-
Notifications
You must be signed in to change notification settings - Fork 526
3.3 Overrides [To RFP or Not]
🟩 Previous: Overrides [Common]
🟥 Summary: The best any browser can confidently do, excluding Tor Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks. If you can handle a few RFP side-effects, cool - if not, then consider using Canvas Blocker if your threat model fits
This is a very simple generalized short summary about non Tor Browser browsers that assumes worst case scenarios, ultimate outcomes, and real solutions - I am not interested in debating issues with non-experts
“One of the major difficulties Thorin experienced in her relationship with the Peacock was learning to distinguish between him pretending to be stupid just to get people off their guard, pretending to be stupid because he couldn't be bothered to think and wanted someone else to do it for him, pretending to be outrageously stupid to hide the fact that he actually didn’t understand what was going on, and really being genuinely stupid." - Douglas Adams
🟪 TOR BROWSER
If your threat model calls for anonymity and advanced fingerprinting protection, then USE TOR BROWSER
🟪 FINGERPRINTING
If you do nothing on desktop, you are already uniquely identifiable - screen, window and font metrics alone are probably enough - add timezone name, preferred languages, and several dozen other metrics and it is game over. Here is a link to the results of a study done in 2016 showing a 99.24% unique hit rate (and that is excluding IP addresses)
Changing a few prefs from default is not going to make you "more unique" - there is no such thing 1
Here are some fingerprint protection basics
- 🔹RULE 1
- Protect the real value of each metric - it does not matter how it does it
- 🔹NAIVE
- A script that "swallows" a randomized value is a "naive" script
- The more randomized metrics, the greater the chance a script becomes naive
- Fooling naive scripts does not require a crowd
- 🔹ADVANCED
- All randomizing is detectable [this is a fact] - a script that does this is an "advanced" script
- Advanced scripts are not all the same - i.e they have levels of sophistication
- Defeating advanced scripts requires a crowd, the larger the better
- 🔹RULE 2
- Cover enough metrics
- Optionally randomized to catch naive scripts
- Ultimately enough that it becomes too hard or costly or impossible [because all randomizing can be detected]
- Cover enough metrics
Only Tor Browser can confidently address advanced scripts: enough metrics covered and a large crowd. The best any other browser can confidently do is fool naive scripts - if you're not convinced, add the loose data points from your IP/VPN.
1 Not to be confused with simple information paradoxes: such as claiming to be blink rather than gecko
🟪 ARKENFOX
Arkenfox does not and never has, claimed to defeat advanced fingerprinting and does not care if a couple of prefs change stable metrics, because you are already unique - see the preceding section
Arkenfox's primary objectives have always been security, privacy and mitigating the very real and substantial forms of tracking such as state and navigational, rather than prioritizing the potential threat of a widespread advanced fingerprinting script
That said, arkenfox does resist stateless tracking
- 🔹 It enables ETP's Fingerprinters (and recommends uBlock Origin)
- 🔹 It enables RFP
- RFP is a robust, performant, built-in browser solution that does not leak (see RULE 1)
- RFP randomizes canvas to catch naive scripts (most scripts are naive with canvas)
- RFP contains timing mitigations as a bonus against many side channel attacks
So if a fingerprinting script should run, it would need to be universal or widespread (i.e it use the exact same canvas, audio and webgl tests among others - most aren't), shared by a data broker (most aren't), not be naive (most are) and not be just first party or used solely for bot detection and fraud prevention (most probably are) 1
1 That's not to say the fingerprinting is not a threat and won't become more widespread and sophisticated
🟪 RFP
Due to it's nature, which is effectively breaking web standards whilst protecting 100+ metrics, RFP does cause the odd issue
- 🔹BREAKAGE
- canvas: you can set a site exception either temporarily or permanently 1 🥇
99% of breakage
- Note: totally randomizing the canvas per execution is by design
- timing mitigations: can cause yank in animations/games
- sporadic edge cases caused by e.g. version, http header, device pixel ratio, and alt key spoofing
- canvas: you can set a site exception either temporarily or permanently 1 🥇
- 🔹 USABILITY
- timezone is always UTC0
- prefers-color-scheme is always light
If you can live with that, and you should have a secondary browser for the occasional site glitch, then use RFP as the best solution possible. Otherwise, if you think the threat fits your wheelhouse, use Canvas Blocker with canvas and audio randomizing (the rest is not really needed and will add perf costs). Note that extensions lack APIs to fully protect metrics, but naive scripts are still probably not that advanced
1 Assuming it is even fingerprinting and widespread, this does not compromise your fingerprint - it is a single metric and only on those sites you exempt
🟩 Next: Apply & Update & Maintain