CyDec Platform Anti-Fingerprinting

Discussion in 'other anti-malware software' started by imuade, Aug 7, 2018.

  1. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
  2. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    There is also a Firefox extension as well (https://addons.mozilla.org/en-US/firefox/addon/cydec-platform-antifingerprint/)

    We wanted to release a little bit of the Platform for home users, hence the browser extensions and the Nmap OS spoofer. But in general, most of the deceptions that CyDec offers are really only useful in larger networks where you need to worry about reconnaissance and lateral movement.
     
  3. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Wonderful concept @HeiDef . :thumb: Do you have plans to release it for EDGE browser too?

    Also, I would request you to bring it in Brave browser too. Brave is Chromium based and primarily focused on providing tight security, but do not allow to install extensions from Chrome Store. It has selected number of extensions and we need to request for additional extension support.
    https://community.brave.com/c/feature-requests/extension-requests

    Edit: Brave browser seems to have anti-fingerprinting support in-built. I wonder how strong that is in comparison with yours.
    2018-08-16_210109.jpg
     
    Last edited: Aug 16, 2018
  4. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Update:

    Installed on Chrome. Now I cannot use Google Play Music!
     
  5. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    It's documented that anti-fingerprinting will break some sites. Google sites in particular don't like when you mess with the user-agent string. You can easily tweak the spoof settings on a per-site basis to give you some anti-fingerprinting capabilities while still making the site usable.

    We've looked into deploying for Edge but haven't gotten there yet. It's unlikely we will support Brave. Thanks for the suggestions though.
     
  6. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,999
    Location:
    Member state of European Union
    Does this extension sends personally identifiable information or complete browsing history to Heilig Defense?
     
  7. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Nope
     
  8. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Thanks. I shall dig deeper. :)
    Will watch out for Edge support. Thanks a lot. :thumb:
     
  9. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Is there a guide to what i should allow first to get a website to work?

    If not then which protection to turn off first that is most likely to work.
    Alternatively if i have time what is the least privacy leaking feature to turn off on a site first?
     
  10. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Unfortunately it's really a matter of trial and error based on specific websites. There is no one-size-fits all solution. Some break if you spoof the user agent while others don't care. If they rely on WebGL and you block that then the site won't work. You also have to be aware that turning off a particular protection will leak data that could potentially be used to track you. The more you allow for a site to work means more possible leakage.
     
  11. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I am aware of it being trial and error but there must be some way of determining which to go for first.
    Currently i just start out at the top and work my down.

    Even a mention of what feature gives less away would be of some help
     
  12. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    From a data leakage perspective, some provide more bits of information than others. Screen resolution and time are at the low end while canvas and webgl fingerprints are probably at the top. The problem is, sites that track generally use more than one source of information to build your profile so it's difficult to say exactly, on a general level, what you can get away with allowing without leaking too much.

    What you allow or deny comes down to usability and from a usability point of view, that is really site dependent. If you are comfortable knowing that allowing the data to leak means you could be tracked then you can allow but if the site breaks because all of CyDec's protections are on, then you know that the site is using the information in a way that may include tracking.
     
  13. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Okay thanks for the information.
    Like most people these days i work long hours and dont have time to go through what is the best to limit my fingerprinting.
    My idea is to not be low hanging fruit and have some extra security and privacy compared to the rest of the population.

    Extra security and privacy IMO has to have usability/convenience to be used.
     
  14. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    I fiddled with this browser extention. If it doesn't break a website, it will instead make a website think you're a spam bot and the website will lock you out.
     
  15. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    It does take time to tweak each website but i still find the majority work.
    Even gmail
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I added it to the latest Firefox, and so far it's been good. Couple of sites where I had to allow google, and I can work with them with out allowing google.
     
  17. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Red button top left says not connected to CyDec service?
    The "site domains list" shows sites as I browse.
     
  18. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Support sucks here.
     
  19. possumbly

    possumbly Registered Member

    Joined:
    Mar 23, 2020
    Posts:
    1
    Location:
    USA
    @HeiDef is there a way to change the global defaults? I find I'm often disabling language randomization, since I can't read most languages.
     
  20. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Not directly from the extension however we've had a few other requests for that feature so it's something we plan to add.

    We did just release Anti-Fp which is component of the deception platform that works hand-in-hand with the extension to provide you the ability to create very precise and targeted fingerprints with support for 9 different browsers. You can read more about it and download it at https://www.cydecplatform.com/antifp.html
     
  21. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    We just uploaded new extension versions (v1.2020.96.230) to the Firefox, Chrome and Opera stores. The new version now has global settings that can override per-site values. Firefox is pretty quick with approvals but Chrome can take a few days before the update is available.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.