Group Project: Smudging your fingerprint

Post your tutorials for using applications or performing related tasks here.
Note: Not for "how do I...?" Questions!
Forum rules
Tutorials and Howtos should only relate to developed software, and not to third party applications. e.g.: Don't post a generic Howto for configuring a firewall.
If you have a question how to do something, you should use one of the support boards, not this board. It is meant for people to document and post instructions.
gmaslin

Group Project: Smudging your fingerprint

Unread post by gmaslin » 2019-05-09, 18:40

Free speech is under attack and many websites have moderation teams infiltrated with those opposed to it. One of the ways to make it harder for websites to permaban you is to make yourself less identifiable. Have a look at this website to get a idea of how identifiable you are. Using a prior version of Firefox and optimized for privacy I was able to get my completely functional browser down to a 1 in 128 computer commonality (~8 bits of identifying information). The best I've gotten with Palemoon is ~17 bits (1 in 100,000 commonality). Tell us your result here and let's use that information to formulate a strategy to help us all become more anonymous.

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Group Project: Smudging your fingerprint

Unread post by Isengrim » 2019-05-09, 21:54

Assuming you mean the one on the EFF website. I honestly haven't paid too much attention to it, because the easiest way to avoid fingerprinting is to use a browser that looks like everyone else's - one of the later versions of Chrome, standard headers, not blocking too many APIs. Also they ding you for not setting the DNT header, which is nonsense.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

John connor

Re: Group Project: Smudging your fingerprint

Unread post by John connor » 2019-05-10, 04:31

Your link links back here.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Group Project: Smudging your fingerprint

Unread post by Moonchild » 2019-05-10, 14:23

Link fixed.

By the way, I make my browser fingerprint unique ON PURPOSE and present a different unique fingerprint every time. That, IMO, is the only way to combat fingerprinting and tracking by fingerprint. Smudging won't help because the way around it is simply to come up with another variable to check that is unique. What tracking needs is a unique enough fingerprint that doesn't change otherwise. Smudging might make you briefly less identifiable because you'll be part of a slightly less unique group, and might make you feel better, but isn't actually effective. The recent common-sense documentation that trying to hide by disabling APIs being counterproductive only underlines my point that unique is good, as long as you are a different entity every time.

As explained before, this also hurts the trackers directly because they will get nonsensical or useless data in their databases from unique fingerprints that will never be seen again; and it will be impossible (or at least very difficult) to distinguish valid-but-fake fingerprints from valid-and-real ones.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

gmaslin

Re: Group Project: Smudging your fingerprint

Unread post by gmaslin » 2019-05-10, 14:35

@Moonchild
Sometimes you read posts that completely change your perspective on things. Yours was one of those. Okay, so if I understood you, the idea is to make a completely unique and identifiable browser that is constantly changing. I'm assuming this means the use of a spoofing agent or some kind of browser randomizing. What's the extension set favored by Palemoon? I tried using the Canvas extension but it cripples my browsing

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Group Project: Smudging your fingerprint

Unread post by Moonchild » 2019-05-10, 14:54

You don't need to randomize much. Just a few things or maybe even just one thing which is commonly checked. Canvas hash is such a thing -- so, go into about:config and set canvas.poisondata to "true" and there you go, you're unique every time.
User agents should be left alone -- unfortunately this is used everywhere to determine browser capabilities in lieu of actual capability checking so randomizing that will break things much worse.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

gmaslin

Re: Group Project: Smudging your fingerprint

Unread post by gmaslin » 2019-05-10, 18:51

@Moonchild
Thanks, I set my canvas.poisondata to true and deleted my canvas extension. I'm guessing I will be vulnerable to identification within the same browser session but not when I restart my browser. Is this correct or will simply opening a new window suffice?

Falna
Astronaut
Astronaut
Posts: 511
Joined: 2015-08-23, 17:56
Location: UK / France

Re: Group Project: Smudging your fingerprint

Unread post by Falna » 2019-05-11, 00:42

You don't even need a new window; it changes for every page reload / new tab too, if canvas is in use. You can verify that yourself at https://browserleaks.com/canvas.

Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything

Hint: If you expect a reply to your PM, allow replies...

gmaslin

Re: Group Project: Smudging your fingerprint

Unread post by gmaslin » 2019-05-11, 17:30

@Falna
HaHaHa, that's just beautifully elegant. Okay, so the only thing to worry about now is IP blocking, history cache and cookies. Cookies are easy to address, what's the preferred strategy for the others?

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2181
Joined: 2018-05-05, 13:29

Re: Group Project: Smudging your fingerprint

Unread post by vannilla » 2019-05-11, 18:52

gmaslin wrote:
2019-05-11, 17:30
IP blocking
The only way to stop someone from knowing your IP address is to not use the IP address, i.e. stop using the Internet.
What would hiding your address accomplish anyway?

moonie

Re: Group Project: Smudging your fingerprint

Unread post by moonie » 2019-05-12, 01:38

proxy servers like anonymouse were used for that sort of thing on a forum i used to go to decades ago.

User avatar
ron_1
Moon Magic practitioner
Moon Magic practitioner
Posts: 2851
Joined: 2012-06-28, 01:20

Re: Group Project: Smudging your fingerprint

Unread post by ron_1 » 2019-05-12, 02:00

Moonchild wrote:
Canvas hash is such a thing -- so, go into about:config and set canvas.poisondata to "true" and there you go, you're unique every time.
So this makes me curious . . . why isn't the default "true"?

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Group Project: Smudging your fingerprint

Unread post by Isengrim » 2019-05-12, 04:17

ron_1 wrote:
2019-05-12, 02:00
So this makes me curious . . . why isn't the default "true"?
The pref can have performance issues when set to true, so it isn't always a good thing.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

New Tobin Paradigm

Re: Group Project: Smudging your fingerprint

Unread post by New Tobin Paradigm » 2019-05-12, 04:24

Also, some of his can't afford to or don't want to waste all of our foil making hats no matter how snazzy they may be.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Group Project: Smudging your fingerprint

Unread post by Moonchild » 2019-05-12, 11:44

moonie wrote:
2019-05-12, 01:38
proxy servers like anonymouse were used for that sort of thing on a forum i used to go to decades ago.
A warning about using proxy servers of any kind is that you may be making things worse. You'll be sending all of your traffic neatly bundled together through a single host that can monitor and record every page you visit. Using "public proxies" is therefore a huge risk of worse things than being tracked on websites.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

moonie

Re: Group Project: Smudging your fingerprint

Unread post by moonie » 2019-05-12, 12:18

No reason to doubt what you're saying anyway Moonchild, but I can absolutely believe that about proxies.

gmaslin

Re: Group Project: Smudging your fingerprint

Unread post by gmaslin » 2019-05-12, 17:51

I very much like my tin foil hats and I think they should be all the rage by now. I especially like the ones that name all the Senior Executive Service (see SES on aim4truth.org) members in all our political parties as the treasonous rodents they are. Those are truly the smartest ones :)

(prior text edited out)

Some of you may have noted from my posts that I'm a big fan of unhindered speech. Unfortunately, that has made me persona non-grata on many forums where I have been effective in providing people with truths closer to reality. Until people begin to understand how nonsensical the narrative permitting individual organizations or private citizens to bypass the HUMAN RIGHT TO SPEAK FREELY is, the ability to mask or misdirect an IP address is a critical tool of information warfare. You may attempt to silence me but my thoughts will be heard, one way or another. What do you guys use to keep your bookmarks from being read?
Last edited by gmaslin on 2019-05-12, 17:58, edited 2 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Group Project: Smudging your fingerprint

Unread post by Moonchild » 2019-05-12, 17:55

I do like to remind you at this point of Forum rule 1f:
This forum focuses first and foremost on support and development of the Pale Moon browser.
Don't post politically, ideologically, religiously or socially sensitive topics on this forum, especially if they revolve around strong, polarized opinions and world views.
This to keep drama and heated tempers to a minimum.

If you want to discuss such topics, please go to dedicated fora for them. #
Please keep your general post content on-topic, especially outside of the general discussions board.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

rfm12

Re: Group Project: Smudging your fingerprint

Unread post by rfm12 » 2019-11-02, 02:54

Moonchild wrote:
2019-05-12, 11:44
moonie wrote:
2019-05-12, 01:38
proxy servers like anonymouse were used for that sort of thing on a forum i used to go to decades ago.
A warning about using proxy servers of any kind is that you may be making things worse. You'll be sending all of your traffic neatly bundled together through a single host that can monitor and record every page you visit. Using "public proxies" is therefore a huge risk of worse things than being tracked on websites.
Opera has a built-in VPN option that I believe is hosted on their servers. Is that better than a proxy?

New Tobin Paradigm

Re: Group Project: Smudging your fingerprint

Unread post by New Tobin Paradigm » 2019-11-02, 03:30

God no.

Locked