From 710f2facfd184c9c7fd95a3fdf405562b7b5c430 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Nov 2022 06:40:37 +0000 Subject: [PATCH] Updated 3.3 Overrides [To RFP or Not] (markdown) --- 3.3-Overrides-[To-RFP-or-Not].md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/3.3-Overrides-[To-RFP-or-Not].md b/3.3-Overrides-[To-RFP-or-Not].md index ea5214b..eea4155 100644 --- a/3.3-Overrides-[To-RFP-or-Not].md +++ b/3.3-Overrides-[To-RFP-or-Not].md @@ -52,19 +52,15 @@ Only Tor Browser can confidently address advanced scripts: enough metrics covere Arkenfox's primary objectives have always been security, privacy and mitigating the very real and substantial forms of tracking such as state and navigational, rather than prioritizing the potential threat of a widespread advanced fingerprinting script. -**_That said, arkenfox does resist stateless tracking_**: +**_That said, arkenfox does resist stateless tracking. Do not listen to random [non-experts](https://old.reddit.com/r/firefox/comments/wi9vee/firefox_and_fingerprinting/ijae7ow/)_**: - 🔹 It enables ETP's [Fingerprinters](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) (and recommends uBlock Origin) - 🔹 It enables RFP - RFP is a robust, performant, built-in browser solution that does not leak (see RULE 1) - RFP randomizes canvas to catch naive scripts (most scripts are naive with canvas) + - RFP doesn't require a crowd or care about Tor Browser to fool naive scripts - RFP contains timing mitigations as a bonus against many side channel attacks - -**_Do not listen to random [non-experts](https://old.reddit.com/r/firefox/comments/wi9vee/firefox_and_fingerprinting/ijae7ow/)_** - -- 🔹 RFP doesn't require a crowd or care about Tor Browser when it comes to naive scripts -- 🔹 RFP can't make fingerprinting worse, you are already unique if you do nothing -- 🔹 RFP has a net privacy benefit (see the resistance points above) + - RFP can't make fingerprinting worse, you are already unique if you do nothing So if a fingerprinting script should run, it would need to be universal or widespread (i.e it uses the exact same canvas, audio and webgl tests among others - most aren't), shared by a data broker (most aren't), not be naive (most are) and not be just first party or used solely for bot detection and fraud prevention (most probably are) 1.