Rename "secure browsers" to "browsers with countermeasures" to avoid spreading misinformation

[cherti]

To go into more detail of the issues with "secure browsers" we need to discuss different approaches to fingerprinting resistance.

The core point how the currently listed "secure browsers" I was able to test thwart the fingerprinting code is simply adding randomness to this specific function. The rest of the code is not changed, therefore a fingerprinting approach omitting canvas data would be capable of successfully fingerprinting all of the browsers I've tested from the list of secure browsers. Furthermore, it is possible to use that information to easily detect if someone is trying to thwart Browser-fingerprinting by simply calling said function twice in the fingerprinting code and ommitting it for the fingerprint if the two codes don't match.

Therefore this implementation is rather fragile (while technically thwarting nothingprivate.ml, because nothingprivate is not doing such a double check).

In the light of this, the Tor Browser-Developers, and subsequently the Firefox developers, opted for a different approach: removing the information obtained by canvas fingerprinting alltogether. As a result, this function always returns a plain white canvas, no matter what's written on this. By applying this technique, the attack mentioned above goes undetected, as the results of two calls do match, and always will. And in addition to that, they not only do so for the same browser, but over different firefox instances. This can be seen in the screenshot below, where two different firefoxes are shown, one with a normal and a private window as well as a completely different firefox:

(The experiment has been done with all Firefox windows having the same size, as this is part of the fingerprinting code of the used client.js, they have afterwards been rescaled to be visible together on one screen.) We do see that nothing-private works in FF1 just as expected, but the completely separate FF2 gets detected. The reason for this is that nothing-private is clearly incapable of separating these two browsers (especially FF2 is equipped with no add-ons at all), which means that the fingerprinting approach of nothing-private does fail on a standard Firefox (as well as on the Tor Browser), identifying arbitrary firefoxes (of arbitraty people) as the same Firefox, subverting the fingerprinting mechanism by blending many users together, making them look all alike.

The Tor Browser has decided to even taking this a step further lately, by applying letterboxing, which forces the apparent Window size into a predefined set of window sizes regardless of the actual window size, reducing the fingerprint even further by restricting the information obtainable by screen resolution as well.

As it can be seen in the screenshot above, these are extremely effective countermeasures, making nothingprivate.ml incapable of differentiating between browsers and instead simply claiming every browser to be the same and therefore indistinguishable (which is arguably the very definition of "no fingerprinting possible"). As discussed in https://github.com/gautamkrishnar/nothing-private/pull/107 and https://github.com/gautamkrishnar/nothing-private/pull/109, however, applying this approach leads to exclusion from the list, because if all browsers out there having a certain resolution are claimed to be a certain one single browser (see screenshot above), this is certainly the case for an private window and a normal window of the same browser.

Therefore claiming "privacy freaks should use one of the following browsers" while excluding Browsers with fully operational countermeasures is rather misleading and should be rephrased to inform potential readers accordingly, which this PR does, especially as the goal is to make people capable of protecting themselves against this kind of attack.

[gautamkrishnar]

@cherti Thanks again for your contribution, yes I agree. This will avoid misinformation.