Import Firefox's fingerprint resisting technology? Topic is solved

Discussions about the development and maturation of the platform code (UXP).
Warning: may contain highly-technical topics.

Moderators: trava90, athenian200

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-17, 19:07

I know Pale Moon has canvas poison in about:config but the fact is when I'm searching for fingerprint in about:config very little relevant results returned. Checking via amiunique.org Pale Moon is fully exposed itself. The site I'm most active in, Voz.vn, is a privacy nightmare. It not only track your fingerprint by it own it also use Cloudflare to identify you. We all want a way to escape this. The current way is using Firefox's built-in anti-fingerprint features enabled via about:config. Chrome is said to have extensions to do so but I'm not yet tried. I only tried a Chromium based browser advertised itself as has built-in ads and trackers blocking including resists fingerprint. The check result on amiunique.org is very bad. It's even expose itself more obviously than Pale Moon. Now I belive Chrome is a privacy nightmare. Even a privacy focused Chromium fork is that bad, how bad is Chrome itself about resisting fingerprint?

Long story sort, please consider importing firefox's fingerprint resisting technology. Thank you.

User avatar
andyprough
Astronaut
Astronaut
Posts: 688
Joined: 2020-05-31, 04:33

Re: Import Firefox's fingerprint resisting technology?

Unread post by andyprough » 2022-05-17, 20:08

A 2019 academic study found that Firefox and Chrome were equally ineffective with their default anti-fingerprinting techniques, and recommended Brave or Tor Browser instead: https://oadoi.org/10.1145/3308558.3313703
I don't know how much Firefox has advanced their technology in the past three years. I think if you look up similar studies by the authors of that study I linked to, you'll find that the authors have continued to monitor this technology.

As far as Pale Moon is concerned, the Canvas Blocker Legacy add-on is actually quite a good anti-fingerprinting tool in my experience: https://addons.palemoon.org/addon/canvasblocker-legacy/

Canvas Blocker Legacy WILL break some websites in my experience, so be prepared to have to tweak it or disable it sometimes. If you are using that addon, don't immediately think "I hate Pale Moon" when your sites won't work - it's very likely that the web pages refuse to work with the spoofed canvas being offered up by Canvas Blocker Legacy.

EDIT: If you find sites that won't work with Canvas Blocker Legacy, the add-on has a whitelist in its preferences where you can disable it on those sites.

Falna
Astronaut
Astronaut
Posts: 511
Joined: 2015-08-23, 17:56
Location: UK / France

Re: Import Firefox's fingerprint resisting technology?

Unread post by Falna » 2022-05-17, 21:12

VozFreeAccounts wrote:
2022-05-17, 19:07
Checking via amiunique.org Pale Moon is fully exposed itself.
If you've set canvas.poisondata to 'true', and if you're not storing cookies, then every time time you visit amiunique.org it will give you a different fingerprint - you'll be unique on every visit. Download their fingerprint each time and you can verify that.

Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything

Hint: If you expect a reply to your PM, allow replies...

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Re: Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-18, 07:42

Falna wrote:
2022-05-17, 21:12
VozFreeAccounts wrote:
2022-05-17, 19:07
Checking via amiunique.org Pale Moon is fully exposed itself.
If you've set canvas.poisondata to 'true', and if you're not storing cookies, then every time time you visit amiunique.org it will give you a different fingerprint - you'll be unique on every visit. Download their fingerprint each time and you can verify that.
You misunderstood it. Even if you use Firefox with resist fingerprint on or better LibreWolf the site still said you are unique. The problem is you should read the report in detail and you will see. Cavas fingerprint is the easiest to bypass. There are other fingerprinting technologies, too.

For example:

User agent (both from the browser reported by about:config and by JavaScript): Pale Moon is fully exposed, Firefox/LibreWolf will fake all of the values.

Content language: Pale Moon is also exposed, Firefox/LibreWolf will always fake itself as en-US.

Timezone: Pale Moon is exposed, Firefox/LibreWolf will always fake itself as in UTC.

List of fonts (Font fingerprinting technology): Pale Moon is fully exposed, Firefox/LibreWolf only reports a limited set of typical fonts that will available on any Windows systems, you will not be identified by the fonts on your Windows!

