Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Web Extensions
How to make my browsing fingerprint less unique?
Message
<blockquote data-quote="oldschool" data-source="post: 905921" data-attributes="member: 71262"><p>I'll re-post this from the link in my post #12 above FWIW, which applies specifically to Firefox but is still a valid argument re: Chromium. <em>I've added italics for emphasis</em>:</p><p></p><p><span style="font-size: 18px"><strong>⚠ Anti-Fingerprinting Extensions... F&%K NO!</strong></span></p><ul> <li data-xf-list-type="ul"><strong>DON'T BOTHER</strong> to <strong>USE</strong> extension features to <strong>CHANGE</strong>any RFP protections<ul> <li data-xf-list-type="ul">Exception: where you can whitelist a site for functionality and you know the risks</li> </ul></li> </ul><p><em>This is not about the merits of randomizing vs lowering entropy: this is about using the best options available. We support RFP (privacy.resistFingerprinting) as far superior (in the metrics it so far covers)</em></p><ul> <li data-xf-list-type="ul"><em>It is trivial to detect RFP and when you change a RFP metric, you lose your "herd immunity"</em><ul> <li data-xf-list-type="ul">i.e.: you just <strong>added</strong> more entropy, very likely unique, compared to the already tiny group of RFP users</li> <li data-xf-list-type="ul">Ask yourself why Tor Project recommends you do not change Tor Browser settings and you do not install extensions</li> </ul></li> <li data-xf-list-type="ul"><em>RFP is robust and vetted by experts (Mozilla, Tor Project, researchers)</em></li> <li data-xf-list-type="ul"><em>RFP is an enforced set where all users <strong>should be</strong>[1] the same: i.e. uniform, in the same "buckets", or exhibiting the same behavio</em>r<ul> <li data-xf-list-type="ul">[1] Don't fiddle with prefs unless you know what they do</li> </ul></li> <li data-xf-list-type="ul"><em>Extensions aren't robust: either lacking APIs, or are poorly designed, or miss all methods, or it's snake oil (impossible)</em><ul> <li data-xf-list-type="ul">e.g.: spoof OS? You can't (RFP can do what it likes as it's an enforced set of users)</li> <li data-xf-list-type="ul">e.g.: spoof user agent, timezone, locale, or language? navigator properties leak via workers and can leak via other methods such as window.open and iframes</li> <li data-xf-list-type="ul">e.g.: spoof screen? css leaks and matchmedia can leak</li> <li data-xf-list-type="ul">e.g.: spoof language/locale? Practically impossible, and if (that's a massive "if") it were perfect, then it's no different to setting that as your preferred website language in options</li> </ul></li> <li data-xf-list-type="ul"><em>Extensions can often be detected</em><ul> <li data-xf-list-type="ul">e.g. script injection and function names</li> <li data-xf-list-type="ul">e.g. if not uniquely, then by their behavior and characteristic patterns</li> <li data-xf-list-type="ul">note: RFP doesn't care if it can be detected, because all users are the "same"</li> </ul></li> </ul><p><em>If you don't use RFP, then <strong>you're on your own</strong>. </em>And don't rely on entropy figures from test sites. The datasets are not real world, very small, and tainted by both the type of visitors, and by their constant tweaking and re-visits which further poison the results and artificially inflate rare results: e.g. on Panopticlick [May 2020]</p><ul> <li data-xf-list-type="ul">e.g.: why are 1 in 6.25 (16%) results returning a white canvas (which is statistically only an RFP solution), and 1 in 6.16 (16%) returning a Firefox 68 Windows user agent, and yet Firefox (and Tor Browser) only comprise approx 5% worldwide, <strong>in total</strong> - actual ESR68 users on Windows, and actual RFP users would both be a <strong>tiny fraction</strong> of that</li> <li data-xf-list-type="ul">e.g.: why are 1 in 1.85 (54%) results returning no plugins, when chrome (at 67% market share) and others by default reveal plugin data</li> <li data-xf-list-type="ul">remember: very, very, very few users use anti-fingerprinting measures</li> </ul><p>It takes large real world studies to get the number of results per metric, and it takes a controlled one (one result per browser) to get the distribution in order to get reliable entropy figures. <em>Don't believe the BS.</em></p></blockquote><p></p>
[QUOTE="oldschool, post: 905921, member: 71262"] I'll re-post this from the link in my post #12 above FWIW, which applies specifically to Firefox but is still a valid argument re: Chromium. [I]I've added italics for emphasis[/I]: [SIZE=5][B]⚠ Anti-Fingerprinting Extensions... F&%K NO![/B][/SIZE] [LIST] [*][B]DON'T BOTHER[/B] to [B]USE[/B] extension features to [B]CHANGE[/B]any RFP protections [LIST] [*]Exception: where you can whitelist a site for functionality and you know the risks [/LIST] [/LIST] [I]This is not about the merits of randomizing vs lowering entropy: this is about using the best options available. We support RFP (privacy.resistFingerprinting) as far superior (in the metrics it so far covers)[/I] [LIST] [*][I]It is trivial to detect RFP and when you change a RFP metric, you lose your "herd immunity"[/I] [LIST] [*]i.e.: you just [B]added[/B] more entropy, very likely unique, compared to the already tiny group of RFP users [*]Ask yourself why Tor Project recommends you do not change Tor Browser settings and you do not install extensions [/LIST] [*][I]RFP is robust and vetted by experts (Mozilla, Tor Project, researchers)[/I] [*][I]RFP is an enforced set where all users [B]should be[/B][1] the same: i.e. uniform, in the same "buckets", or exhibiting the same behavio[/I]r [LIST] [*][1] Don't fiddle with prefs unless you know what they do [/LIST] [*][I]Extensions aren't robust: either lacking APIs, or are poorly designed, or miss all methods, or it's snake oil (impossible)[/I] [LIST] [*]e.g.: spoof OS? You can't (RFP can do what it likes as it's an enforced set of users) [*]e.g.: spoof user agent, timezone, locale, or language? navigator properties leak via workers and can leak via other methods such as window.open and iframes [*]e.g.: spoof screen? css leaks and matchmedia can leak [*]e.g.: spoof language/locale? Practically impossible, and if (that's a massive "if") it were perfect, then it's no different to setting that as your preferred website language in options [/LIST] [*][I]Extensions can often be detected[/I] [LIST] [*]e.g. script injection and function names [*]e.g. if not uniquely, then by their behavior and characteristic patterns [*]note: RFP doesn't care if it can be detected, because all users are the "same" [/LIST] [/LIST] [I]If you don't use RFP, then [B]you're on your own[/B]. [/I]And don't rely on entropy figures from test sites. The datasets are not real world, very small, and tainted by both the type of visitors, and by their constant tweaking and re-visits which further poison the results and artificially inflate rare results: e.g. on Panopticlick [May 2020] [LIST] [*]e.g.: why are 1 in 6.25 (16%) results returning a white canvas (which is statistically only an RFP solution), and 1 in 6.16 (16%) returning a Firefox 68 Windows user agent, and yet Firefox (and Tor Browser) only comprise approx 5% worldwide, [B]in total[/B] - actual ESR68 users on Windows, and actual RFP users would both be a [B]tiny fraction[/B] of that [*]e.g.: why are 1 in 1.85 (54%) results returning no plugins, when chrome (at 67% market share) and others by default reveal plugin data [*]remember: very, very, very few users use anti-fingerprinting measures [/LIST] It takes large real world studies to get the number of results per metric, and it takes a controlled one (one result per browser) to get the distribution in order to get reliable entropy figures. [I]Don't believe the BS.[/I] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
