----- Forwarded message from katana katana@riseup.net -----
Date: Mon, 14 Oct 2013 09:27:41 +0200 From: katana katana@riseup.net To: cypherpunks@cpunks.org Subject: Re: [linux-elitists] Browser fingerprinting Message-ID: 525B9CED.20907@riseup.net User-Agent: Thunderbird
Hi,
Check out firegloves. It's outdated, and I'd love to see it getting some love, but it's a great POC for anti-fingerprinting in Firefox.
In http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf about their FPDetective Framework http://homes.esat.kuleuven.be/~gacar/fpdetective/, the authors wrote about Firegloves:
"Additionally, Firegloves limits the number of fonts that a single browser tab can load and reports false dimension values for the offsetWidth and offsetHeight properties of HTML elements to evade JavaScript-based font detection. We evaluated the effectiveness of Firegloves’ as a countermeasure to fingerprinting, and discovered several shortcomings. For instance, instead of relying on offsetWidth and offsetHeight values, we could easily use the width and the height of the rectangle object returned by getBoundingClientRect method, which returns the text’s dimensions, even more precisely than the original methods. This enabled us to detect the same list of fonts as we would without the Firegloves extension installed. Surprisingly, our probe for fonts was not limited by the claimed cap on the number of fonts per tab. This might be due to a bug, or to changes in the Firefox extension system that have been introduced after FireGloves, which is not currently being maintained, was first developed. Although Firegloves spoofs the browser’s user-agent and platform to pretend to be a Mozilla Firefox version 6 running on a Windows operating system, the navigator.oscpu is left unmodified, revealing the true platform. Moreover, Firegloves did not remove any of the new methods intro- duced in later versions of Mozilla Firefox and available in the navigator object, such as navigator.mozCameras and navigator.doNotTrack."
I add: OK, the naviagtor.oscpu issue can be fixed easily, but the timezone feature doesnt't work too with enabled JavaScript.
--- Katana
----- End forwarded message -----