this post was submitted on 18 Feb 2025
972 points (99.3% liked)
Technology
63083 readers
6739 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Would it be possible for a browser or extension to just provide false metadata in order to subvert this type of fingerprinting?
So from what I understand, theres 2 common ways that browsers combat this. Someone add to or correct me if I'm wrong.
Ex: Everyone wearing black pants and hoodies with the facemasks. Extremely hard to tell who is who.
Ex: look like a dog in one place, a cat in another place. They get data for a dog but that doesn't help build anything if the rest of the data is a cat, hamster, whatever. No way to piece it together to be useful.
In both my examples, there are caveats. Just because everyone dressed the same doesn't mean someone isn't taller or shorter, or skinnier or fatter. There can still be tells to help narrow down. Or a cat that barks like a dog suddenly is more linkable to a dog if that makes sense lol.
In other words it still depends user behavior that can contribute to the effectiveness of these tools.
EDIT: got distracted. To answer your question I don't think so. I think it's more about user behavior blending in or being randomized. I think the only thing an extension would be able to do is possibly randomize the data but I'm unsure of such an extension yet. These aren't the only options, these are just ones I've read about recently. Online behavior, browswr window size, and I'm sure so much more also goes into it. But every little bit helps and is better than nothing.
EDIT2: Added examples for each for clarity.
Mull is discontinued unfortunately, although I think it got forked?
Fennec is similar and is maintained
There is a fork of mull too
I went back to Fennec. We'll see if a fork survives long term.
I just want Firefox on F-Droid, and Fennec has been that for years. I only switched because I got a new phone and figured I'd try Mull.
For mobile, yes, development stopped.
However, Mullvad (from the actual VPN folk) for desktop still exists.
https://mullvad.net/en/browser
Mullvad browser and Mull were not affiliated.
That's why I said (from the actual vpn folk)
The two were often conflated because "mull" in the name. They also used many of the same resources for the prefs.js and other tweaks. (Arkenfox, tor uplift, etc)
Yep. It's fork is called ironfox
Yeah maybe Tor Browser was the better example. Just trying to get the point out lol.
The first point is flawed and even TOR doesn't execute javascript because it's impossible to catch everything when you give the server full code running capabilities.
The second point is more plausible but there's an incredible amount of work to do to fix this. Like, needing to rework browser engines from ground up and removing all of the legacy cruft. Brave is not capable of this and never will be no matter what they advertise because it doesn't have it's own engine.
That being said, these tools will get you quite far against commercial fingerprint products especially ones used for Ads but that will also ruin your browser experience as now you're just solving captchas everywhere 🫠
Thanks for adding! Could you clarify a bit on the points so I can better understand where I was wrong at?
No. Anything that executes Javascript will be fingerprinted.
That being said it depends who are you fighting. For common commercial tools like Cloudflare fingerprinter it might work to some extent but if you want to safeguard against more sophisticated fingerprinting then TOR and no JS is the only way to combat this.
The issue is that browsers are so incredibly complex that it's impossible to patch everything and you'll just end up getting infinite captchas and break your browsing experience.
Yes. There is a firefox extension called Chameleon that does this.
Yes but that metadata is also used to serve you the webpage, so if you spoof it, the page may not load properly.
Others have mentioned what Firefox/etc do, but another option is a PiHole. If you can't look up the IP for an advertiser URL, you don't load the JavaScript to begin with.