[Privoxy-users] Suppressing/modifying some browser fingerprints (ie. Am I Unique?)

Ian Silvester iansilvester at fastmail.fm
Wed Jul 15 13:02:31 UTC 2020 

Some additional thoughts:

For what it's worth, Privoxy can use the user-agent string to uniquely identify given clients within your LAN and apply unique filtering based on it (I mention this based on your previous enquiry).

Thinking further about Javascript, perhaps one could create a custom rule to block whichever Javascript functions are leveraged to sniff the more unique elements that comprise the fingerprint; if you do take on this and perform the research into the appropriate strings to look for please do report back to this list.

Cheers,

Ian


On Wed, 15 Jul 2020, at 08:56, Ian Silvester wrote:
> Hi there,
> 
> It used to be the case that browser fingerprinting was limited to the 
> user-agent string in the HTTP header, and it is possible to modify this 
> using the +hide-user-agent action (see 
> https://www.privoxy.org/user-manual/actions-file.html#HIDE-USER-AGENT), 
> however this only allows you to replace the user-agent string for all 
> clients on your network with one single fake user-agent. This does not 
> prevent fingerprinting, but rather changes your fingerprint. This is 
> good for preventing certain client-specific attacks, but does not help 
> against unique advertising.
> 
> Further, fingerprinting now leverages the Javascript DOM within the 
> browser to identify all manner of other features of your machine (such 
> as the audio configuration). It is possible to entirely block 
> Javascript (which some here do), which would be very effective against 
> fingerprinting, but obviously breaks navigation on many web sites. 
> Privoxy can, in theory, filter Javascript (it is, after all, simply 
> strings of text like any other), but in practice unless all web sites 
> were to use common libraries of fingerprinting code that could be 
> (ironically) fingerprinted by Privoxy, this is impractical. 
> 
> In my opinion anti-fingerprinting is best done with add-ons within the 
> browser, which get greater control of what the browser is giving up to 
> web sites. I recall having seen one for Firefox that randomizes the 
> user-agent, for example, and am reasonably certain that others exists 
> that go deeper/further in randomizing the features of your machine that 
> are exposed by Javascript.
> 
> HTH,
> 
> Ian
> 
> 
> On Wed, 15 Jul 2020, at 07:25, U.Mutlu wrote:
> > Hi,
> > is it possible with privoxy to suppress or modify some critical browser 
> > fingerprints to prevent a unique identification of the user/machine ?
> > 
> > The following site analyses the browser fingerprints and tells which
> > of the data can be used to uniquely identify a person or his system:
> > https://amiunique.org/fp
> > (the above site is referenced in this article: 
> > https://askleo.com/supercookies_and_evercookies/ )
> > 
> > In my case it says for example the following:
> > "
> > Media devices 	Unique
> > audioinput : default
> > audioinput : 2da75f....  (a 64 characters long hex number, maybe a hash)
> > ...
> > audiooutput : default
> > audiooutput : 91f17d...  (a 64 characters long hex number, maybe a hash)
> > ...
> > "
> > 
> > Of course these numbers can be used as static identifiers, so IMO one should 
> > be concerned.
> > 
> > Is it in privoxy possible to suppress the sending of this (and similar) 
> > information, or sending a fake or random string instead?
> > 
> > _______________________________________________
> > Privoxy-users mailing list
> > Privoxy-users at lists.privoxy.org
> > https://lists.privoxy.org/mailman/listinfo/privoxy-users
> >
> _______________________________________________
> Privoxy-users mailing list
> Privoxy-users at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-users
>

More information about the Privoxy-users mailing list