Now this is Scarey

General discussion and chat (archived)

Moderator: satrow

User avatar
TwoTankAmin
Astronaut
Astronaut
Posts: 745
Joined: 2014-07-23, 13:56
Location: New York

Now this is Scarey

Unread post by TwoTankAmin » 2017-02-14, 14:48

I just finished reading this article. The result is I now wonder why it really matters what browser any of us use? What might make any of the alternative browsers any safer or protective of ones privacy if what this Ars Technica article says is true?

Now sites can fingerprint you online even when you use multiple browsers
Online tracking gets more accurate and harder to evade.

Dan Goodin - 2/13/2017, 8:01 PM

https://arstechnica.com/security/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/

I guess what I am asking, is what defense against the above would be possible using Pale Moon, if there is any defense possible. Who among us has never changed a single default setting in a browser?
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1072
Joined: 2014-02-02, 22:15
Location: Chicago, IL, USA

Re: Now this is Scarey

Unread post by Nigaikaze » 2017-02-14, 14:58

TwoTankAmin wrote:I guess what I am asking, is what defense against the above would be possible using Pale Moon
Ars Technica wrote:The new tracking technique relies on JavaScript code that's compact enough to run quickly in the background while visitors are focused on a specific task
Disable JavaScript. But that, in turn, will break a lot of sites, so it's not exactly a practical solution.
Nichi nichi kore ko jitsu = Every day is a good day.

User avatar
TwoTankAmin
Astronaut
Astronaut
Posts: 745
Joined: 2014-07-23, 13:56
Location: New York

Re: Now this is Scarey

Unread post by TwoTankAmin » 2017-02-14, 18:04

I figured out the Java part. And since the "only use the browser default settings" solution is not practical either, we, the users, are once again forked.

However, I wonder about the Java part. Not being knowledgeable, I wonder if there is a way to identify the Java thingie that runs and then create a block for that? What if one sets Java to ask to run, would one be able see what it is asking to run and block it when it is that?

What I also wonder about is this, I have been online (vie the internet) since late 1998. I do make an effort to block ads and to make tracking me as much work as i am able. I know that I cannot succeed in this effort. However, either I am not worth directing ads at or else my efforts have worked. The one clear trail that relates to me on the net since early 2001 relates to keeping tropical fish. But I never get directed ads related them. Maybe what is known about me is that I never ever click on ads or that all my history usually shows is visits to fish related sites. I also assume that the fewer add-ons and/or apps one has, the less unique you look.

I must be doing something right since my bank regularly requires that I re-identify myself as my device configuration is unfamiliar to them. It happens less than it used to, but it still happens.
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1072
Joined: 2014-02-02, 22:15
Location: Chicago, IL, USA

Re: Now this is Scarey

Unread post by Nigaikaze » 2017-02-14, 18:12

Alas, Java != JavaScript. Setting the Java plugin to "ask to activate" won't prevent JavaScript from running.

PM Commander gives you an easy option to completely disable JavaScript, but the warning there says that "will cripple your browsing experience and make many websites dysfunctional."

If the particular script can be identified, an extension like NoScript should be able to block it. Unless, of course, they incorporated this new tracking technique into a script that is required to run to make the website functional.
Nichi nichi kore ko jitsu = Every day is a good day.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1267
Joined: 2015-07-23, 16:09
Location: Norway

Re: Now this is Scarey

Unread post by Tomaso » 2017-02-14, 18:46

At least, PM's 'canvas.poisondata' feature completely destroys their canvas test.
This alone will ensure a different browser fingerprint ID string every time.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24238
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Now this is Scarey

Unread post by Moonchild » 2017-02-14, 19:34

I think it underlines that what I've always said comes out to be a smarter approach: By all means, be unique in your fingerprints, and be unique every time -- it works much better than trying to erase your fingerprints to "blend in".

Think of it this way: most browsers try to evade fingerprinting by "putting on the same clothes as others", trying to make one blend in to the masses. The problem is, the people recognizing you as an individual will just ignore the clothes and look for other distinguishing marks instead, like a hat. Which becomes pretty easy if the rest is all the same.
Now compare this with changing your fingerprint every time, meaning you put on different clothes each time (and so do others). Looking over a crowd of people, how easy will it be to spot that unique individual now, even if they wear the same hat as last time?

I hope the analogy makes sense.

So yes, ultimately, making yourself unique, and making yourself unique every time is going to be the best way to fool trackers. How exactly you do that without crippling yourself is a different question, of course, but not in any way more difficult to answer than the question how to blend in without crippling yourself (because using nothing but default settings is crippling too).
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

joe04
Lunatic
Lunatic
Posts: 259
Joined: 2015-09-28, 16:38
Location: US
Contact:

Re: Now this is Scarey

Unread post by joe04 » 2017-02-14, 19:38

This is actually nothing new. The crux of what these academics did was WebGL (3D graphics library that's part of PM and other browsers) fingerprinting.

In about:config disable known types of graphics fingerprinting:
webgl.disabled = true
canvas.poisondata = true

Then use this simple Webgl test page to verify it's enabled/disabled.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24238
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Now this is Scarey

Unread post by Moonchild » 2017-02-14, 19:43

WebGL is, however, useful.

Depending on how they read back the rendered image, using canvas.poisondata might already be enough (if it's WebGL in a canvas (which would be the most straightforward way of using WebGL) and the fingerprinter reading out the canvas data to see how it's rendered, poisoning that data will effectively destroy the hashing by making every visit unique).
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
TwoTankAmin
Astronaut
Astronaut
Posts: 745
Joined: 2014-07-23, 13:56
Location: New York

Re: Now this is Scarey

Unread post by TwoTankAmin » 2017-02-14, 21:09

I just took a quick look in about:config. I almost never go there and even less often will I try to change, delete or add things. I did a search for both those settings. The canvas.poisondata one is set to true by default and webGl.disable one is set to false.

