🆕 Software Suggestion | Trace - anti fingerprint #1801
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1801
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I would like to suggest the Trace browser extension,
the feature rich anti-browser fingerprint extension,
https://github.com/jake-cryptic/AbsoluteDoubleTrace/
https://absolutedouble.co.uk/trace/
https://addons.mozilla.org/en-US/firefox/addon/absolutedouble-trace/
Trace is the best of the best for making Firefox anti-fingerprint-able. Compared to others like CanvasBlocker or Chameleon, Trace is very feature rich, and more exhaustive.
I am making this suggestion because browser fingerprinting, similarly to cookies and IP address, are the ways website are able to track you.
I had the honour of contacting the developer (email) to report 2 fingerprinting aspects Trace is yet to adequately defend against, CSS screen size (different from other screen size tests) and Character Sizes. I used the browserprint.info site to test and find these weaknesses. It was the most sophisticated browser fingerprint tester I've ever seen, but the website is since down. Github: https://github.com/CryptoCubik/browserprint
My connection with the software
I am enthusiastic about the software as I was an early user and I want to spread the news as I believe it is a great project.
Using browser add-ons against fingerprint doesn't help as the add-on itself increase the fingerprint.
This need to be done at browser level and enabled by default so all user have same config instead of create your own, unique fingerprint
There are two ways to resist browser fingerprinting. One, by having a common fingerprint (what you are referring to). And two, by spoofing and changing your fingerprint frequently (what Trace does).
I am suggesting Trace for privacy.resistFingerprinting doesn't give you a common enough fingerprint.
First of all, no disrespects to the developer: this is just my opinion, and I haven't really deep dived this extension, but I have looked at it a few times in the past .. and my conclusion is
So I installed it in practically a vanilla profile on Firefox Nightly, and immediately found several flaws without even looking very hard: here's some
^^ all that in 10 minutes
I'm not even going to dig any deeper. It's all well and good to protect against some methods, but you need to protect against all of them. I'd hate to see what exactly really leaks in his canvas, webgl, domrect, audio. Because if he can't even get something as basic as navigator properties right, then I doubt the other measures are any good.
And to be frank (without changing my name), when I see protection for Battery listed, I just cringe. The Battery API has been inaccessible to web content since Firefox 52 - that's over three years ago 2017-March-07 - here's the proof
I had a quick look at the repo: the dev seems to think he can block font fingerprinting (yeah, nah!). And I don't know why you would think he could block css screen leaks
There's so much more I could say, but let's just leave it at that.
tl;dr: I wouldn't touch it with a barge-pole ... social distancing and all
That's not very comprehensive or sophisticated, sorry. At least not any more. A lot of it is outdated. It's over 3 years old, and not maintained, obviously. A quick search would find you far more up-to-date scripts/demos
Not sure if you're sincere, or shilling. You account is rather new, and you have no github history. Maybe you're really into this and trying to help. But when you state that you rate something better because it has more features, I can't take you seriously.
I've actually had a lot of contact with the CanvasBlocker developer, and some contact with the developer of Chameleon - and those guys know what they're doing. More so than me: I know sweet F all, but even I could tell Trace wasn't any good practically just by looking at it: now I've actually installed it and given it a 10 minute spin, my assumptions were correct
PS: sorry if I sound like a prick
I hadn't heard of this extension before.
I very much value your extensive experience on issues like this @Thorin-Oakenpants
As a result we're not going to be doing further research on this. It won't be added.