Web pages are not allowed to list your extensions. They can indirectly surmise you have certain extensions based on how your requests differ from expectations. For example, if they have advertisements, but your browser never actually makes any requests to load the images, CSS, JS or HTML for the advertisements, they can deduce you have an ad-blocker. That’s a datapoint they now have to ID you: “has an ad-blocker”

Now let’s say they have an ad they know AdBlockPlus allows, but uBlock Origin doesn’t. They see your browser doesn’t load that ad. Another datapoint: “Not using AdBlockPlus”.

Based on what requests go back and forth between your browser and their servers, they map out a unique fingerprint.

Now you visit another site, and lo and behold, all the same quirks are found. Tada, they now say “hm, probably the same browser,” and start personalizing content. Site use an ad network, so it’s the common denominator, not the sites you visit. The ad networks do the between-sites tracking.

also, VPN does diddly squat when you login to some service like google, facebook, xitter, amazon, outlook, reddit, etc. You logged in as you. They don’t give a shit you’re logging in from another IP. And if the sites are working with the same ad network, if you’ve ever logged in from your real IP even once, they they just add another datapoint about you: “Sometimes uses a VPN” and that gets tucked away in your permanent record.

nothing you do online is private. I’m not saying “give up” but it’s pretty bleak and I don’t see it getting better anytime soon.

only in theory. in reality, only one person would ever buy it then re-release the source code for free-as-in-beer. unless you’re talking about something other than GPL2/3.

Give it to the dev, and explain the situation. Let them know it seems too big/complex of a PR, but you’re willing to make additional changes, or break up PR to make it more palatable for merging. It’s in the dev’s hands after that.

I don’t think you should release your own fork without at least trying to work with the original project.

Make sure all your commits have detailed commit messages so that the dev can follow what you were doing (upgrading deps, refactor because xyz, etc.) Don’t just record what was changed, explain why it was changed.

anyway that’s what I would do.

Ah, didn’t realize pfSense is the OS, not something that runs on linux. My command examples won’t work for you.

So my first question is how can it be that my little mini J1900 Celeron (2 GHz) with 4 GB RAM cannot handle this bandwith?

• check ethtool for link speed: sudo ethtool enp2s0 | egrep 'Speed|Duplex' Your device name may be different from enp2s0. use ip link to see all devices. if it’s not

Speed: 1000Mb/s
Duplex: Full

then that’s probably a bad sign.

• that is a 10 year old celeron processor. celeron were the budget (a.k.a. cheapest, slowest) class processor at the time. it’s quite likely that it cannot keep up.
• If you still think it’s not CPU directly, use iotop to see if you have I/O bottleneck.

dmesg | less should allow you to scroll the output. You should use forward slash in less to search for the devices (hit enter), see if the modules are being loaded or if there some errors.

check lsmod before and after see what kernel modules are changing.

also look at dmesg for interesting kernel messages as you attempt to use / not use the offending hardware.

tcpdump, wireshark can capture packets.

haproxy can be a proxy of many networking protocols

mitmproxy can help see encrypted traffic by acting as a literal man in the middle.

ssh with certain parameters can become a SOCKS5 proxy to encrypt and tunnel traffic out of a hostile network

There, their its are not it’s they’re its. It’s as simple as “its”, as it’s the its it’s.