WebGL fingerprinting technology: Pale Moon is fully exposed, Firefox/LibreWolf will disable WebGL (or at least tell that WebGL is disabled/not available). Go to about:support and you will see it seems Firefox/LibreWolf disable hardware acceleration altogether. But I do not see any lost in performance when watching high definition videos on youtube, so it could be they reported the fake values altogether, hardware acceleration is still available.

These are the most important fingerprints, there are others, too. You should check yourself.

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Re: Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-18, 07:45

andyprough wrote:
2022-05-17, 20:08
A 2019 academic study found that Firefox and Chrome were equally ineffective with their default anti-fingerprinting techniques, and recommended Brave or Tor Browser instead: https://oadoi.org/10.1145/3308558.3313703
I don't know how much Firefox has advanced their technology in the past three years. I think if you look up similar studies by the authors of that study I linked to, you'll find that the authors have continued to monitor this technology.

As far as Pale Moon is concerned, the Canvas Blocker Legacy add-on is actually quite a good anti-fingerprinting tool in my experience: https://addons.palemoon.org/addon/canvasblocker-legacy/

Canvas Blocker Legacy WILL break some websites in my experience, so be prepared to have to tweak it or disable it sometimes. If you are using that addon, don't immediately think "I hate Pale Moon" when your sites won't work - it's very likely that the web pages refuse to work with the spoofed canvas being offered up by Canvas Blocker Legacy.

EDIT: If you find sites that won't work with Canvas Blocker Legacy, the add-on has a whitelist in its preferences where you can disable it on those sites.
Your information is way too outdated. You should update your knowledge. It's impossible to explain to you if you don't actually test both Firefox with resist fingerprint on, LibreWolf and Pale Moon and do the conclusion yourself. You searched for turn on resist fingerprint on Firefox the Mozilla article will show up the guide you how to.

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: Import Firefox's fingerprint resisting technology?

Unread post by moonbat » 2022-05-18, 08:41

VozFreeAccounts wrote:
2022-05-18, 07:45
Your information is way too outdated.
And yet you're the one who even started this thread without bothering to search the forums first and finding out that canvas blocking has been in PM for ages :roll:

Go here with canvas.poisondata enabled and you'll find that every time you refresh the page a different canvas identifier is generated.

Configure an adblocker with proper filters to block 3rd party trackers and scripts, that 's the best way to minimize being tracked. Otherwise the most 100% effective way to not be tracked is to stay off the internet altogether.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 195
Joined: 2020-03-02, 16:04

Re: Import Firefox's fingerprint resisting technology?

Unread post by Nuck-TH » 2022-05-18, 09:45

Even more - mentioned technologies from Firefox should be called "break stuff technologies", because they can and will break sites(especially useragent one), cause visual issues(font one) or impact usability(language, timezone and hardware acceleration ones) more than thwart actual fingerprinting.

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Re: Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-18, 10:48

Nuck-TH wrote:
2022-05-18, 09:45
Even more - mentioned technologies from Firefox should be called "break stuff technologies", because they can and will break sites(especially useragent one), cause visual issues(font one) or impact usability(language, timezone and hardware acceleration ones) more than thwart actual fingerprinting.
The only thing that breaks every web pages is Pale Moon's very own Secret Agent addons (https://www.dephormation.org.uk/?page=81). It changed the browser too deep that after testing it for some minutes I decided to nuke the old Pale Moon profile to continue with a new one.

Firefox's most problematic feature that really breaks pages is Enhanced Tracking Protection. This feature has nothing to do with resist fingerprint. This feature is on by default. Resist fingerprint you have to turn on manually via about:config.

I don't know why you hate everything Firefox but the fact is it resist fingerprint feature doesn't break sites. I recorded no sites being broken. About user agent, only Pale Moon's Secret Agent introduces obscure user agents that completely breaks my browsing experience. Firefox set the user agent to the latest stable Firefox ESR (91.0 at the moment), so there is no breakages at all.

