Feature #236
openSpoof WebGL fingerprint hash
Added by Soren Stoutner almost 7 years ago. Updated over 1 year ago.
0%
Updated by ask low over 1 year ago
Strange. The above fingerprinting test site just does not work here. It throws error, that my browser does not support WebGL.
Updated by ask low over 1 year ago
Is this supposed to be a privacy enhancement feature?
I use bromite webview, and it seems like [bromite fingerprint test](https://www.bromite.org/detect) gives different fingerprint each time...
Updated by Soren Stoutner over 1 year ago
The resource has been renamed to https://coveryourtracks.eff.org, but the old URL should redirect.
WebGL requires JavaScript, so if it is disabled then the WebGL test will return no information.
Bromite has some fingerprint randomization defenses.
Updated by ask low over 1 year ago
https://coveryourtracks.eff.org redirects multiple times to https://firstpartysimulator.org/kcarter-nojs & then net::ERR_CONNECTION_REFUSED
Strange.
Updated by v ... over 1 year ago
I had an net::ERR_NAME_NOT_RESOLVED
when redirected to https://trackersimulator.org/kcarter-reporting-nojs, because of my local proxy filtering the requests. So when I deactivated it, it was OK.
Updated by v ... over 1 year ago
@ask low, maybe it's a similar issue in your case.
Updated by Soren Stoutner over 1 year ago
When you run the test, if you leave the "Test with a real tracking company?" option selected, then it will redirect to https://firstpartysimulator.org during the testing. To see what the results are with JavaScript enabled, you need to make sure it is enabled for both domains.
Updated by ask low over 1 year ago
I think fingerprinting can also be done even without scripting support. Not sure why these tracking test models ask it...
Updated by Soren Stoutner over 1 year ago
The vast majority of accurate fingerprinting requires JavaScript. They can get a little bit of fingerprinting information without it, but often not enough to uniquely identify you, especially as you move between IP addresses.
That is one of the reasons why JavaScript is more dangerous to your privacy than all other internet technologies combined.
Updated by ask low over 1 year ago
Is it theoretically possible to containerize js parsing locally ?
This'll sound cheezy. As you mentioned spoofing WebGL fp hash in this tracker, is the same possible with spoofing js, thereby getting the content without even enabling js...
Updated by Soren Stoutner over 1 year ago
I am not sure I understand the question. It would be fairly easy to containerize the parsing of JavaScript, but the parsing of it isn't generally the problem. The issue is the execution of JavaScript, which you couldn't effectively containerize without breaking the functionality, at which point it would effectively be the same as disabling it.
On this topic, you might be interested in Feature #270: Fine grained JavaScript controls.