-
Notifications
You must be signed in to change notification settings - Fork 518
3.3 Overrides [To RFP or Not]
🟩 Previous: Overrides [Common]
The best any browser can confidently do, excluding Tor Browser and Mullvad Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks. If you can handle a few RFP side-effects, cool - otherwise, in Firefox 120+ you can fallback to using FPP (fingerprintingProtection), where FPP subtly randomizes canvas per eTLD+1, per session and per window-mode.
This is a very simple generalized short summary about non Tor Browser browsers that assumes worst case scenarios, ultimate outcomes, and real solutions - I am not interested in debating issues with non-experts.
“One of the major difficulties Thorin experienced in her relationship with the Peacock was learning to distinguish between him pretending to be stupid just to get people off their guard, pretending to be stupid because he couldn't be bothered to think and wanted someone else to do it for him, pretending to be outrageously stupid to hide the fact that he actually didn’t understand what was going on, and really being genuinely stupid." - Douglas Adams
🟪 TOR BROWSER
If your threat model calls for anonymity and advanced fingerprinting protection, then USE TOR BROWSER.
If you do nothing on desktop, you are already uniquely identifiable - screen, window and font metrics alone are probably enough - add timezone name, preferred languages, and several dozen other metrics and it is game over. Here is a link to the results of a study done in 2016 showing a 99.24% unique hit rate (and that is excluding IP addresses).
Changing a few prefs from default is not going to make you "more unique" - there is no such thing 1.
Here are some fingerprint protection basics
- 🔹RULE 1
- Protect the real value of each metric - it does not matter how it does it
- 🔹NAIVE
- A script that "swallows" a randomized value is a "naive" script
- The more randomized metrics, the greater the chance a script becomes naive
- Fooling naive scripts does not require a crowd
- 🔹ADVANCED
- All randomizing is detectable [this is a fact] - a script that does this is an "advanced" script
- Advanced scripts are not all the same - i.e they have levels of sophistication
- Defeating advanced scripts requires a crowd, the larger the better
- 🔹RULE 2
- Cover enough metrics
- Optionally randomized to catch naive scripts
- Ultimately enough that it becomes too hard or costly or impossible [because all randomizing can be detected]
- Cover enough metrics
Only Tor Browser can confidently address advanced scripts: enough metrics covered and a large crowd. The best any other browser can confidently do is fool naive scripts - if you're not convinced, add the loose data points from your IP/VPN.
1 Not to be confused with simple information paradoxes: such as claiming to be blink rather than gecko.
Arkenfox does not and never has, claimed to defeat advanced fingerprinting and does not care if two or three prefs with real-world tangible benefits change any stable metrics, because you are already unique - see the preceding section.
Arkenfox's primary objectives have always been security, privacy and mitigating the very real and substantial forms of tracking such as state and navigational, rather than prioritizing the potential threat of a widespread advanced fingerprinting script.
That said, arkenfox does resist stateless tracking. Do not listen to random non-experts with no knowledge of conditional entropy or surprisals:
- 🔹 It enables ETP's Fingerprinters (and recommends uBlock Origin)
- 🔹 It enables RFP
- RFP is a robust, performant, built-in browser solution that does not leak (see RULE 1)
- RFP randomizes canvas to catch naive scripts (most scripts are naive with canvas)
- RFP doesn't require a crowd or care about Tor Browser to fool naive scripts
- RFP contains timing mitigations as a bonus against many side channel attacks
- RFP can't make fingerprinting worse, you are already unique if you do nothing
So if a fingerprinting script should run, it would need to be universal or widespread (i.e it uses the exact same canvas, audio and webgl tests among others - most aren't), shared by a data broker (most aren't), not be naive (most are) and not be just first party or used solely for bot detection and fraud prevention (most probably are) 1.
1 That's not to say that fingerprinting is not a threat and won't become more widespread and sophisticated.
Due to it's nature, which is effectively breaking web standards whilst protecting 100+ metrics, RFP does cause the odd issue.
- 🔹BREAKAGE
- canvas: you can set a site exception either temporarily or permanently 1 🥇
99% of breakage
- Note: totally randomizing the canvas per execution is by design
-
- A trained user can spot a RFP canvas by it's wavy pattern
-
- Set/revoke site exceptions via the urlbar or
Ctrl-I > Permissions
- Set/revoke site exceptions via the urlbar or
- edge cases caused by e.g. http header, timing mitigations, device pixel ratio, and alt key spoofing
- canvas: you can set a site exception either temporarily or permanently 1 🥇
- 🔹 USABILITY
- timezone is always UTC0
- prefers-color-scheme is always light
If you can live with that, and you should have a secondary browser for the occasional site glitch, then use RFP as the best solution possible. Otherwise, in Firefox 120+ you can fallback to using FPP (fingerprintingProtection), where FPP subtly randomizes canvas per eTLD+1, per session and per window-mode.
1 Assuming it is even fingerprinting and the exact same canvas test is widespread, this does not compromise your fingerprint - it is a single metric and only on those sites you exempt.
🟩 Next: Apply & Update & Maintain