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Re: Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-18, 10:57

moonbat wrote:
2022-05-18, 08:41
VozFreeAccounts wrote:
2022-05-18, 07:45
Your information is way too outdated.
And yet you're the one who even started this thread without bothering to search the forums first and finding out that canvas blocking has been in PM for ages :roll:

Go here with canvas.poisondata enabled and you'll find that every time you refresh the page a different canvas identifier is generated.
You seem like to talk before doing actual research, pretending to be knowledgeable on the problem you don't know. Canvas fingerprint is the easiest type of fingerprint to bypass. There are other fingerprint techniques such as fonts fingerprint, WebGL fingerprints,... that I have listed in details. Pale Moon's preliminary canvas poison I also mentioned and clearly stated has no effect in the overall because other fingerprints such as fonts, timezone, locale,... still exposed.

Pale Moon's anti-fingerprint feature is very primitive. I asked you to bring new improvements from Firefox. You answered me like I'm a fool don't know to search before asking but indeed that fool is you.
moonbat wrote:
2022-05-18, 08:41
Configure an adblocker with proper filters to block 3rd party trackers and scripts, that 's the best way to minimize being tracked. Otherwise the most 100% effective way to not be tracked is to stay off the internet altogether.
Saying those words proved our boy has no idea what is the different between fingerprinting and tracking. Sorry Mr. Loud Mouth, you are now on my ignore list. It seems being polite and respect each other is not on your dictionary.

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: Import Firefox's fingerprint resisting technology?

Unread post by moonbat » 2022-05-18, 11:09

VozFreeAccounts wrote:
2022-05-18, 10:57
It seems being polite and respect each other is not on your dictionary.
Yeah, you have been so polite so far in responding to others.
Anyway, good riddance.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Re: Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-18, 12:45

moonbat wrote:
2022-05-18, 11:09
VozFreeAccounts wrote:
2022-05-18, 10:57
It seems being polite and respect each other is not on your dictionary.
Yeah, you have been so polite so far in responding to others.
Anyway, good riddance.
You are rude first. You get what you deserve.

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Re: Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-18, 12:53

Anyone participating in this discussion please update your knowledge first. Canvas fingerprint is not the only way of doing fingerprint and canvas fingerprint is indeed the easiest to bypass now. What to be so proud if you are the first to add canvas poison? Is it change the fact you are still being exposed by other techniques as fonts fingerprint? No. Absolutely no. You need to update to better deal with newer fingerprint techniques. Telling others to shut up and off from the internet to not being tracked can't change the fact you are falling behind.

Feared of sites breakup? Nope. Even on Firefox resist fingerprint needs to be manually turned on via about:config. People know what they are going to do. Hope it helps.

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 195
Joined: 2020-03-02, 16:04

Re: Import Firefox's fingerprint resisting technology?

Unread post by Nuck-TH » 2022-05-18, 13:04

At the very least developers currently has better things to do. Like improving web compatibility.

Also, as previously stated, blocking 3rd party domains and scripts would yield better results, because tracking is often isn't 1st party(google analytics and other simmilar stuff are main offenders).
If you want more - it's generally better to use specialized software like tor browser(which, surprise, will also need configuration and proper careful use to keep anonymity).

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Import Firefox's fingerprint resisting technology?

Unread post by Moonchild » 2022-05-18, 13:19

OK, let me step in here.
  • Calm your tits. Getting all a-huff about this serves nobody.
  • Firefox's "resist fingerprinting" is not so much a "technology" but rather a collection of hacks all shoved under a single label, many of them rooted in detrimental patches from the Tor browser project. As such there is no way we could "import this technology" since it is diverse. In addition we would not want most of the patches because...
  • Blocking fingerprinting in many cases equals blocking useful Web APIs and browser features that are in use for their legitimate, designed purpose on many websites.
  • When you are not providing trackers with any indication whether the browser's data is legitimate or not, they have no choice but to consider your identification unique - this is exceedingly effective in both bloating tracking databases with bogus data and decoupling one session from the next. Being uniquely identified is a good thing, if you are a different kind of unique every time.
  • Poisoning the overall browser fingerprint with just a few well-placed bits of fake data will effectively invalidate the entire fingerprint. Contrary to what you may believe it is therefore not at all necessary to counter any and all fingerprinting parameters, and it doesn't matter whether other fingerprinting variables still provide uniqueness or not.
  • With the advent and implementation of GPC in Pale Moon, we additionally now have a legal framework backing the selling/sharing of data, so even if fingerprinting might be successful, the signal will prevent trackers from legally using the data.
Making sweeping statements in this thread about people needing to "update their knowledge" puts you on a pretty high pedestal. Careful you don't trip and fall off of it.

