Closed Thorin-Oakenpants closed 3 years ago
Thorin-Oakenpants
commented
4 years ago can I ask a question: feel free to answer elsewhere (like a private repo): what is the purpose of this project: PhD? or something else? What's the motivation behind it?
abrahamjuliot
commented
4 years ago nightly error
I think this error is resolved in a2290a3. If I run the latest build in node via server.js, there's no issue. But, I'll perform more tests after I push this to github pages, maybe this weekend.
maxTouchPoints
maxTouchPoints: 5 in contentWindow looks suspicious. I will look into this and perform some tests. There might be a good reason for it. Maybe the display, visibility or size of the contentWindow limits the max touch points available? However, in any case, detecting it adds entropy.
It's currently in trash as a suspicious result (a forgivable lie). It would only be counted among the lie tests if the context prototypes mismatched. Lie tests will collect prototype tampering and failed calculations tests.
purpose
It's in the something else category, somewhere on a lower level. This is intended to expose weaknesses in fingerprint tampering/browser noise and test new APIs that leak or mirror entropy. That's the brief purpose. Much more, desecting the web is an obsessive research interest of mine and this is a tiny means for me to code and build endlessly.
Thorin-Oakenpants
commented
4 years ago yeah, we have slightly different objectives: I only care about gecko :) Detecting engines, browsers, versions (heck even a big list of features detection: a la elements etc) in general is easy. And people messing with settings can set themselves up for advanced scripts. Which is why long term we want to lock down RFP (bypass prefs, it already does on some: block extensions from altering things like it already does on canvas).
So, I only look for entropy within an engine + version + os: because those are already detected and can't be hidden. The maxTouchPoints being different in FF will be the same for all users in FF in that bucket. I was just intrigued when I saw it as a lie in stable Fenix (no RFP) and immediately tested in Fenix Nightly (with RFP) but the break-dancer wouldn't stop boogeying around :)
this is a tiny means for me to code and build endlessly
Well, holy shit. I have LOTS for you to do at TZP
On Fenix nightly, the test never completes: the little spinning box is a never-ending break-dancer 💃 note: double checked without RFP (I use RFP by default)
scrolling down in order
navigator, which is the 2nd to last itemon release Fenix (which has no about:config, thus no RFP) and I have no extensions save uBO which is immaterial, creep computes one lie:
maxTouchPoints: [5] does no match iframe