Privacybadger: Online Fingerprint Randomisation
Browser fingerprinting is a current privacy-related issue that EFF's Panopticlick only detects but seems to offer no way of solving it.
The functionality of randomising one's online fingerprint, would be a great addition to a privacy tool like PrivacyBadger.
I would be delighted to work on this addition, if the idea seems good to you. Thanks
iammyr
All 4 comments
Hi @iammyr,
This is definitely something we've thought about, but haven't had time to prioritize yet. I encourage you to look into if you'd like.
A good place to start would be with cookieblocked domains: if PB has learned that a domain is tracking, but doesn't block it, we can at least return a randomized fingerprint. This is basically how our local storage detection/blocking works: https://github.com/EFForg/privacybadger/blob/master/src/js/contentscripts/clobberlocalstorage.js
The new code should probably go in a similar file called "clobberfingerprinting.js".
We should also look into how other extensions (like Privacy Possum) do this without breaking normal functionality.
bcyphers
on 4 Mar 2019
Privacy Possum gives back completely random numbers and letters. I don't know if there's breakage.
Privacy Badger could start with simply changing some of the more unique fingerprinting variables that usually do not impact functionality, like:
- Hash of canvas fingerprint
- Hash of WebGL fingerprint
which can easily be randomized, both in first-party and third-party context, by default.
samuel8941
on 16 Mar 2019
Ghacks explains this somewhat here, UA spoofing is best left to privacy.resistFingerprinting, according to ghacks, otherwise it mangles decade long perfected and inbuilt tor based fingerprinting protection by raising entropy. I think that means thanks to tors setup there are more users who all look the same than look random, even the window size, and because random is unique as it gets, though indeed never the same twice... some things cant be randomized, so you have a mix of both, and depending upon hundreds of possible variables, it may make you more unique. And otherwise, you have to re-invent the wheel. Maybe I'm wrong, there is always exceptions. So if you are going to add such a feature, please make it optional. I have requested that the maker of privacypossum does the same, also possums third party cookies blocking should be optional for a multitude of reasons, and it also breaks privacy badgers ability to detect third party trackers, and disabling it also breaks all of possums other features entirely.
It really depends on a lot we may not know, like how far do various fingerprinting companies go as of 2019. Maybe I am missing something here... but this seems to be what the experts at ghacks have determined.
rugabunda
on 27 Aug 2019
Yes, plus fingerprint randomization is probably out of scope for Privacy Badger at this time. We should continue to focus on improving Privacy Badger's core competency, which is detecting third-party tracking and then blocking the trackers outright.
Related: #1897, #1527.
ghostwords
on 27 Aug 2019
Related issues
andresbase
路
4Comments
cowlicks
路
4Comments
ghost
路
5Comments
bitnik
路
5Comments
hairetikos
路
3Comments
Most helpful comment
Hi @iammyr,
This is definitely something we've thought about, but haven't had time to prioritize yet. I encourage you to look into if you'd like.
A good place to start would be with cookieblocked domains: if PB has learned that a domain is tracking, but doesn't block it, we can at least return a randomized fingerprint. This is basically how our local storage detection/blocking works: https://github.com/EFForg/privacybadger/blob/master/src/js/contentscripts/clobberlocalstorage.js
The new code should probably go in a similar file called "clobberfingerprinting.js".
We should also look into how other extensions (like Privacy Possum) do this without breaking normal functionality.