Extract domain list of FP providers & offer it as an AdBlocker-subscribable version

[Cathryne]

In the paper, you mention some "Content Provider" domains you have tested and a bunch of "Fingerprinting Service Provider" by name. Does you data also include the latters' domains, or could your extension be modified to extract those?

Would it be feasible for you to either

a) centrally offer such a domain list (e.g. committed into 1 of your repos here, see examples) or

b) have the user's browser create it locally, so that it could then fed back into an ad- or JS-blocker (uBlockOrigin, pi-hole, etc.)

? Either way, thanks for working on this!

[fpmon]

Using FPMON, you can definitely find many of these domains. Check out the top-scoring scripts section in the tool!

However, we think that blocking domains will not work in the long run ... We even found randomized domains and fragmented scripts that probably bypass any blacklists or blocking solution. Hence we favor a more comprehensive and sustainable solution such as simplifying the JS runtime environment. Why not block everyone by default who wants to access your WebGL, Audio, Battery, Connection details in this way?

[Cathryne]

True, but when will that be implemented in the major browsers? Offering a list seems to be something that you could do soon.