search

sereneblue / chameleon

WebExtension port of Random Agent Spoofer
https://sereneblue.github.io/chameleon
GNU General Public License v3.0
507 stars 53 forks source link

Audio data = unique at https://amiunique.org #556

Open slrslr opened 1 year ago

slrslr commented 1 year ago

Prerequisites

Please use issues for bugs only! Answer the following questions for yourself before submitting an issue: YOU MAY DELETE THE PREREQUISITES SECTION.

Hello,

Linux, latest stable Firefox 102.8.0esr (64-bit) with Chameleon v0.22.41 (exported config) and with AudioContext Scrambler 1.3 and with CanvasBlocker 1.8 - tried all mentioned extensions at once, and one by one. I have the issue:

Check fingerprint at https://amiunique.org and scroll down to "Audio data". I see it is marked as "unique" and i memorize curve of the graph displayed next to it. Then i have opened Chameleon window and click to "change" profile. Same result. (btw. 2/6 attempts it displayed "Not supported" (that looked better). Most of the test returns unique audio data (bad), despite Chameleon option has enabled "Spoof audio context". It happen even when extension "AudioContext Scrambler" is disabled and Chameleon is enabled with enabled "Spoof audio context". I have not found any of the mentioned Firefox extensions to prevent that unique Audio on its own.

It seems like this kind of Chameleon protection is not active OR that webpage is using erroneous script, per https://github.com/kkapsner/CanvasBlocker/issues/283#issuecomment-428288629 ? At https://audiofingerprint.openwpm.com/ it shows the audio graph too for all mentioned Firefox extensions.

sereneblue commented 1 year ago

Hi @slrslr,

There does seem to be an issue with the coverage of the audio fingerprint spoofing. For Am I Unique, the value doesn't change. Looks like in more recent Firefox versions, data isn't returned so this may no longer be an issue.

For OpenWPM, the fingerprints for DynamicsCompressor are changed, but not for OscillatorNode. This looks like something that can be improved.

Thorin-Oakenpants commented 7 months ago

window.audioContext (excluding properties/keys) requires "user gestures" - i.e a click etc (not sure exactly what constitutes this per Mozilla's design)

edit: so I went digging, as I was intrigued what actually constitutes a user-gesture (in gecko) that gates so many things, and I found this: https://github.com/whatwg/html/issues/1903