Comment by xnx
9 hours ago
This is a good use of Firefox resources. Unfortunately Firefox is at a natural disadvantage for fingerprinting by virtue of being used by such a small number of users.
9 hours ago
This is a good use of Firefox resources. Unfortunately Firefox is at a natural disadvantage for fingerprinting by virtue of being used by such a small number of users.
There was a commenter some time back showing that browser statistics were easy to skew. Safari and Firefox are less likely to show up in analytics, so website owners think they're less important than they really are. Conflating client-side with server-side analytics showed quite a gap.
Most of the people who are just looking at browser statistics for the purpose of managing a website are using simple tools that just simply collect data from user agent strings. Determining browser from this isn't 100% straightforward, but it's enough to give website operators a rough idea of what browser to target. This data was more important in the days when everything wasn't Chrome/Android/iOS, and it actually mattered what version of IE your users were running.
If you're doing fingerprinting for tracking purposes, you're gonna be tracking a lot more in-depth data.
But in the end, there are pretty much three types of Internet user today: 1. The person who uses the default browser installed on their device. 2. The user who always downloads Chrome when they first get a new computer. and 3. Nerds who do something else.
>This is a good use of Firefox resources. Unfortunately Firefox is at a natural disadvantage for fingerprinting by virtue of being used by such a small number of users.
I'd rather be trackable but secure -- the big draw for me is NoScript. Paired with uBlock, I'm safe from malvertising[1]
[1] https://en.wikipedia.org/wiki/Malvertising#Examples_of_malic...
You're more trackable by using NoScipt and there's no good reason to use it if you know how to properly use uBlock: https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-don... uBlock is a content blocker so it can do everything NoScript can if you learn its advanced UI usage. Using additional extensions makes you more trackable.
>You're more trackable by using NoScipt and there's no good reason to use it if you know how to properly use uBlock
What data do you have to support this assertion? uBlock doesn't seem to have the ability to selectively enable only JS nessecary for functionality, and if it does, the UI makes it much more difficult to enable.
I just ran a test -- merely uBlock use renders me unique, whereas one in 5742.77 had the same fingerprint as me when using NoScript. (I suspect that's the number of people also using Firefox with NoScript who own this particular monitor size)
A big chunk of the fingerprinting techniques require JS -- it's pretty hard to ascertain what specific extensions are installed with it. I tested disabling it and it didn't seem to do much difference in terms of bits of entropy on EFF's tool.
I encourage you to try for yourself and then think hard on your advice.
1 reply →
I was wondering why uBlock is not enough since you can block Javascript globally and re-enable per site. AI's answer:
Only things uBlock doesn’t replicate:
NoScript’s anti-XSS and anti-clickjacking heuristics (uBlock just blocks the sources, not sanitize payloads).
NoScript’s control over other active content types (e.g., WebGL, media codecs, etc).
I often think about this in connection with my user agent. I am sure it helps identify me. If I spoofed a Chrome/Windows UA that would probably be better from a privacy perspective. But if we all do that then web designers will never know that we exist. I want people to know there are Firefox and Linux users out there.
Spoofed UAs are easily detected. And if you are spoofing your UA you are among a very small subset of users.
Easy to detect but companies are lazy. I remember when Netflix first worked for Linux on chrome but not Firefox. I changed my agent and was good to go. After some months I emailed them asking to lift the agent block. They assured me they weren't blocking by agent. I sent them screenshots. They doubled down. So I said ¯\_(ツ)_/¯ and just kept using the agent until they unblocked it
5 replies →
Interesting. So when you try resist fingerprinting. If you dont go all the way you're at risk of making your differentiations smaller?
As an oversimplified example:
If a website has 100 visitors, and 99 of them use Chrome, and 1 user uses Firefox, it doesn't matter how good their fingerprinting resistance is, they're always the one using Firefox.
https://xkcd.com/1105/
Firefox is low on browser count but it's still around 4%[0]. That's enough that there will be lots of collisions. Even a small percent of a very large number is a very large number
[0] https://radar.cloudflare.com/reports/browser-market-share-20...
3 replies →
But if another Firefox user comes they are indistinguishable from each other, while every Chrome user is uniquely identifiable, are they not?
1 reply →