forkoz
commented
8 years ago Yes please, there is no way to stop this at the moment. I'm going to come out and say it... I hate HTML5 and wish it would die a fiery death.
Open danielcra opened 8 years ago
forkoz
commented
8 years ago Yes please, there is no way to stop this at the moment. I'm going to come out and say it... I hate HTML5 and wish it would die a fiery death.
dillbyrne
commented
8 years ago This is very much in the scope of RAS so I will try to get in the version after next
one-two-three
commented
8 years ago Other than disabling JavaScript, which isn't always an option since the modern web relies heavily on it, there's currently no way of defending against this type of fingerprinting so it should be of high priority. If RAS is the first to do this, it could also help attract more users.
forkoz
commented
8 years ago it seems like i can"t stop auto loading of audio content at all which if i'm not wrong is why it works so well. i see flashblocked video's sound load still. thanks HTML5
this should have been fixed in 2013: https://bugzilla.mozilla.org/show_bug.cgi?id=665598
ghost
commented
8 years ago Check out the detailed test here: https://audiofingerprint.openwpm.com/
The following are responsible: AudioContext API OscillarNode API DynamicsCompressorNode API
SHHSSH
commented
8 years ago Option to disable network cache (forced by default to fix issue #121 looking for a work around)
^ Is this basically a DNS flusher?
dillbyrne
commented
8 years ago Option to disable network cache (forced by default to fix issue #121 looking for a work around)
^ Is this basically a DNS flusher?
No it was a workaround to fix a bug where the canvas was not being disabled when a user navigated back to a page which was already loaded. I have rewritten that code so the fix is no, longer needed.
dillbyrne
commented
8 years ago @Wannabe-Programmer Thanks for the update. I have to update some more profiles and I'll test and issue a release, to have a working RAS release. I'll try to tackle the audio fingerprinting and fix the date code in the release after that.
In the mean time If anyone wants to work on it I'll accept pull requests.
ghost
commented
7 years ago Interesting. According to this thread, some AudioContext attributes stay between common values.
For most users the "ac-sampleRate" should be one of the following - 44100Hz, 48000Hz, 96000Hz and the "ac-maxChannelCount" should be either 0, 2, 32 or 10000 using Firefox.
The tests were done here: https://audiofingerprint.openwpm.com
Rudd-O
commented
7 years ago What do you mean by "stay between common values"?
ghost
commented
7 years ago @Rudd-O I mean that some properties of the AudioContext API stay the same for most users - or at least within a small range of differences. This essentially means that some of the outputs are not as unique as others. Therefore, if we plan on spoofing these values, it should not be completely random (at least I'm assuming).
Obviously, more research needs to be done before anyone can actually do anything. I may very well be talking out of my ass at this point.
dillbyrne
commented
7 years ago I have added the option to block it and whitelist it for now. #500 When I get some time I'll look into spoofing the API. If someone would like to have a go feel free.
Hi,
Could you think about ways to add protecting against audio fingerprinting in future releases? As I understand, it works in a similar way as Canvas fingerprinting, just using audio devices. See here for more details: http://thehackernews.com/2016/05/audio-fingerprint.html
Thanks