andryou
commented
8 years ago Thanks for this, I'll use this as a checklist after I finish focusing on performance/compatibility fixes.
Open gameb0y opened 8 years ago
andryou
commented
8 years ago Thanks for this, I'll use this as a checklist after I finish focusing on performance/compatibility fixes.
gameb0y
commented
8 years ago thank you.
Canvas Fingerprint:
canvas HTMLCanvasElement CanvasRenderingContext2D toDataURL getImageData getContext putImageData fillText strokeStyle fillRect createImageData Path2D strokeText DrawImage drawImage textBaseline fillStyle globalCompositeOperation beginPath closePath
andryou
commented
8 years ago @gameb0y just to update you; I'm working on canvas fingerprint protection this weekend. I'll be focusing on these 4 functions:
The rationale is that these four canvas functions are used to extract/read canvas data (while the others are just used to write to the canvas). It is this collection of data extraction functions that we'll want to intercept and feed fake data.
andryou
commented
8 years ago Documenting some test sites for relevant canvas functions:
https://www.browserleaks.com/canvas https://blueimp.github.io/JavaScript-Canvas-to-Blob/test/ http://tutorialspark.com/html5/HTML5_Canvas_get_Image_Data_Demo.php http://www.javascripture.com/WebGLRenderingContext
gameb0y
commented
8 years ago @andryou thank you so much
andryou
commented
8 years ago @gameb0y I was on a roll tonight ;)
Going to spend the next couple of days testing, but the next update will contain these new options!
gameb0y
commented
8 years ago woooooooooooooooowwwwww! this is amazing! thank you sooooooooo much :)
gameb0y
commented
8 years ago Screen resolution spoofing:
clientWidth
clientHeight
height
width
colorDepth
pixelDepth
availHeight
availWidth
availTop
availLeft
innerHeight
innerWidth
outerWidth
outerHeight
devicePixelRatio
HardwareConcurrency
keyboard and mouse fingerprint: https://paul.reviews/behavioral-profiling-the-password-you-cant-change/
KeyboardEvents KeyboardEvent KeyboardEventKey KeyboardEventCode DragEvent WheelEvent MouseEvent
gameb0y
commented
8 years ago Timezone and Clock Offset: While the latency in Tor connections varies anywhere from milliseconds to a few seconds, it is still possible for the remote site to detect large differences between the user's clock and an official reference time source
Javascript Performance Fingerprinting: Javascript performance fingerprinting is the act of profiling the performance of various Javascript functions for the purpose of fingerprinting the Javascript engine and the CPU.
USB Device ID Enumeration: The GamePad API provides web pages with the USB device id, product id, and driver name of all connected game controllers, as well as detailed information about their capabilities. This API should be behind a site permission in Private Browsing Modes, or should present a generic controller type (perhaps a two button controller that can be mapped to the keyboard) in all cases. We simply disable it via the pref dom.gamepad.enabled.
Monitor, Widget, and OS Desktop Resolution: Both CSS and Javascript have access to a lot of information about the screen resolution, usable desktop size, OS widget size, toolbar size, title bar size, and OS desktop widget sizing information that are not at all relevant to rendering and serve only to provide information for fingerprinting. Since many aspects of desktop widget positioning and size are user configurable, these properties yield customized information about the computer, even beyond the monitor size.
Display Media information: Beyond simple resolution information, a large amount of so-called "Media" information is also exported to content. Even without Javascript, CSS has access to a lot of information about the device orientation, system theme colors, and other desktop and display features that are not at all relevant to rendering and also user configurable. Most of this information comes from CSS Media Queries.
gameb0y
commented
8 years ago gameb0y
commented
8 years ago 
gameb0y
commented
8 years ago gameb0y
commented
8 years ago appName appCodeName appVersion appName productSub vendor vendorSub
gameb0y
commented
8 years ago please add this
gameb0y
commented
8 years ago 
Nemisor
commented
8 years ago As a followup to https://paul.reviews/behavioral-profiling-the-password-you-cant-change/ the Keyboard Privacy extension they released seems to work fine, however the current implementation in ScriptSafe causes the browser to hang for extreme periods of time. Hopefully it can be improved, but for now, I'll stick with their extension.
please block this
Canvas Fingerprint www.browserleaks.com/canvas
AudioContext Fingerprint https://audiofingerprint.openwpm.com/
Battery API http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/
webrtc unique devices id's www.browserleaks.com/webrtc
/////////
webgl fingerprint: WebGLRenderingContext WebGLShader WebGLTexture WebGL2RenderingContext
audiocontext fingerprint: webkitAudioContext OfflineAudioContext AudioContext webkitAudioContext createDynamicsCompressor createOscillator OscillatorNode webkitOfflineAudioContext
webrtc and webrtc unique devices id's: MediaStreamTrack RTCSessionDescription RTCDataChannel webkitRTCPeerConnection RTCPeerConnection
battery status api: getBattery