Updated 3.3 Overrides [To RFP or Not] (markdown)

Thorin-Oakenpants 2022-11-05 06:40:37 +00:00
parent 2fd2fc35a8
commit 710f2facfd

@ -52,19 +52,15 @@ Only Tor Browser can confidently address advanced scripts: enough metrics covere
Arkenfox's primary objectives have always been security, privacy and mitigating the very real and substantial forms of tracking such as state and navigational, rather than prioritizing the potential threat of a widespread advanced fingerprinting script.
**_That said, arkenfox does resist stateless tracking_**:
**_That said, arkenfox does resist stateless tracking. Do not listen to random [non-experts](https://old.reddit.com/r/firefox/comments/wi9vee/firefox_and_fingerprinting/ijae7ow/)_**:
- 🔹 It enables ETP's [Fingerprinters](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) (and recommends uBlock Origin)
- 🔹 It enables RFP
- RFP is a robust, performant, built-in browser solution that does not leak (see RULE 1)
- RFP randomizes canvas to catch naive scripts (most scripts are naive with canvas)
- RFP doesn't require a crowd or care about Tor Browser to fool naive scripts
- RFP contains timing mitigations as a bonus against many side channel attacks
**_Do not listen to random [non-experts](https://old.reddit.com/r/firefox/comments/wi9vee/firefox_and_fingerprinting/ijae7ow/)_**
- 🔹 RFP doesn't require a crowd or care about Tor Browser when it comes to naive scripts
- 🔹 RFP can't make fingerprinting worse, you are already unique if you do nothing
- 🔹 RFP has a net privacy benefit (see the resistance points above)
- RFP can't make fingerprinting worse, you are already unique if you do nothing
So if a fingerprinting script should run, it would need to be universal or widespread (i.e it uses the exact same canvas, audio and webgl tests among others - most aren't), shared by a data broker (most aren't), not be naive (most are) and not be just first party or used solely for bot detection and fraud prevention (most probably are) <sup>1</sup>.