Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-11-22 18:41:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated 3.3 Overrides [To RFP or Not] (markdown)

Thorin-Oakenpants 2023-11-22 12:01:11 +00:00
parent 24be32c51b
commit 928eebc45a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
3.3-Overrides-[To-RFP-or-Not].md

@ -2,7 +2,7 @@
#### 🟥 SUMMARY
**The best any browser can confidently do, excluding Tor Browser and Mullvad Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks**. If you can handle a few RFP side-effects, cool - if not, then consider using CanvasBlocker if your threat model fits.
**The best any browser can confidently do, excluding Tor Browser and Mullvad Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks**. If you can handle a few RFP side-effects, cool - otherwise, in Firefox 120+ you can fallback to using FPP (fingerprintingProtection), where FPP subtly randomizes canvas per eTLD+1, per session and per window-mode.
---
@ -84,7 +84,7 @@ Due to it's nature, which is effectively breaking web standards whilst protectin
- timezone is always UTC0
- prefers-color-scheme is always light
If you can live with that, and you should have a secondary browser for the occasional site glitch, then use RFP as the best solution possible. Otherwise, if you think the threat fits your wheelhouse, use CanvasBlocker with canvas and audio randomizing (the rest is not really needed and will add perf costs). Note that extensions lack APIs to fully protect metrics, but naive scripts are likely not that sophisticated.
If you can live with that, and you should have a secondary browser for the occasional site glitch, then use RFP as the best solution possible. Otherwise, in Firefox 120+ you can fallback to using FPP (fingerprintingProtection), where FPP subtly randomizes canvas per eTLD+1, per session and per window-mode.
<sup>1</sup> Assuming it is even fingerprinting and the _exact same canvas test_ is widespread, this does not compromise your fingerprint - it is a single metric and only on those sites you exempt.