🌐 Website Issue | False anti-fingerprinting #1663

New Issue

Closed

opened 2020-01-25 15:27:43 +00:00 by smnthermes · 3 comments

smnthermes commented 2020-01-25 15:27:43 +00:00 (Migrated from github.com)

Copy Link

Description

privacy.trackingprotection.fingerprinting.enabled isn't a true anti-fingerprinting measure, but only a blocklist provided by Disconnect, therefore redundant with uBlock Origin filters.

## Description `privacy.trackingprotection.fingerprinting.enabled` isn't a true anti-fingerprinting measure, but only a blocklist provided by Disconnect, therefore redundant with uBlock Origin filters. <!-- ## Screenshots Please add screenshots if applicable -->

Mikaela commented 2020-01-26 14:12:44 +00:00 (Migrated from github.com)

Copy Link

Assuming that everyone is using µBlock Origin and will not look into extensions and tweaks separately?

Assuming that everyone is using µBlock Origin and will not look into extensions and tweaks separately?

Thorin-Oakenpants commented 2020-01-27 18:05:52 +00:00 (Migrated from github.com)

Copy Link

In Firefox, the UI uses the term fingerprinters - nowhere does it claim to spoof or block fingerprinting techniques themselves (e.g. JS/APIs). And nowhere does it say it is all inclusive. It is simply a mechanism to block some known fingerprinting scripts - and will get better in time (see OpenWMP initiatives).

The blocklist is not only a blocklist provided by Disconnect - it is also curated from OpenWPM crawls and research

The same can also be said of uBO. It too is not a true anti-fingerprinting measure - it too is simply a blocklist. IDK if anyone maintaining the filterlists for uBO incorporates the fingerprinters list from Mozilla - but even if they did .. and it was on by default ... not everyone uses uBO. I don't see a "fingerprinters" list on by default in UBO. I see a few in the built-in default ublock filters, but they're almost all identical except for the domain (I'm not an expert on filterlists).

here is a list - I just searched the ublock filters for the first three items 2leep, 33across and 365media and couldn't find them - they may be in another built-in filter list, but I'm not going to waste my time.

Additionally, not everyone uses uBO the same. What about users who disable it (e.g. the blue power button) or allow some third party scope (which lets in the fingerprinting script) on some site due to breakage (depending on their configuration).

And there are no compatibility issues - as long as ETP (Enhanced Tracking Protection) or UBO request a block, then it is blocked.

The assumption that Mikaela mentions you making is valid, and the suggestion you make is not.

+1trillion-bajillion-zillions for closing this as WONTFIX and a load of bollocks

In Firefox, the UI uses the term `fingerprinters` - nowhere does it claim to spoof or block fingerprinting techniques themselves (e.g. JS/APIs). And nowhere does it say it is all inclusive. It is simply a mechanism to block some known fingerprinting scripts - and will get better in time (see OpenWMP initiatives). The blocklist is not `only a blocklist provided by Disconnect` - it is also curated from OpenWPM crawls and research The same can also be said of uBO. It too is not `a true anti-fingerprinting measure` - it too is simply a blocklist. IDK if anyone maintaining the filterlists for uBO incorporates the fingerprinters list from Mozilla - but even if they did .. and it was on by default ... not everyone uses uBO. I don't see a "fingerprinters" list on by default in UBO. I see a few in the built-in default `ublock filters`, but they're almost all identical except for the domain (I'm not an expert on filterlists). [here](https://raw.githubusercontent.com/mozilla-services/shavar-prod-lists/7eaadac98bc9dcc95ce917eff7bbb21cb71484ec/disconnect-blacklist.json) is a list - I just searched the `ublock filters` for the first three items `2leep`, `33across` and `365media` and couldn't find them - they may be in another built-in filter list, but I'm not going to waste my time. Additionally, not everyone uses uBO the same. What about users who disable it (e.g. the blue power button) or allow some third party scope (which lets in the fingerprinting script) on some site due to breakage (depending on their configuration). And there are no compatibility issues - as long as ETP (Enhanced Tracking Protection) or UBO request a block, then it is blocked. The assumption that Mikaela mentions you making is valid, and the suggestion you make is not. +1trillion-bajillion-zillions for closing this as WONTFIX and a load of bollocks

