add firefox to the list of secure browsers

[cherti]

This PR adds Firefox to the list of secure browsers by only using internal configuration options.

[gautamkrishnar]

@cherti firefox was there on the list but was removed due to https://github.com/gautamkrishnar/nothing-private/issues/98 by @nunbit.

@nunbit can you please verify this now.

We need more verifications from other firefox users.

[cherti]

According to the documentation this was added in 57 (as denoted in the file), however I did test this with 76.0.1, it would be interesting to get a firefox ESR-Test as well for older versions.

[cherti]

So, I have run some tests and the result seems to be: the Firefox-Fingerprint prevention works (even when simply reloading the same page), as long as the resolution of the browser window is different from where the form was originally filled out. Only if it is exactly the same size the browser is recognized again.

This finding translates over different distributions, and, most importaintly, this also translates to the Tor Browser, which is currently listed as secure (and actually the behavior of reproducing windows sizes is one of its core features for the user's privacy).

[cherti]

Some further research has yielded this explanation for why Firefox adopted a different behavior for their fingerprint protection: https://github.com/ghacksuserjs/ghacks-user.js/issues/767#issuecomment-515780193, they apparently decided to adapt the scheme of lowering entropy the Tor Browser already employs instead of raising it.

[gautamkrishnar]

I tried the latest version of Firefox, still, I can see some abnormalities. See the video below: https://streamable.com/q15mgj I am using the latest version of firefox.

@cherti if you had gone through the implementation of firefox's fingerprint restriction, can you please tell me what all parameters are randomized or blocked to avoid fingerprinting?

[cherti]

Yes, and this is precisely intended behavior for the sake of tracking protection. I haven't gone throught the implementation itself, but the point here is that canvas randomization is easily detectable, you just run the canvas-fingerprint twice in your fingerprinting routine and the fingerprinter knows exactly that you are applying canvas randomization. That being said, I have tested that with the ungoogled chromium, the only randomized part there, as far as I tested, is the canvas randomization (and likely this is the same for palemoon, I'm extrapolating, but as enabling "canvas.poisondata" is required to make it fool this specific test this seems very likely even without testing).

Therefore, these fingerprinting protections are actually artifacts that can be used for fingerprinting by just slightly modifying the fingerprinting-Javascript (and potentially you can even do statistical attacks on the randomization itself, ungoogled chromium says "maximum 10 pixels", if palemoon does more they are, statistically, easily distinguishable here).

Therefore, the Firefox-approach, taken from the Tor Browser, is fundamentally different: the canvas-API will always return blank white, independent of where the Firefox is running. Instead of making every Firefox randomly unique, they decided to make every firefox look alike. Given that the Browser is extracted by the fingerprinting-JS as well, this is actually denying any information extracted from the canvas API, whereas, as described above, randomization gives away information to the tracking party.

The question now boils down to what you mean by "secure browser". If this this means "fails this specific test", then Firefox will only pass this test if a lot Firefox users use it at the same time (that being said, in this case I'd argue that "secure browsers" is a dangerously misleading claim). If it means "protects you from fingerprinting", then Firefox is actually better in this, because it deprives the tracking party of any additional tracking information by making all firefoxes look alike with regards to their canvases (and many other things that are tweaked by that option), albeit seemingly failing this test (whereas it actually succeeds the test because you would get identified as the same person over different computers if the other specs of the browser are the same, yielding fingerprinting useless.

[ghost]

@cherti firefox was there on the list but was removed due to #98 by @nunbit.

@nunbit can you please verify this now.

We need more verifications from other firefox users.

NO. Nothing changed in 77. same failure, not even on Librewolf with hardened user.js.

Also I am deleting my account due to Microsoft ownership. Consider moving to gitlab :). Bye bye.

[ghost]

Also I am deleting my account due to Microsoft ownership. Consider moving to gitlab :). Bye bye.

[gautamkrishnar]

@cherti thank you for contribution, really sorry we cannot add firefox to the list since nothing private is working fine on default firefox, at least for me.

[gautamkrishnar]

@Thorin-Oakenpants Thanks a lot for the explanation, @cherti had already opened #112 With firefox on the list. It is now merged.

[cherti]

In FF78+ the canvas is randomized on each request (not cached) and is pretty much unique (8 colors, specific pattern, dead give-away on size) - but RFP is not trying to hide itself, and all RFP users (such as Tor Browser users) would still all be the same (on randomizing metrics such as colors etc), as an enforced set.

@Thorin-Oakenpants I've read about this, I wasn't aware that this would already land in FF78, thanks, that is indeed good to know. :)

[cherti]

BTW, it's not actually Depriving websites of canvas data readout: there is a difference in fingerprinting if something is blocked vs spoofing. It's just spoofing as white, so I would change that

Good point, done in https://github.com/gautamkrishnar/nothing-private/pull/113.

I have left Tor Browser as it is for now, once the new release is out it can be changed in the list accordingly and alpha and non-alpha do not have to be differentiated explicitly.