Closed Thorin-Oakenpants closed 9 months ago
opusforlife2
commented
9 months ago That doesn't really make it clear. Let's pose it this way: Does AF v125 user John Doe get more privacy protection by sticking to AF defaults (hence FPP), or by manually flipping RFP on?
mik0l
commented
8 months ago Not always, but sometimes there is a leak in "Service".
Thorin-Oakenpants
commented
8 months ago OK, so I can confirm (nightly 125) - the result in SWers sometimes (I get it almost every time) is not randomized
@tomrittervg see STR in previous comment
this is without FPP
some FPP examples
Thorin-Oakenpants
commented
8 months ago ^ ping! @tomrittervg reminder .. next reminder in 1 day :)
Edit: RFP works like a charm, no leaks - random execution every time
oh, I should also mention that in the future we will be able to have two different mode of FP protection, and RFP will be able to have some protections disabled
So the first is we will be able to use RFP in normal windows, and FPP in private windows. FPP is a work in progress (and almost ready). Initially (more will be added) will subtly randomize canvas, audio has been normalized for all users in FF118+, it returns 0 for window/screen positions (I think) and it will use font vis level 2.
So in effect, if something is totally fucked in normal mode, you can just flick it open in a PB window. FPP will also have compat rules - so they can ship an unbreak per site (i.e not apply e.g. canvas on site A) - but these are very basic protections so far and shouldn't break anythingNo, we cannot have FPP in normal windows and RFP in PB mode - it's not engineered to do thatwe can only have a mix of these in this config: normal windows FPP, pbmode RFP
For RFP itself, we can create our own set of what to apply globally - using RFPTargets. Since the main emphasis of RFP for us is fooling naive scripts, then relaxing some of the others is not as much of a concern. Personally I think it's a bit silly - RFP is an all-in or nothing approach, at best it could have three levels (like brave's FPing shield levels - off, standard, aggressive) and per site. But I get the engineering side of it, where all those RFPTargets allow crafting compat rules, and these FPing protections will slowly start to creep into FPP - edit just to be clear, compat rules are only for FPP
So AF moving forward has some options with defaults and override recipes
awe could use FPP mode in all windowsbwe could use FPP in normal windows and RFP in PB windowscwe could relax some RFP protectionsSo for example, for RFP, if you have a monitor where the FPS !== 60 and it causes videos/animations etc dropping frames, you could modify the pref to apply all but timing protections.
https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc
I think I will go with option
adown the track. While I do think RFP (no exceptions to targets) is best (the more metrics protected, the better the chances, plus it has timing mitigations), this really is best suited for a crowd and a different threat model - use Mullvad Browser, Tor BrowserOriginally posted by @Thorin-Oakenpants in https://github.com/arkenfox/user.js/issues/1711#issuecomment-1698488246