14

Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn't browsers see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.

top 12 comments
sorted by: hot top controversial new old
[-] Max_P@lemmy.max-p.me 15 points 4 months ago

No, simply because even with pure CSS and even pure HTML you can find ways to leak some information about the browser. For example, a background image that only loads on 1920x1080, another for 2560x1440, and so on. Make hundreds of those for every possible resolution (they can be the same file on the server but at a different path), and there you go, you now figured that the client downloaded img/background/2448x1280.png from the server logs. You can use the same trick for fonts as well, you just apply the same trick on a box on the page that is sized based on text content. Repeat for every font you want to test for.

There's just a ton of those little features that are for performance optimizations because loading a 4K background on a 480p phone is a bad experience for everyone involved. Sometimes you need to know the size of some elements to position other elements relative to it. You need the mouse cursor position to open popups at the right place. You need the window size to realign popups and modals. You'd have to go back to text based only sites like it's the 80s and 90s to avoid that kind of fingerprinting.

And thus Tor's solution: everyone's got the same window size, same fonts and everything.

[-] refalo@programming.dev 11 points 4 months ago* (last edited 4 months ago)

No, there is no way to prevent sites from uploading the info besides just not providing it in the first place.

And because of how programming languages work, there's no way for the browser to identify that data being uploaded "is" anything specific, especially when there's things like encryption, obfuscation or just re-arranging the data itself into larger collections of data.

[-] kenkenken@sh.itjust.works 8 points 4 months ago

Tor Browser does, but differently. It attempts to behave in the same way an all platforms, ignores installed libs/fonts/etc, uses letterboxing against resolution fingerprinting.

https://support.torproject.org/tbb/maximized-torbrowser-window/

[-] refalo@programming.dev 5 points 4 months ago

same way on all platforms

too bad navigator.platform still returns Linux instead of Windows...

[-] GolfNovemberUniform@lemmy.ml 3 points 4 months ago

LibreWolf can mitigate resolution tracking with an opt-in feature but it creates spacing around the windows so it's very inconvenient for many people. Idk any other browsers that do it.

[-] MrOtherGuy@lemmy.world 5 points 4 months ago

Sounds like you are talking about Firefox's letterboxing feature which you can enable/disable independently from full fingerprinting resistance.

[-] GolfNovemberUniform@lemmy.ml 0 points 4 months ago

I thought it's a LibreWolf feature?

[-] MrOtherGuy@lemmy.world 1 points 4 months ago

The letterboxing feature has been in Firefox since 2019 - starting from Firefox 67 I think. The preference for it might have been hidden though so maybe it's just relatively unknown feature - I don't know if or how visible LibreWolf makes makes it for the user. But regardless, any modern Firefox variant probably has that capability.

[-] GolfNovemberUniform@lemmy.ml 3 points 4 months ago

In LibreWolf there's a toggle in settings for it. That's one of the disadvantages of Firefox. It has so many features but everything in hidden in a config file. They could just create an "advanced settings" menu.

[-] MrOtherGuy@lemmy.world 2 points 4 months ago

Yeah... It's a bit hard to balance things like this though, I've seen lot's of folks complain about how their Firefox is apparently "broken" because it now suddenly has this empty margin around web-content seemingly wasting space for no reason - and then it turns out that they have deliberately turned this very feature on. And that is even if the feature is completely hidden - I wonder how many more complaints there would be if options like this are made more accessible.

[-] GolfNovemberUniform@lemmy.ml 1 points 4 months ago

Only you are responsible for what you turn on. It's good to have a description of the feature with warnings about the potential inconveniences it can cause (like LibreWolf does) but the responsibility is still on the user.

[-] dubyakay@lemmy.ca -1 points 4 months ago

Wtf@this dude's post history.

this post was submitted on 29 Jun 2024
14 points (79.2% liked)

Privacy

31995 readers
1052 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS