From 2c996496e70facdfd83bb10b472aaad7461f4a2a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 31 Jan 2022 14:28:06 +0000 Subject: [PATCH] Updated 3.3 Overrides [To RFP or Not] (markdown) --- 3.3-Overrides-[To-RFP-or-Not].md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3.3-Overrides-[To-RFP-or-Not].md b/3.3-Overrides-[To-RFP-or-Not].md index a172910..4a243e3 100644 --- a/3.3-Overrides-[To-RFP-or-Not].md +++ b/3.3-Overrides-[To-RFP-or-Not].md @@ -2,7 +2,7 @@ #### 🟥 SUMMARY -**The best any browser can confidently do, excluding Tor Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks**. If you can handle a few RFP side-effects, cool - if not, then consider using Canvas Blocker if your threat model fits. +**The best any browser can confidently do, excluding Tor Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks**. If you can handle a few RFP side-effects, cool - if not, then consider using CanvasBlocker if your threat model fits. --- @@ -81,7 +81,7 @@ Due to it's nature, which is effectively breaking web standards whilst protectin - timezone is always UTC0 - prefers-color-scheme is always light -If you can live with that, and you should have a secondary browser for the occasional site glitch, then use RFP as the best solution possible. Otherwise, if you think the threat fits your wheelhouse, use Canvas Blocker with canvas and audio randomizing (the rest is not really needed and will add perf costs). Note that extensions lack APIs to fully protect metrics, but naive scripts are likely not that sophisticated. +If you can live with that, and you should have a secondary browser for the occasional site glitch, then use RFP as the best solution possible. Otherwise, if you think the threat fits your wheelhouse, use CanvasBlocker with canvas and audio randomizing (the rest is not really needed and will add perf costs). Note that extensions lack APIs to fully protect metrics, but naive scripts are likely not that sophisticated. 1 Assuming it is even fingerprinting and widespread, this does not compromise your fingerprint - it is a single metric and only on those sites you exempt.