Mikaela commented 2020-01-27 18:10:02 +00:00 (Migrated from github.com)

Copy Link

Closing as per previous comment. Thank you @Thorin-Oakenpants

Closing as per previous comment. Thank you @Thorin-Oakenpants

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

master

dependabot/bundler/nokogiri-1.13.6

dependabot/bundler/addressable-2.8.0

freddy-m-patch-3

pr-add_RemoveMyPhone_sponsor

pr-browser_cleanup_1257_1328_1430

freddy-m-patch-2

freddy-m-patch-1

pr-vpn_hated_one_video

cdn

update-nitrohorse-image

promote-metager-to-card

hardware

pr-add_azirevpn

pr-add_mailfence

shop

1673

pr/1658

i18n-simple

sponsorship-edits-nov2019

i18n

ipfs

blacklight447-ptio-patch-3

blog

remove-windows-icons

pr/1147

i18n-testing

add-beautify

Labels

Clear labels   

🔍🤖 Search Engines

  

approved

approved, waiting for a PR

  

dependencies

Pull requests that update a dependency file

  

duplicate

  

feedback wanted

  

high priority

  

I2P

The Invisible Internet Project (I2P)

  

iOS

  

low priority

  

OS

Operating Systems

  

Self-contained networks

  

Social media

  

stale

A label for stalebot if it gets added

  

streaming

Anything related to media streaming.

  

todo

  

Tor

Anything covering the Tor network

  

WIP

active work in progress, do not merge or PR (yet)!

  

wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  

XMPP

Extensible Messaging and Presence Protocol

  

[m]

Matrix protocol

  

₿ cryptocurrency

  

ℹ️ help wanted

  

↔️ file sharing

  

⚙️ web extensions

Browser Extension related issues

  

✨ enhancement

  

❌ software removal

  

💬 discussion

  

🤖 Android

  

🐛 bug

  

💢 conflicting

  

📝 correction

Correction of content on the website

  

🆘 critical

  

📧 email

  

🔒 file encryption

  

📁 file storage

  

🦊 Firefox

Firefox & forks, about:config etc.

  

💻 hardware

  

🌐 hosting

  

🏠 housekeeping

Anything primarily related to site cleanup.

  

🔐 password managers

  

🧰 productivity tools

  

🔎 research required

  

🌐 Social News Aggregators

  

🆕 software suggestion

  

👥 team chat

  

🔒 VPN

Virtual Private Network

  

🌐 website issue

*Technical* issues with the website.

  

🚫 Windows

  

👁️ browsers

  

🖊️ digital notebooks

  

🗄️ DNS

Domain Name System

  

🗨️ instant messaging (im)

  

🇦🇶 translations

Anything covering a translated version of the site

No Label

🔍🤖 Search Engines

approved

dependencies

duplicate

feedback wanted

high priority

I2P

iOS

low priority

OS

Self-contained networks

Social media

stale

streaming

todo

Tor

WIP

wontfix

XMPP

[m]

₿ cryptocurrency

ℹ️ help wanted

↔️ file sharing

⚙️ web extensions

✨ enhancement

❌ software removal

💬 discussion

🤖 Android

🐛 bug

💢 conflicting

📝 correction

🆘 critical

📧 email

🔒 file encryption

📁 file storage

🦊 Firefox

💻 hardware

🌐 hosting

🏠 housekeeping

🔐 password managers

🧰 productivity tools

🔎 research required

🌐 Social News Aggregators

🆕 software suggestion

👥 team chat

🔒 VPN

🌐 website issue

🚫 Windows

👁️ browsers

🖊️ digital notebooks

🗄️ DNS

🗨️ instant messaging (im)

🇦🇶 translations

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1663

No description provided.