[tor-dev] [linux-elitists] Browser fingerprinting

Eugen Leitl eugen at leitl.org
Mon Oct 14 08:28:20 UTC 2013 

----- Forwarded message from katana <katana at riseup.net> -----

Date: Mon, 14 Oct 2013 09:27:41 +0200
From: katana <katana at riseup.net>
To: cypherpunks at cpunks.org
Subject: Re: [linux-elitists] Browser fingerprinting
Message-ID: <525B9CED.20907 at riseup.net>
User-Agent: Thunderbird

Hi,

> Check out firegloves. It's outdated, and I'd love to see it getting 
> some love, but it's a great POC for anti-fingerprinting in Firefox.

In <http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf>
about their FPDetective Framework
<http://homes.esat.kuleuven.be/~gacar/fpdetective/>, the authors wrote
about Firegloves:

"Additionally, Firegloves limits the number of fonts that a single
browser tab can load and reports false dimension values for the
offsetWidth and offsetHeight properties of HTML elements to evade
JavaScript-based font detection. We evaluated the effectiveness of
Firegloves’ as a countermeasure to fingerprinting, and discovered
several shortcomings. For instance, instead of relying on offsetWidth
and offsetHeight values, we could easily use the width and the height of
the rectangle object returned by getBoundingClientRect method, which
returns the text’s dimensions, even more precisely than the original
methods. This enabled us to detect the same list of fonts as we would
without the Firegloves extension installed. Surprisingly, our probe for
fonts was not limited by the claimed cap on the number of fonts per tab.
This might be due to a bug, or to changes in the Firefox extension
system that have been introduced after FireGloves, which is not
currently being maintained, was first developed. Although Firegloves
spoofs the browser’s user-agent and platform to pretend to be a Mozilla
Firefox version 6 running on a Windows operating system, the
navigator.oscpu is left unmodified, revealing the true platform.
Moreover, Firegloves did not remove any of the new methods intro-
duced in later versions of Mozilla Firefox and available in
the navigator object, such as navigator.mozCameras and
navigator.doNotTrack."

I add: OK, the naviagtor.oscpu issue can be fixed easily, but the
timezone feature doesnt't work too with enabled JavaScript.

---
Katana

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the tor-dev mailing list