Atavic
commented
5 years ago spew out randomized fake information.
I am totally of this idea, too. I am happy with eclipsedmoon and its Smart Mode approach.
Closed elypter closed 5 years ago
Atavic
commented
5 years ago spew out randomized fake information.
I am totally of this idea, too. I am happy with eclipsedmoon and its Smart Mode approach.
samuel8941
commented
5 years ago It should be noted that fingerprinting is done via scripts, and those scripts are very rare in the wild, and most are blocked by the typical filterlists.
Focus would better be on taking the native Firefox anti-tracking feature and adding a couple of blacklists that include fingerprinting scripts.
elypter
commented
5 years ago lists however will never catch everything and require steady maintenance which is not secure and could come to a halt tomorrow. a systematic counter measure can protect against unknown tracking as well. with some websites using over 100 scripts even if just 1% gets through this means you are getting tracked. it's an arms race and it will only get worse. furthermore, some fingerprinting countermeasures can detect a fingerprinting attempt and collect(of cause only those who actively chose to do so) that data to improve filterlists. it also helps against targeted attacks that only try to de-anonymize small groups of users.
samuel8941
commented
5 years ago lists however will never catch everything and require steady maintenance which is not secure and could come to a halt tomorrow
Nothing will catch everything - often you have a trade off between privacy and usability and you want to find the best spot.
I refer to the biggest study done on the topic: https://webtransparency.cs.princeton.edu/webcensus/
There are only a handful of companies that create fingerprinting scripts, so it is extremely easy to find: https://webtransparency.cs.princeton.edu/webcensus/canvas_fingerprinting.tsv
All in all the purpose of a browser targeted at casual web-browsing does not need to catch "everything", because when you start to go that route then the functionality will suffer greatly.
People who have to fear sophisticated, targeted attacks already can use the Tor Browser. It sounds like your use case is already satisfied by using the Tor Browser.
Protection against tracking-corporations is easily given by applying filterlists.
If you want to apply the same level of protection as Tor then Librefox will exclude a large percentage of users because the browser will become unusable in many ways.
elypter
commented
5 years ago I don't see why you would want to go for anything less than the best privacy you can get without sacrificing security. you talk about a trade off between privacy and usability but you do have that with filterlists as well. no list is perfect and so are no browser counter measures. yet in both everything is fixable. many of those addons have whitelists to avoid problems which essentially are lists as well.
i do not like single points of failure. if i can have 2 independent ways of protection i will always chose 2 over 1 even if someone says 1 is enough. there will eventually be a situation where additional security saves your ass. i would also take a 3rd measure if that exists. as long as it doesn't interfere with normal browsing, which it does not, there is no reason not to be better protected.
intika
commented
5 years ago Thank you for bringing this, as its an important topic. In the current state of the project Librefox (with default settings) have Tor fingerprint.
Here are the doable solutions and choices that should be available:
(1) In both of those cases easy accessible whitelist need to be available
Let me know if i forget something.
intika
commented
5 years ago i opened a to-do https://github.com/intika/Librefox/issues/49 for the matter and closing this ;)
This is more of a general concept than about a specific fingerprinting method.
The TOR browser and many privacy focused addons attempt to limit the fingerprinting potential by reducing the amount of unique information. however that information in itself can be used for fingerprinting as well and the same is true for a browser with a relatively small user base. this gets even worse if users make custom changes. so there appears to be an upper bound for privacy.
however this does necessarily not have to be the case. instead of limiting information and advising users to not make any changes do the opposite: spew out randomized fake information. this is even more effective as adversaries think they got valuable information and populate their databases with it. this is theoretically possible to do with every bit of information that does not inevitably affect usability but that is already the case with common anti fingerprint methods.
there are some obstacles though. inconsistencies between different bits of information could theoretically be detected. however this requires extra effort and is only viable if enough information is being collected in the first place. in the worst case though an adversary would still only know you are faking data and thus use a browser that does this which is as good as the best case for classical methods. to counteract this you need a logic that keeps consistency that immitates common browsers in varying configurations and keeps the decoy over the lifetime of a website session.
it is more challanging overall becuase it requires dynamic changes instead of just static ones but is best to lay the foundations early on.