Closed nasimul-hasan closed 2 days ago
uazo
commented
2 weeks ago test results must be understood: unfortunately, that site, although well done, is not made for non-technical users, and only leaves the user to evaluate a green or red dot.
what answer are you looking for? why are they red? or whether it is correct that they are red?
nasimul-hasan
commented
2 weeks ago I'm not technical user. I am just a heavy user of privacy browser. I have some knowledge about it.
I used those browser I marked green. I saw there have really those privacy. But that's unavailable in cromite.
I marked red because this privacy not available in cromite.
I marked green because those browser has this privacy.
I told you, some privacy feature not available in cromite
uazo
commented
2 weeks ago I told you, some privacy feature not available in cromite
As I said, tests must be read from a technical point of view. the user then has to assess whether the choice adopted by the browser suits his or her purposes, it is incorrect to rely on red or green. anyway.
But you should investigate each individual test and find out whether red or green is correct for you, depending on your purposes.
nasimul-hasan
commented
2 weeks ago Ok. Maybe that's website's issues.
But Try improvement if need. Like, Tracking query parameter etc
From my test.
uazo
commented
2 weeks ago Ok. Maybe that's website's issues.
try with https://tls-ech.dev/
Like, Tracking query parameter
you can post your considerations in that issue
etc
etc what? be specific.
nasimul-hasan
commented
2 weeks ago Hmm. ECH enabled.
etc what? be specific.
Not special. I just told to do your best efforts to solve any bug in browser . I'm thankful to you.
arthuredelstein
commented
2 weeks ago Thanks for looking into these, @uazo.
- ECH is active by default, you can always check for yourself with https://privacytests.org/me.html I don't know why it is indicated red there, perhaps a bug
There does seem to be an inconsistent behavior in Chromium-based browsers, where ECH is occasionally disabled. I don't fully understand why yet. I'm looking into it.
However, in Cromite's case (version 125) it appears that it never passed the ECH tests in 5 replicates. That makes me think it was very likely truly not enabled.
- GPC has been active since 126, but the site has not yet updated the version, which is stuck at 125
I will make sure Cromite gets updated to 126 in the next issue.
- the section "Which browsers hide what's unique about your device?" has some issues, because it is not clear why it reports 'desired expression: undefined' and 'actual value: 980,980,980'. but in any case it is an incorrect test (in my opinion). try https://www.cromite.org/tests/size.html, I will always detect the screen size.
The tooltip is indeed confusing here, and I will work on fixing it.
in cromite, the dimensions are always different, making (theoretically) that value useless for fingerprinting.
Would you mind describing what Cromite is doing to hide the screen size, or point me to the protection code? I'm open to modifying my tests if they aren't correctly detecting Cromite's protection.
- Tracking query parameter tests, see Add support (if not already) to clean url with removeparam + list #171 I have not done it yet because I am really doubtful whether it is worth it (but I am more inclined towards uselessness).
My thinking about tracking query parameters is that they are a common tracking method in practice, and blocking them is pretty effective. But I'm open to hearing your thoughts/concerns.
uazo
commented
2 weeks ago I don't fully understand why yet. I'm looking into it.
if you understand it, would you do me the favour of telling me?
That makes me think it was very likely truly not enabled.
certainly, I would have thought the same thing myself.
Would you mind describing what Cromite is doing to hide the screen size, or point me to the protection code?
Sure: the aim is to confuse the behaviour of all scripts that use the co-ordinates of dom elements to fingerprit the device by modifying the co-ordinate handling in chromium at the base. Basically we exploit the emulation of the viewport to modify the behaviour of chromium, playing with the size of the viewport and the internal zoom of the page.
if you have any questions (or detect any bug :) please tell me.
I'm open to modifying my tests if they aren't correctly detecting Cromite's protection.
ah, sooner or later (maybe) I will manage to do some pulls on your repo :) I'm working on a battery of tests (actually for now, on the general technical infrastructure).. wow how complex it is to run Appium + UIAutomator2 and chromedriver together! especially if browserstack is involved... Give me time and maybe then I can propose some changes myself..
Cromite's protection.
I'd like your opinion on the matter.
My thinking about tracking query parameters is that they are a common tracking method in practice, and blocking them is pretty effective. But I'm open to hearing your thoughts/concerns.
I guess, it is a common thought. Unfortunately, I have not yet investigated the subject so you find me rather unprepared. mine is just a hypothesis: if I had to do some tracking via urls I would certainly not use such well-known parameters. and above all I would worry about inserting some tokens as anti-forgery and thus camouflage the real value but I did not see them in those parameters. but of course I could be wrong. When I work on it I will bother you, Thank you for your interest, I really need to discuss some choices with others!
g-k-m
commented
2 weeks ago On a somewhat related note, cromite appears to fail https://noscriptfingerprint.com/ , both on desktop and android. Even on a new session, the fingerprint remains the same. Viewport size protection doesn't seem to help either. I think tor protects against this by having all users use the same exact small window that produces the same fingerprint, but not sure
uazo
commented
2 weeks ago cromite appears to fail https://noscriptfingerprint.com
I am aware of this but have not yet checked.
it is traced with
considering that cromite has no telemetry, for now I am concentrating on getting info from different devices via browserstack to work with some data... be patient...
uazo
commented
2 weeks ago ah nice question. but that's OT. I will be happy to answer you if you use the discussions.
github-actions[bot]
commented
1 week ago This issue has been automatically marked as stale as there has been no recent activity in response to our request for more information. Please respond so that we can proceed with this issue.
github-actions[bot]
commented
2 days ago This issue has been automatically closed as sufficient information hasn't been provided on the issue for further actions to be taken. Feel free to add more information.
Browser has this type of issues showed on photo.
Tested by this websites
Red mark area is of cromite and green mark area is of other browser has this feature.
Details
