Created 3.3 Overides [To RFP or Not] (markdown)

Thorin-Oakenpants 2022-01-29 05:45:43 +00:00
parent 5f42eda2e3
commit b6f06c7a39

@ -0,0 +1,84 @@
🟩 Previous: [Overrides [Common]](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-[Common])
🟥 Summary: **The best any browser can confidently do, excluding Tor Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks**. If you can handle a few RFP side-effects, cool - if not, then consider using Canvas Blocker if your threat model fits
---
This is a very simple generalized short summary about non Tor Browser browsers that assumes worst case scenarios, ultimate outcomes, and real solutions - I am not interested in debating issues with non-experts
> “One of the major difficulties Thorin experienced in her relationship with the Peacock was learning to distinguish between him pretending to be stupid just to get people off their guard, pretending to be stupid because he couldn't be bothered to think and wanted someone else to do it for him, pretending to be outrageously stupid to hide the fact that he actually didnt understand what was going on, and really being genuinely stupid." - _Douglas Adams_
---
🟪 TOR BROWSER
If your threat model calls for anonymity and advanced fingerprinting protection, then **[USE TOR BROWSER](https://www.torproject.org/)**
🟪 FINGERPRINTING
If you do nothing on desktop, you are already uniquely identifiable - screen, window and font metrics alone are probably enough - add timezone name, preferred languages, and several dozen other metrics and it is game over. [Here](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/cross-browser-fingerprinting-os-and-hardware-level-features/) is a link to the results of a study done in 2016 showing a **_99.24%_** unique hit rate (and that is excluding IP addresses)
**_Changing a few prefs from default is not going to make you "more unique" - there is no such thing_** <sup>1</sup>
Here are some fingerprint protection basics
- 🔹RULE 1
- Protect the real value of each metric - it does not matter how it does it
- 🔹NAIVE
- A script that "swallows" a randomized value is a "naive" script
- The more randomized metrics, the greater the chance a script becomes naive
- Fooling naive scripts does not require a crowd
- 🔹ADVANCED
- All randomizing is detectable [this is a fact] - a script that does this is an "advanced" script
- Advanced scripts are not all the same - i.e they have levels of sophistication
- Defeating advanced scripts requires a crowd, the larger the better
- 🔹RULE 2
- Cover enough metrics
- Optionally randomized to catch naive scripts
- Ultimately enough that it becomes too hard or costly or impossible [because all randomizing can be detected]
Only Tor Browser can confidently address advanced scripts: enough metrics covered and a large crowd. The best any other browser can _confidently_ do is fool naive scripts - if you're not convinced, add the loose data points from your IP/VPN.
<sup>1</sup> Not to be confused with simple information paradoxes: such as claiming to be blink rather than gecko
---
🟪 ARKENFOX
**_Arkenfox does not and never has, claimed to defeat advanced fingerprinting_** and does not care if a couple of prefs change stable metrics, because **_you are already unique_** - see the preceding section
Arkenfox's primary objectives have always been security, privacy and mitigating the very real and substantial forms of tracking such as state and navigational, rather than prioritizing the potential threat of a widespread advanced fingerprinting script
**_That said, arkenfox does resist stateless tracking_**
- 🔹 It enables ETP's [Fingerprinters](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) (and recommends uBlock Origin)
- 🔹 It enables RFP
- RFP is a robust, performant, built-in browser solution that does not leak (see RULE 1)
- RFP randomizes canvas to catch naive scripts (most scripts are naive with canvas)
- RFP contains timing mitigations as a bonus against many side channel attacks
So if a fingerprinting script should run, it would need to be universal or widespread (i.e it use the exact same canvas, audio and webgl tests among others - most aren't), shared by a data broker (most aren't), not be naive (most are) and not be just first party or used solely for bot detection and fraud prevention (most probably are) <sup>1</sup>
<sup>1</sup> That's not to say the fingerprinting is not a threat and won't become more widespread and sophisticated
---
🟪 RFP
Due to it's nature, which is effectively breaking web standards whilst protecting 100+ metrics, RFP does cause the odd issue
- 🔹BREAKAGE
- canvas: you can set a site exception either temporarily or permanently <sup>1</sup> 🥇 `99% of breakage`
- Note: totally randomizing the canvas per execution is by design
- timing mitigations: can cause yank in animations/games
- sporadic edge cases caused by e.g. version, http header, device pixel ratio, and alt key spoofing
- 🔹 USABILITY
- timezone is always UTC0
- prefers-color-scheme is always light
If you can live with that, and you should have a secondary browser for the occasional site glitch, then use RFP as the best solution possible. Otherwise, if you think the threat fits your wheelhouse, use Canvas Blocker with canvas and audio randomizing (the rest is not really needed and will add perf costs). Note that extensions lack APIs to fully protect metrics, but naive scripts are still probably not that advanced
<sup>1</sup> Assuming it is even fingerprinting and widespread, this does not compromise your fingerprint - it is a single metric and only on those sites you exempt
---
🟩 Next: [Apply + Update + Maintain](https://github.com/arkenfox/user.js/wiki/3.4-Apply---Update--Maintain)