Now, everyone please calm down. Make up your own mind and form your own opinions about the arms race fingerprinting and tracking is. Decide whether you want to use Pale Moon or not, but don't expect that I'll be a mindless follower of trends when it comes to feature-impacting changes, especially when we have bigger fish to fry.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
andyprough
Astronaut
Astronaut
Posts: 688
Joined: 2020-05-31, 04:33

Re: Import Firefox's fingerprint resisting technology?

Unread post by andyprough » 2022-05-18, 13:42

VozFreeAccounts wrote:
2022-05-18, 07:45
Your information is way too outdated. You should update your knowledge.
Agreed. After doing some reading this morning, looks like the latest thing the researchers have been somewhat happy with is a Firefox and Chrome extension some of them have recently created called JShelter. In the 2022 paper which announces JShelter, the researchers show a number of flaws in Firefox's built-in anti-fingerprinting: https://arxiv.org/abs/2204.01392

The next big thing in anti-fingerprinting will probably implement a new javascript taint anaysis technology called FPFlow: https://link.springer.com/chapter/10.10 ... 4#ref-CR10

I tried Pale Moon with Canvas Blocker Legacy on amiunique.org, and I rather like the inability of amiunique to accurately determine many of my browser and machine's characteristics. Your mileage may vary.

If you are going to stay on Firefox, I'd recommend checking out the JShelter extension, or my personal favorite the Chameleon extension, which is very good at spoofing nearly all of the fingerprinted characteristics.

Good luck with attempting to insult everyone else who tries to interact with you on this forum, hope that works out for you.

User avatar
fatboy
Astronaut
Astronaut
Posts: 556
Joined: 2017-12-19, 08:03
Location: Canada

Re: Import Firefox's fingerprint resisting technology?

Unread post by fatboy » 2022-05-18, 14:18

I think the best solution is to expand the canvas poisoning tool to other attributes that can be fingerprinted. I know browsers can be fingerprinted without JS these days.
The fingerprinting technique which worries me the most is the font fingerprinting technique, which the Legacy Canvas addon don't cover.

Just my 2c.
Systemd Free - MX Linux, Antix Linux & Artix Linux

User avatar
VozFreeAccounts
Apollo supporter
Apollo supporter
Posts: 32
Joined: 2022-05-17, 16:58

Re: Import Firefox's fingerprint resisting technology?

Unread post by VozFreeAccounts » 2022-05-18, 15:28

fatboy wrote:
2022-05-18, 14:18
I think the best solution is to expand the canvas poisoning tool to other attributes that can be fingerprinted. I know browsers can be fingerprinted without JS these days.
The fingerprinting technique which worries me the most is the font fingerprinting technique, which the Legacy Canvas addon don't cover.

Just my 2c.
Yes, fonts fingerprinting. There should be preferences in about:config to workaround it.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Import Firefox's fingerprint resisting technology?

Unread post by Moonchild » 2022-05-18, 17:32

If you feel it's so important, then feel free to do some research what exactly needs to change for font fingerprinting to be stopped, how to implement this change, and then create a patch proposal to have a look at. I suggest you start by finding and having a look at the Firefox/bugzilla bugs that implement the behaviour you seem to want.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
fatboy
Astronaut
Astronaut
Posts: 556
Joined: 2017-12-19, 08:03
Location: Canada

Re: Import Firefox's fingerprint resisting technology?

Unread post by fatboy » 2022-05-18, 17:53

I should probably give some links:

1) Font Fingerprinting
https://browserleaks.com/fonts

2) No JS fingerprinting
https://noscriptfingerprint.com/

I have yet to do some research on #2, but it concerns me.

Other types of fingerprinting that is concerning:

3) https://browserleaks.com/features

4) https://browserleaks.com/javascript
Systemd Free - MX Linux, Antix Linux & Artix Linux

Locked