Firefox added a preference in about:config to disable the web audio API used to track users: https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
The pref in firefox is: dom.webaudio.enabled
Could this be added to palemoon for privacy?
Thanks!
Pref to disable webaudio API
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
velkro
Pref to disable webaudio API
Hi,
Firefox added a preference in about:config to disable the web audio API used to track users: https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
The pref in firefox is: dom.webaudio.enabled
Could this be added to palemoon for privacy?
Thanks!
Firefox added a preference in about:config to disable the web audio API used to track users: https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
The pref in firefox is: dom.webaudio.enabled
Could this be added to palemoon for privacy?
Thanks!
Re: Pref to disable webaudio API
From https://bugzilla.mozilla.org/show_bug.c ... 288359#c22
The other suggestion in that same comment would be in line with our canvas approach to poison data, and likely be a better solution:
So disabling this really won't do much good (disabling this also provides entropy, after all).From what I can tell, the bit exposed here reveals the implementation of the browser engine, including which OS you're on, which is already exposed. Based on some testing, it seems that different versions of Firefox on the same machine all return the same "fingerprint", and even more interestingly, Chrome and Opera on the same machine also expose the same "fingerprint."
The other suggestion in that same comment would be in line with our canvas approach to poison data, and likely be a better solution:
However, since we're talking audio here, the processing cost may become really high very quickly...I think the only real bit exposed here is the floating point code shipped which calculates the audio samples. Wouldn't it have been a better idea to expose a pref which adds some noise into some of our floating point math instead of disabling the whole API
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
velkro
Re: Pref to disable webaudio API
Thanks for the reply, I think the AudioContext api is a huge privacy issue because the fingerprint is the same even if you clear the browser data or use incognito mone (test at : https://browserprint.info/). Tor browser just flat out disable it and firefox lets you too, since like you said the processing cost gets high if you add entropy to it.Moonchild wrote:From https://bugzilla.mozilla.org/show_bug.c ... 288359#c22
So disabling this really won't do much good (disabling this also provides entropy, after all).From what I can tell, the bit exposed here reveals the implementation of the browser engine, including which OS you're on, which is already exposed. Based on some testing, it seems that different versions of Firefox on the same machine all return the same "fingerprint", and even more interestingly, Chrome and Opera on the same machine also expose the same "fingerprint."
The other suggestion in that same comment would be in line with our canvas approach to poison data, and likely be a better solution:However, since we're talking audio here, the processing cost may become really high very quickly...I think the only real bit exposed here is the floating point code shipped which calculates the audio samples. Wouldn't it have been a better idea to expose a pref which adds some noise into some of our floating point math instead of disabling the whole API
Also top sites using it right now for tracking:
https://thehackernews.com/2016/05/audio ... print.html
Re: Pref to disable webaudio API
Please read and comprehend my previous reply.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
testator777
Re: Pref to disable webaudio API
If you really wanted to disable it then you could install canvasfingerprint blocker from the mozilla addons store using pale moon's tester tool if it is still up(it was up like four years ago). Doing that and disabling javascript will block audio fingerprinting. If you want no fingerprinting with javascript enabled you better fork pale moon and write the about:config parameter yourself.
There is not much someone can do with identifying the audio device you use besides being able to maybe find out the hardware and driver version you use. Which is difficult as you could change the audio driver or sound card if it's not integrated. Along with the person collecting the info would need to have a huge database of sound cards and driver version combinations beforehand. So unless you are extremely concerned with some random blog or google knowing that you use (insert random sound card found on countless motherboards here) then it's not a big deal.
There is not much someone can do with identifying the audio device you use besides being able to maybe find out the hardware and driver version you use. Which is difficult as you could change the audio driver or sound card if it's not integrated. Along with the person collecting the info would need to have a huge database of sound cards and driver version combinations beforehand. So unless you are extremely concerned with some random blog or google knowing that you use (insert random sound card found on countless motherboards here) then it's not a big deal.
It would be useful to dynamically disable the audio info/api for slight energy savings. For example I don't need it enabled to type this out on the forums, but yet it's enabled. Or like when a youtube page wants access to the audio. You could have a popup, like for fullscreen mode video, that blocks or gives permission to access the audio device or info. This feature would have to be manually enabled though as to not pester everyone else who doesn't care. Unless there are a large number of people who care but I don't know about that.Moonchild wrote:However, since we're talking audio here, the processing cost may become really high very quickly...
Re: Pref to disable webaudio API
The processing overhead I talked about was re: poisoning, not about enabling/disabling the API.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite