Group Project: Smudging your fingerprint
Forum rules
Tutorials and Howtos should only relate to developed software, and not to third party applications. e.g.: Don't post a generic Howto for configuring a firewall.
If you have a question how to do something, you should use one of the support boards, not this board. It is meant for people to document and post instructions.
Tutorials and Howtos should only relate to developed software, and not to third party applications. e.g.: Don't post a generic Howto for configuring a firewall.
If you have a question how to do something, you should use one of the support boards, not this board. It is meant for people to document and post instructions.
Group Project: Smudging your fingerprint
Free speech is under attack and many websites have moderation teams infiltrated with those opposed to it. One of the ways to make it harder for websites to permaban you is to make yourself less identifiable. Have a look at this website to get a idea of how identifiable you are. Using a prior version of Firefox and optimized for privacy I was able to get my completely functional browser down to a 1 in 128 computer commonality (~8 bits of identifying information). The best I've gotten with Palemoon is ~17 bits (1 in 100,000 commonality). Tell us your result here and let's use that information to formulate a strategy to help us all become more anonymous.
-
- Board Warrior
- Posts: 1325
- Joined: 2015-09-08, 22:54
- Location: 127.0.0.1
Re: Group Project: Smudging your fingerprint
Assuming you mean the one on the EFF website. I honestly haven't paid too much attention to it, because the easiest way to avoid fingerprinting is to use a browser that looks like everyone else's - one of the later versions of Chrome, standard headers, not blocking too many APIs. Also they ding you for not setting the DNT header, which is nonsense.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
-
- Pale Moon guru
- Posts: 35637
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Group Project: Smudging your fingerprint
Link fixed.
By the way, I make my browser fingerprint unique ON PURPOSE and present a different unique fingerprint every time. That, IMO, is the only way to combat fingerprinting and tracking by fingerprint. Smudging won't help because the way around it is simply to come up with another variable to check that is unique. What tracking needs is a unique enough fingerprint that doesn't change otherwise. Smudging might make you briefly less identifiable because you'll be part of a slightly less unique group, and might make you feel better, but isn't actually effective. The recent common-sense documentation that trying to hide by disabling APIs being counterproductive only underlines my point that unique is good, as long as you are a different entity every time.
As explained before, this also hurts the trackers directly because they will get nonsensical or useless data in their databases from unique fingerprints that will never be seen again; and it will be impossible (or at least very difficult) to distinguish valid-but-fake fingerprints from valid-and-real ones.
By the way, I make my browser fingerprint unique ON PURPOSE and present a different unique fingerprint every time. That, IMO, is the only way to combat fingerprinting and tracking by fingerprint. Smudging won't help because the way around it is simply to come up with another variable to check that is unique. What tracking needs is a unique enough fingerprint that doesn't change otherwise. Smudging might make you briefly less identifiable because you'll be part of a slightly less unique group, and might make you feel better, but isn't actually effective. The recent common-sense documentation that trying to hide by disabling APIs being counterproductive only underlines my point that unique is good, as long as you are a different entity every time.
As explained before, this also hurts the trackers directly because they will get nonsensical or useless data in their databases from unique fingerprints that will never be seen again; and it will be impossible (or at least very difficult) to distinguish valid-but-fake fingerprints from valid-and-real ones.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Group Project: Smudging your fingerprint
@Moonchild
Sometimes you read posts that completely change your perspective on things. Yours was one of those. Okay, so if I understood you, the idea is to make a completely unique and identifiable browser that is constantly changing. I'm assuming this means the use of a spoofing agent or some kind of browser randomizing. What's the extension set favored by Palemoon? I tried using the Canvas extension but it cripples my browsing
Sometimes you read posts that completely change your perspective on things. Yours was one of those. Okay, so if I understood you, the idea is to make a completely unique and identifiable browser that is constantly changing. I'm assuming this means the use of a spoofing agent or some kind of browser randomizing. What's the extension set favored by Palemoon? I tried using the Canvas extension but it cripples my browsing
-
- Pale Moon guru
- Posts: 35637
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Group Project: Smudging your fingerprint
You don't need to randomize much. Just a few things or maybe even just one thing which is commonly checked. Canvas hash is such a thing -- so, go into about:config and set canvas.poisondata to "true" and there you go, you're unique every time.
User agents should be left alone -- unfortunately this is used everywhere to determine browser capabilities in lieu of actual capability checking so randomizing that will break things much worse.
User agents should be left alone -- unfortunately this is used everywhere to determine browser capabilities in lieu of actual capability checking so randomizing that will break things much worse.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Group Project: Smudging your fingerprint
@Moonchild
Thanks, I set my canvas.poisondata to true and deleted my canvas extension. I'm guessing I will be vulnerable to identification within the same browser session but not when I restart my browser. Is this correct or will simply opening a new window suffice?
Thanks, I set my canvas.poisondata to true and deleted my canvas extension. I'm guessing I will be vulnerable to identification within the same browser session but not when I restart my browser. Is this correct or will simply opening a new window suffice?
-
- Astronaut
- Posts: 512
- Joined: 2015-08-23, 17:56
- Location: UK / France
Re: Group Project: Smudging your fingerprint
You don't even need a new window; it changes for every page reload / new tab too, if canvas is in use. You can verify that yourself at https://browserleaks.com/canvas.
Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything
Hint: If you expect a reply to your PM, allow replies...
Re: Group Project: Smudging your fingerprint
@Falna
HaHaHa, that's just beautifully elegant. Okay, so the only thing to worry about now is IP blocking, history cache and cookies. Cookies are easy to address, what's the preferred strategy for the others?
HaHaHa, that's just beautifully elegant. Okay, so the only thing to worry about now is IP blocking, history cache and cookies. Cookies are easy to address, what's the preferred strategy for the others?
-
- Moon Magic practitioner
- Posts: 2193
- Joined: 2018-05-05, 13:29
Re: Group Project: Smudging your fingerprint
proxy servers like anonymouse were used for that sort of thing on a forum i used to go to decades ago.
-
- Moon Magic practitioner
- Posts: 2859
- Joined: 2012-06-28, 01:20
Re: Group Project: Smudging your fingerprint
So this makes me curious . . . why isn't the default "true"?Moonchild wrote:
Canvas hash is such a thing -- so, go into about:config and set canvas.poisondata to "true" and there you go, you're unique every time.
-
- Board Warrior
- Posts: 1325
- Joined: 2015-09-08, 22:54
- Location: 127.0.0.1
Re: Group Project: Smudging your fingerprint
The pref can have performance issues when set to true, so it isn't always a good thing.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Re: Group Project: Smudging your fingerprint
Also, some of his can't afford to or don't want to waste all of our foil making hats no matter how snazzy they may be.
-
- Pale Moon guru
- Posts: 35637
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Group Project: Smudging your fingerprint
A warning about using proxy servers of any kind is that you may be making things worse. You'll be sending all of your traffic neatly bundled together through a single host that can monitor and record every page you visit. Using "public proxies" is therefore a huge risk of worse things than being tracked on websites.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Group Project: Smudging your fingerprint
No reason to doubt what you're saying anyway Moonchild, but I can absolutely believe that about proxies.
Re: Group Project: Smudging your fingerprint
I very much like my tin foil hats and I think they should be all the rage by now. I especially like the ones that name all the Senior Executive Service (see SES on aim4truth.org) members in all our political parties as the treasonous rodents they are. Those are truly the smartest ones
(prior text edited out)
Some of you may have noted from my posts that I'm a big fan of unhindered speech. Unfortunately, that has made me persona non-grata on many forums where I have been effective in providing people with truths closer to reality. Until people begin to understand how nonsensical the narrative permitting individual organizations or private citizens to bypass the HUMAN RIGHT TO SPEAK FREELY is, the ability to mask or misdirect an IP address is a critical tool of information warfare. You may attempt to silence me but my thoughts will be heard, one way or another. What do you guys use to keep your bookmarks from being read?
(prior text edited out)
Some of you may have noted from my posts that I'm a big fan of unhindered speech. Unfortunately, that has made me persona non-grata on many forums where I have been effective in providing people with truths closer to reality. Until people begin to understand how nonsensical the narrative permitting individual organizations or private citizens to bypass the HUMAN RIGHT TO SPEAK FREELY is, the ability to mask or misdirect an IP address is a critical tool of information warfare. You may attempt to silence me but my thoughts will be heard, one way or another. What do you guys use to keep your bookmarks from being read?
Last edited by gmaslin on 2019-05-12, 17:58, edited 2 times in total.
-
- Pale Moon guru
- Posts: 35637
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Group Project: Smudging your fingerprint
I do like to remind you at this point of Forum rule 1f:
Please keep your general post content on-topic, especially outside of the general discussions board.This forum focuses first and foremost on support and development of the Pale Moon browser.
Don't post politically, ideologically, religiously or socially sensitive topics on this forum, especially if they revolve around strong, polarized opinions and world views.
This to keep drama and heated tempers to a minimum.
If you want to discuss such topics, please go to dedicated fora for them. #
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Group Project: Smudging your fingerprint
Opera has a built-in VPN option that I believe is hosted on their servers. Is that better than a proxy?Moonchild wrote: ↑2019-05-12, 11:44A warning about using proxy servers of any kind is that you may be making things worse. You'll be sending all of your traffic neatly bundled together through a single host that can monitor and record every page you visit. Using "public proxies" is therefore a huge risk of worse things than being tracked on websites.