is there one single add-on for firefox that can block/alter browser fingerprint?

Discussion in 'privacy technology' started by imdb, Dec 11, 2014.

  1. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Does anyone know what the situation is in respect of IPv6 address use, its blocking and other deficiencies?

    All this stuff is turning the internet into a circuit-switched system which is exactly what control-freak data-mining corporations and governments want. The counter-measure is "obvious" in a way - avoid those services other than for the essential and with information minimisation.
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'd expect most of them to ignore the request. We might get some positive results from the developers of FireFox variants, but MS and Google, no way. Even if they were open to the idea, who decides what constitutes a "standard order" for browser headers?

    I can't comment on how different extensions perform this. Proxomitron uses a search and replace engine. It does completely rewrite individual headers on the fly. As far as I know, it can't alter the order that headers are sent. I don't know if it would be possible to have Proxomitron remove all of the standard headers and replace them with a canned response that mimics a particular browser. Writing such a filter is beyond my abilities.

    The order of the headers is just one way that browsers can be made identifiable. Consider these HTTP_ACCEPT header examples.
    text/html, */* ISO-8859-1,utf-8;q=0.7,*;q=0.7 gzip,deflate en-us,en;q=0.5
    text/html, */* ISO-8859-1,utf-8;q=0.7,*;q=0.7 gzip, deflate en-us,en;q=0.5
    Both send the same information but are sufficiently different to identify the browser involved. Altering browser fingerprints in a manner that's sufficient against a more powerful adversary requires attention to details like these minor variances.
     
  3. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    426
    @NoOne
    excellent point!
    I trust we've now provided a sufficiently definitive NO in response to the OP's question in the thread title.

    proxo does not provide ability to specify, or to rearrange, the order in which request header lines are emitted
    (changing ordering of header filters within the proxo config has no effect)
    and, FWIW, proximodo (around v2.5? 2.6?) was patched to specifically avoid disturbing the ordering.

    @deBoetie
    I agree with your statement, but your question (IPv6) belongs in a separate thread.
     
  4. 142395

    142395 Guest

    While there's a no complete way to prevent all fingerprinting, I think randomizing and removing can make some sense as well as other privacy measure.
    Not all tracking service use such advanced techniques, partly thanks to privacy advocate, and as long as it is done by 3rd party Request Policy or even ABP (if it is listed in blacklist) can block them.

    Using general browser profile only works when combined with compartment strategy, else it's just weak browser both of in security and in privacy. If you prevent fingerprinting while allow Cookie or beacon tracking, you have got your priority wrong.
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    The notion that is lost here is that a single profile with Firefox is what is being profiled! I have long advocated using different profiles for different purposes. For example, in Linux, the user's Firefox profile is contained in the directory path /home/<username>/.mozilla - and while it is possible to create different multiple user profiles in the same Firefox session - I recommend that even they be kept separate i.e. only one in the /home/<username>/.mozilla/firefox/ directory at a time.

    In the above description given by Palancar, a Normal TBB user vs. a TBB user with TOR not launched would be using the same identical Firefox profile under the directory path /home/<username>/.mozilla if only one profile existed under that directory path. Unique profiles are created as different prefixes in the directory /home/<username>/.mozilla/firefox/*.default where * can represent one or more different Firefox profiles with different prefixes to the suffix .default.

    The distinquishing difference between Normal TBB user and TBB user with TOR not launched is merely an operational difference with the same unique /home/<username>/.mozilla/firefox/<unique profile prefix>.default being used. This does not go far enough as what I am advocating is to use a different (unique prefix) Firefox named *.default profile for each separate instance of use.

    -- Tom
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Whereas; in my model I DO want to be the TBB generic user with all my internet surfing appearing to be just Mr. Generic TBB/Whonix user. My goal is to provide almost nothing unique about me or my session. TBB allows me to blend in better than I could accomplish on my own.

    As far as separate browser instances, well I handle that by complete isolation in that the instances/persona's are in different VM's. The separate VM's allow for a more thorough dis-association of my differing persona's.

    Guys, I am self-debating of whether or not it would be better to vary the system usernames among the VM's. Would it be better to use "Bill" as a common username, or use a different one with each machine created? If you think about it the answer is not as clear cut as you may think.

