|
|
Subscribe / Log in / New account

Using several browsers. +1 for diversity

Using several browsers. +1 for diversity

Posted Jul 24, 2014 12:56 UTC (Thu) by ber (subscriber, #2142)
Parent article: Browser tracking through "canvas fingerprinting"

A simple protection measure is to use several Free Software-Browsers for daily tasks. Its effect is very small of course, but it can be done by everyone without hassle.

to post comments

Using several browsers. +1 for diversity

Posted Jul 24, 2014 14:32 UTC (Thu) by mpr22 (subscriber, #60784) [Link]

Under my scheme of classification, using more than one web browser falls into the category "hassle" in much the same way that using more than one text editor, using more than one mail client, or using more than one command-line interpreter would.

Using several browsers. +1 for diversity

Posted Jul 25, 2014 20:18 UTC (Fri) by Jandar (subscriber, #85683) [Link] (6 responses)

Instead of changing the whole browser one could change some of the data used for fingerprinting.

On every browser-start drop randomly a few fonts or plugins or whatever. Only those unused for x days and not pinned by the user.

Introduce a fudge-factors into the graphic-primitives to create a kind of changing rounding-errors, invisible to normal human eyes but deflecting this canvas-fingerprinting.

Every time some data is used as variable between users and constant in time, create a slight variance per browser-invocation. There could be a kind of plugin-architecture to random patch the various data-sets.

Using several browsers. +1 for diversity

Posted Jul 26, 2014 6:57 UTC (Sat) by alankila (guest, #47141) [Link] (5 responses)

All of these are horrible solutions.

- dropping plugins does nothing to stop fingerprinting because plugins are not needed for this hack, and if you allow any font to be pinned, then there will exist a pinned font that can be used for the fingerprinting purpose. (Remember, discovering which font is pinned is alone fingerprinting information.) In addition, there exist fonts no sane person will disable. For instance, renderings of Arial are sufficient to perform the fingerprinting and it is an extremely common font in wide use.

- random errors fall prey to simple analysis methods such as averaging or taking median between multiple sample images. Systematic errors that vary slowly in time, however, could work. The fingerprinting used an optics test image with geometric distortion, which produces all sorts of interesting moire which depends on the antialiasing implementation. I suppose it would be possible to perturb the vertex coordinates slightly to change the moire pattern enough to prevent fingerprinting, but I bet this would be user visible as the differences between implementations did not look very subtle to me.

I like dithering personally and every time I do some graphics program that renders some floating-point-valued image with more than 8 bits of precision per component, I convert to sRGB in floating point and then truncate to 8 bits with triangular dither. This type of dither generates uniform noise across the entire image, and of course it could be averaged out one way or other. However, any random noise thwarts efficient fingerprinting mechanisms that just take a single image, then hash it to a short string and send it to server as fingerprint...

Using several browsers. +1 for diversity

Posted Jul 26, 2014 9:27 UTC (Sat) by Jandar (subscriber, #85683) [Link] (4 responses)

> dropping plugins does nothing to stop fingerprinting because plugins are not needed for this hack,

The list of installed plugins is a major part of panopticlicks fingerprinting.

> and if you allow any font to be pinned, then there will exist a pinned font that can be used for the fingerprinting purpose. (Remember, discovering which font is pinned is alone fingerprinting information.)

It's obvious his pinning has to be unobservable for the web-server. After the startup of the browser there is no information left about the fudging of configuration.

> In addition, there exist fonts no sane person will disable.

If everyone has this font, it can't be used for fingerprinting. So what.

> For instance, renderings of Arial are sufficient to perform the fingerprinting and it is an extremely common font in wide use.

To counter this my suggestion was to introduce very small subtle errors into the graphic primitives, which changes with every browser-invocation.

> - random errors fall prey to simple analysis methods such as averaging or taking median between multiple sample images.

To perform averaging over many browser-invocations, they have to identify the user beforehand. If they have other means to identify the user, this whole fingerprinting is unnecessary for them.

None of the random changes are done during a browser session, all must be made on startup

Using several browsers. +1 for diversity

Posted Jul 27, 2014 15:26 UTC (Sun) by mathstuf (subscriber, #69389) [Link] (3 responses)

> None of the random changes are done during a browser session, all must be made on startup

Seeing as browsers these days have the same lifetime as a computer's uptime, is this enough? Maybe once a day or week instead?

Using several browsers. +1 for diversity

Posted Jul 27, 2014 21:20 UTC (Sun) by Jandar (subscriber, #85683) [Link] (2 responses)

If fingerprinting is done within an open tab, it could be repeated and the new fingerprint would be linked to the old one.

If someone is privacy-minded a restart of the browser isn't to much to ask. The new invocation could retain the same URI's in tabs as the previous (can a tab get information about other tabs?).

Using several browsers. +1 for diversity

Posted Jul 27, 2014 22:46 UTC (Sun) by mathstuf (subscriber, #69389) [Link] (1 responses)

> If someone is privacy-minded a restart of the browser isn't to much to ask.

What would you recommend for a typical session length then? Why not just reset it on that schedule (jittered around so that the schedule itself isn't a fingerprint) automatically?

> can a tab get information about other tabs?

Sounds like a bug in the browser (information leak).

Using several browsers. +1 for diversity

Posted Jul 28, 2014 0:02 UTC (Mon) by Jandar (subscriber, #85683) [Link]

> What would you recommend for a typical session length then? Why not just reset it on that schedule (jittered around so that the schedule itself isn't a fingerprint) automatically?

No changing of anything in any running tab if the tabs share the random parameters. Even if the tabs have different parameters re-randomize within a tab is a bad idea, because averaging or building of a common super-/subset would be possible. Probably it's beneficial to use the same randomizing for any tab/window opened from another, because they are linked e.g. thru referer.

The simplest and surest thing would be to randomize on any browser start. More convenient for long living sessions would be separate randomizing in different tabs, but this is probably many orders more difficult. An infrastructure to use different views on central information for the tabs can't be easy ;-).

If I had to do it for myself, I would create a container/vm from a snapshot and change the filesystem before browser-start. Using a few versions of several libraries, multiple versions of fonts (perhaps different compiled version of rendering libraries are sufficient), deletion of fonts/plugins/... (especially installed to get rid of them), tweaking of browser-id and so on. I have no skill or experience with browser-programming so this would be my fill-in.

If someone from the folks programming on firefox would do FCM (Fingerprint Counter Measure), they could do it vastly better.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds