Web pages are not allowed to list your extensions. They can indirectly surmise you have certain extensions based on how your requests differ from expectations. For example, if they have advertisements, but your browser never actually makes any requests to load the images, CSS, JS or HTML for the advertisements, they can deduce you have an ad-blocker. That’s a datapoint they now have to ID you: “has an ad-blocker”

Now let’s say they have an ad they know AdBlockPlus allows, but uBlock Origin doesn’t. They see your browser doesn’t load that ad. Another datapoint: “Not using AdBlockPlus”.

Based on what requests go back and forth between your browser and their servers, they map out a unique fingerprint.

Now you visit another site, and lo and behold, all the same quirks are found. Tada, they now say “hm, probably the same browser,” and start personalizing content. Site use an ad network, so it’s the common denominator, not the sites you visit. The ad networks do the between-sites tracking.

also, VPN does diddly squat when you login to some service like google, facebook, xitter, amazon, outlook, reddit, etc. You logged in as you. They don’t give a shit you’re logging in from another IP. And if the sites are working with the same ad network, if you’ve ever logged in from your real IP even once, they they just add another datapoint about you: “Sometimes uses a VPN” and that gets tucked away in your permanent record.

nothing you do online is private. I’m not saying “give up” but it’s pretty bleak and I don’t see it getting better anytime soon.

git checkout takes a branch or tag name. In your example, it’s almost certainly referring to a git tag that aligns with a version of the software.

only in theory. in reality, only one person would ever buy it then re-release the source code for free-as-in-beer. unless you’re talking about something other than GPL2/3.

Give it to the dev, and explain the situation. Let them know it seems too big/complex of a PR, but you’re willing to make additional changes, or break up PR to make it more palatable for merging. It’s in the dev’s hands after that.

I don’t think you should release your own fork without at least trying to work with the original project.

Make sure all your commits have detailed commit messages so that the dev can follow what you were doing (upgrading deps, refactor because xyz, etc.) Don’t just record what was changed, explain why it was changed.

anyway that’s what I would do.