Current anti-fingerprinting status?

[EivindArvesen]

Does Privacy Badger currently protect against fingerprinting (other than via canvas)? If so, how?

If not, what would be the right way to go about contributing (various alternative approaches and design choices here)?

[ghostwords]

Privacy Badger detects the use of canvas fingerprinting and eventually learns to block the fingerprinting script's domain. Please see #2322 for the rest and let me know if you have any followup questions or suggestions.

[EivindArvesen]

Re: #2322 : Randomization is one approach; Another is what TOR does (making clients look alike), for instance. Am I to assume that this is all out of scope, then?🙂

[EivindArvesen]

@ghostwords I'd suggest that Privacy Badger look into measures to counteract fingerprinting (either via randomization, making clients look alike, or some other strategy),but #2322 suggests you might see this as out of scope for this extension. There are many potential vectors of information leakage, after all.

[ghostwords]

The approach of attempting to hide in a crowd is best left to the browser itself. Extensions just aren't capable enough for this.

Active fingerprinting countermeasures: it's less clear whether extensions should stay out of this or not, but what is clear is that it's a big amount of work for something that offers questionable utility as compared to detecting cross-site tracking and then blocking the tracking resource outright. I don't think the tradeoff here makes sense.

Privacy Badger should focus on automatically detecting and mitigating/stopping the most prevalent types of (non-consensual) tracking. We have a lot of important work still to be done just to be better at what we do already. We should not get distracted by an entirely different, highly complex and privacy-benefit-ambiguous (blocking is 100% better for your privacy, attempting to vary your fingerprint is ??? better ... or maybe ??? worse since you are now potentially more unique ...) approach. Does this make sense?