[linux-elitists] Browser fingerprinting

[katana@riseup.net (katana)]

Hi,

> Check out firegloves. It's outdated, and I'd love to see it getting 
> some love, but it's a great POC for anti-fingerprinting in Firefox.

In <http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf>
about their FPDetective Framework
<http://homes.esat.kuleuven.be/~gacar/fpdetective/>, the authors wrote
about Firegloves:

"Additionally, Firegloves limits the number of fonts that a single
browser tab can load and reports false dimension values for the
offsetWidth and offsetHeight properties of HTML elements to evade
JavaScript-based font detection. We evaluated the effectiveness of
Fireglovesâ?? as a countermeasure to fingerprinting, and discovered
several shortcomings. For instance, instead of relying on offsetWidth
and offsetHeight values, we could easily use the width and the height of
the rectangle object returned by getBoundingClientRect method, which
returns the textâ??s dimensions, even more precisely than the original
methods. This enabled us to detect the same list of fonts as we would
without the Firegloves extension installed. Surprisingly, our probe for
fonts was not limited by the claimed cap on the number of fonts per tab.
This might be due to a bug, or to changes in the Firefox extension
system that have been introduced after FireGloves, which is not
currently being maintained, was first developed. Although Firegloves
spoofs the browserâ??s user-agent and platform to pretend to be a Mozilla
Firefox version 6 running on a Windows operating system, the
navigator.oscpu is left unmodified, revealing the true platform.
Moreover, Firegloves did not remove any of the new methods intro-
duced in later versions of Mozilla Firefox and available in
the navigator object, such as navigator.mozCameras and
navigator.doNotTrack."

I add: OK, the naviagtor.oscpu issue can be fixed easily, but the
timezone feature doesnt't work too with enabled JavaScript.

---
Katana