- Aug 21, 2020
- 609
@Sunkar Thank you so much for clarifying. I truly appreciate it.
Yes, it is but smaller. There is an overlap only for fingerprinting prevention.
thanksYes, it is but smaller. There is an overlap only for fingerprinting prevention.
Request to JShelter developers: don't add nonsense, add noise!
Technical definition of noise: irregular fluctuations that accompany a transmitted electrical signal but are not part of it and tend to obscure it.
This morning I got another email notification from Github (Better to provide real world values than random or faked values for three spoofs WebGL, Plugins and Fonys · Issue #166 · polcak/jsrestrictor) telling me again that the WebGL vendor and renderer values are correctly randomized with non-existing fake values. They don't seem to grasp that they are adding identifying nonsense in stead of obscuring noise.
Trace for instances does this (half) right by adding a list of real world GPU models to obscure WebGL vendor and renderer. To do this perfectly right the end-user has to limit this list to DirectX and WebGL versions which the end-user's own GPU model does accept (as explained in red in the picture). So when you have a Intel 620 HD Graphics model, you should limit the list to generation 9 Intel GPU's all excepting DirectX 12_1 (the 5xx and 6xx family Intel graphics GPU's).
View attachment 263644
I only get responses (probably from tech people) that they are implementing what the BLOG tells them to (link). Sadly there seems to be no big-data expert and digital marketeer involved who can explain them what they are doing is putting a huge pink elephant (non-existing value) in a herd of sheep and thinking they won't stand out, so until further notice
DON'T USE THIS EXTENSION
*) This is yet another example of the much posted advice in security forums that it is better to add no fingerprinting protection than wrong obfuscation. Remember that only a limited percentage of the websites use these advanced fingerprinting techniques (5 to 10 at most is my guess) because the digital marketeers using these systems are often only trained in the top3 most prevalent tracking systems and have to proof (every two to three) years that they still know how to operate these analysis/tagging/tracking systems.
Trace has this setting disabled by default. It is, however, available to be enabled in the free version.To do this perfectly right the end-user has to limit this list to DirectX and WebGL versions which the end-user's own GPU model does accept (as explained in red in the picture).
I tested on browserleaks.org and it is giving me all of my true user agent data and a unique fingerprint lol. It doesn't seem to do anything on my end.
I have to correct myself (it's not about consistency):It won't simply hide or change your userAgent because it may introduce inconsistency of the fingerprint and make it more unique.
It's a cat and mouse game. Not worth the effort or possible breakage. Built-in protection is best, at least for me.What do you guys and girls think about it?
Thanks for the info: I stopped following the development of this extension because of the disappointing discussion I had with them. Now it seems that they agree that blurring and blocking has to be done right (or else it makes you easier to track). So they did some research and sort of changed their finger printing counter strategyThe discussion in this thread shows that there is no agreement about the best way of spoofing fingerprint elements (and perhaps there isn't such way at all). Apart from this, I don't like spoofing because ordinary tracker blockers do a better job. Nevertheless, JavaScript Restrictor has an interesting new mechanism: FingerPrint Detector (FPD).
What do you guys and girls think about it?
So it's worth using now in your opinion?@SecureKongo They adopted their approach I am using this extension in my STRICT browser profile (not in my EASY profile)