    Please share your thoughts on varying the usernames among my VM's. Obviously something simple like "Bill" or "linux", and not a long unique username!!
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I always just use "user" :)
     
  8. 142395

    142395 Guest

    I also use "User" and when I need more than one user on the same machine, "User2", "User3", ...
     
  9. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    One thing to consider is the degree to which you'll be relying upon username for security. For example, I've seen break-in attempts where the code tried top N usernames and, for each, top N passwords. I've seen user tried, and I've also seen it listed as one of the more common usernames.

    If there is a common theme to your usernames, that might be of use to an opponent. Particularly in those cases where there is some other evidence which leads them to suspect the same user. Different themes/styles may reinforce the perception of different users.

    You can certainly kill some time thinking about the different angles. Especially if your scenario assumes that software will purposely or inadvertently phone home usernames.
     
  10. 142395

    142395 Guest

    This is why I use User N for admin account (a bit less common).
    But for client machine it won't matter much especially when combined with strong password & some registry tweak (on Windows), whereas for server machine that is not recommended.
    Rather, privacy concern will excel that for client, because some poorly designed app or spyware might phone home the user name (IE6 was of course one of that poorly designed app) as you said.
     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    I enjoyed reading all your comments. As I now see; I am not the only privacy person that pauses and likes to consider the varying angles to what may seem like a clear cut question.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I use "user" because it's used a lot. And so it doesn't reveal anything.

    I never expose logins other than ssh on Internet-facing servers. And I always disable password authentication and root login.
    Indeed.
    Right, consider that the id_rsa.pub on this VM, which I've uploaded to several remote servers, is "ssh-rsa ... user@ubuntu".
     
  13. 142395

    142395 Guest

    Now I could get what you mean. But I still want to choose from common names, so there's not many option I think.
    Maybe "test", "root", "admin", "administrator", etc. etc.

    Any idea?
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    For informational purposes only and can be changed if you want?

    Search for lists of the most common usernames. Some systems may derive the default username from name/info entered during setup. Some institutions have a method of creating usernames based on names and/or department. So you have the option to pick something that is known to be common (even seen at honepots) or pick something that is likely to be in use by others given the conventions that are in place.
     
  15. 142395

    142395 Guest

    Thanks for input.
    Actually I did search when I decided to use "user", but in that time I got at most 20 or so options, they are much the same in styles. It seems keeping general/common while not to use same style is not trivial thing.
    But maybe I have to search more.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I don't believe that it can be changed. When you run "ssh-keygen", the public key ends with the current username@hostname. But of course, you could change the hostname ("hostname foo") and login as a different user (e.g., "bar"). Then id_rsa.pub would be in /home/bar/.ssh/, and would end with "bar@foo".
     
  17. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    ssh-keygen -t rsa -C bar@foo

    IOW, it is just a comment? So you could simply edit id_rsa.pub?
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Oh. Never noticed -C. So yes, it can be changed.
     
  19. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I don't think I ever used it, myself, until a moment ago. I just had a feeling.
     
  20. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    778
    Location:
    Headquarters - London & Field Offices -Worldwide
    To what extent can one's "Computer name" and "Full computer name" be accessed by external inquiry? Some programmes can access this information certainly and hence unless this is addressed then changing the windows user name may not go very far.

    Further, remember if one initially sets up a user account in Windows for example "Bill" and later changes it to for example "Monty" one can still find many instances of "Bill" found both in the registry and within Windows Explorer. These are merely a couple of additional considerations.

    For those using any virtual machines the more obfuscated the information, the better, of course.

    Best regards
     
  21. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    Precisely my point!! I so want to stress VM's. Their equipping power for isolation is well beyond the best you could even dream of operating on the host/only operating system.
     
  22. 142395

    142395 Guest

    AFAIK, computer name (not user name) is based on NetBIOS name, dated legacy from pre-TCP/IP era. It is visible from local network unless you add "hidden" flag to HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters with DRORD 1. But I recommend to disable NetBIOS over TCP/IP and use hosts or DNS.

    That's true even after you used Windows Easy Transfer, so we have to use that user name from the beginning if you want to do so on real Windows.
     
  23. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    indeed. but it's pretty informative to read ongoing posts here. thanks to all posters.
     
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    http://www.networkworld.com/article...asier-for-thieves-to-empty-bank-accounts.html
     
  25. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    Very astute point !
    A case of " throwing out the baby with the bathwater " I think.

    Check out this from Electronic Frontier Foundation

    https://panopticlick.eff.org/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.