If I am understanding this all, I should not want to change either of those settings?

Using the internet used to be fun, now it it is becoming mostly a challenge :(
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson

joe04
Lunatic
Lunatic
Posts: 259
Joined: 2015-09-28, 16:38
Location: US
Contact:

Re: Now this is Scarey

Unread post by joe04 » 2017-02-14, 21:54

WebGL enable/disable is a personal decision. I have zero need for it, so it's a no-brainer for me to disable it and thus have the peace of mind knowing graphics fingerprinting is blocked.

If any site I come across in the future needs WebGL I can simply paste the URL into Chrome; my recent 27.1 review describes my dual-browser usage.

kizo07

Re: Now this is Scarey

Unread post by kizo07 » 2017-02-14, 22:27

'Give a man a fish and you feed him for a day; Teach him security on the Internet, and he will be protected against phishing!' - Pale Moon proverb

Yes TTA, You have understood right. You are safe! :)

Latitude
Banned user
Banned user
Posts: 597
Joined: 2016-03-21, 18:28

Re: Now this is Scarey

Unread post by Latitude » 2017-02-15, 04:43

TwoTankAmin wrote:I just finished reading this article. The result is I now wonder why it really matters what browser any of us use? What might make any of the alternative browsers any safer or protective of ones privacy if what this Ars Technica article says is true?

Now sites can fingerprint you online even when you use multiple browsers
Online tracking gets more accurate and harder to evade.

Dan Goodin - 2/13/2017, 8:01 PM

https://arstechnica.com/security/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/

I guess what I am asking, is what defense against the above would be possible using Pale Moon, if there is any defense possible. Who among us has never changed a single default setting in a browser?
There is something scarier than this. Human chipping.
This would eventually happen along with the fast development of transhumanist technology and the emergence of cashless society.

User avatar
Fedor2
Astronaut
Astronaut
Posts: 655
Joined: 2016-04-11, 01:26

Re: Now this is Scarey

Unread post by Fedor2 » 2017-02-15, 12:44

Similar topic was discussed there https://forum.palemoon.org/viewtopic.php?f=4&t=12525

Hiding only a browser is useless
http://www.momtastic.com/parenting/4712 ... eek-fails/

I consider that problem is not of the fingerprinting, but of the web usage aggregation. In the meantime its relatively easy to break it with the Pale moon and certain extensions, many times discussed here in the forum. I remind it once more: ublock with enabled Anti-ThirdpartySocial list enbled, in addition to other lists, or similar; decentraleyes as well. Of course you have to stop doing likes on facebook or youtube.

User avatar
TwoTankAmin
Astronaut
Astronaut
Posts: 745
Joined: 2014-07-23, 13:56
Location: New York

Re: Now this is Scarey

Unread post by TwoTankAmin » 2017-02-15, 15:48

I am not now, nor have I ever been nor will I ever register on nor have an account with:
Any social media- FaceBook, Twitter, etc.
Google or any of its parts such as Youtube.
Any app store- never visited one.

I do not use messenger programs/apps and never have.
I mostly do not allow Flash player to run.
I do not now nor have I ever owned a smart phone.
I use Win 7 with all telemetry turned off.
I download very little. My 4+ year old HD shows this: Size 931.41 GB (1,000,097,181,696 bytes) -- Free Space 773.09 GB (830,103,756,800 bytes)
My 8 extensions are mostly for anti-tracking and ad blocking, 3 are for making minor changes to restore a few features removed from FF or P M. The last new one I added was P M Commander when I moved to this browser from FF ver 28 in 2014.

I am not sure what more I can do to protect my privacy except to stop going online at all. That is not an option.
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson

kizo07

Re: Now this is Scarey

Unread post by kizo07 » 2017-02-15, 18:02

I think, online life can be actually very scary, on other hand I like it. Probably because there is an element of danger involved.

User avatar
TwoTankAmin
Astronaut
Astronaut
Posts: 745
Joined: 2014-07-23, 13:56
Location: New York

Re: Now this is Scarey

Unread post by TwoTankAmin » 2017-02-15, 20:42

Umm- there is no such thing as life online. If you think online is scary, go join the military, become a police officer, be a fireman. Those things are scarey. Online is an excuse for life, not real life. And computer games are not a sport.....

Online is invasive, that is not scarey until it is too late.
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson

kizo07

Re: Now this is Scarey

Unread post by kizo07 » 2017-02-15, 21:07

My rule online is simple, I trust everybody.
You can do everything you can to try to stop bad things from happening to you, but eventually things will happen, so the best prevention is a positive attitude.
But, when in doubt poke it with a stick ;)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24238
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Now this is Scarey

Unread post by Moonchild » 2017-02-16, 10:12

kizo07 wrote:when in doubt poke it with a stick
This is the smartest thing said in this entire thread.
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
TwoTankAmin
Astronaut
Astronaut
Posts: 745
Joined: 2014-07-23, 13:56
Location: New York

Re: Now this is Scarey

Unread post by TwoTankAmin » 2017-02-16, 15:20

Poke it with a stick??? Give that a try with a hornet's nest and let me know how well that works for you :lol:

When I was a lot younger my father often used to comment that. "The road to hell is paved with good intentions."
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson

kizo07

Re: Now this is Scarey

Unread post by kizo07 » 2017-02-16, 15:56

TwoTankAmin wrote:to comment that
Somebody, in Denmark, many years ago, said:
There are not, either angels or devils, but thinking makes it so. For some it is as prison.

Locked