by pressing "New Tor circuit for this site" a few times, sometimes they cannot. Some of the methods listed here [0] can help (though I wouldn't log into any accounts using this as TLS isn't being terminated at your machine).

Some features don't work in Tor Browser, off the top off my head, sites using AudioContext, Webauthn, Webassembly. (webassembly can be a pain due to some encrypted paste bin sites using it).

I run multiple instances of Tor Browser (separated with Linux namespaces, particularly netns because Tor Browser will fail to load if an existing Tor service is running at port 9150) so that I can multitask between for example posting this on HN and random browsing in another instance. That also helps with the webassembly thing as I run a script to spin up a temporary instance of Tor Browser, enable webassembly in about:config, and load the failing page.

For the sites that block Tor that I need to login to or that don't work with the ad-hoc methods listed above, I will fallback to using a VPN + an about:config-modified version of Tor Browser that has the Tor proxy disabled. Mullvad Browser can also be used as an alternative.

I also use it outside of TB for IRC among other things. You have to be careful as there is no uniform configuration for everyone like TB.

0: https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/Li...