third party zero-length image files?

Discussion in 'all things UNIX' started by lucygrl, Jul 27, 2014.

Thread Status:
Not open for further replies.
  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Could someone please tell me what exactly is a third party zero-length image file? I was reading that the icecat browser blocks them but did not know what they are,
    thankyou.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    Let's say that you're browsing some discussion forum that allows full-HTML posts. An adversary could post a link with an embedded image from a server under its control. Even without hitting the link, your browser could retrieve the image. And so the adversary could log your IP address.

    With zero-length images, nothing will show in the displayed page.

    This is a favorite trick of spammers and trackers, for obvious reasons ;)

    And it's why Wilders doesn't allow external images to be used.
     
  3. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou MIrimir, just wondering how to block third party zero-length image files with firefox? Is there an addon?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    Just search add-ons for "image tag". You'll find ones for adding them, and blocking them. I don't know any of that. I just assume that everything that mirimir does in this VM is tracked and associated, and I'm OK with that ;)

    Maybe some of those add-ons can select for "zero length". But the safest bet would be to block all images, and review page source. If there are any images that you want, first make sure that the image URL matches the main site URL, and so isn't third-party.
     
    Last edited: Jul 28, 2014
  5. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou Mirimir, I notice often if I use Tor that there is a popup that wanrs that the website I am visiting is trying to take an image of my computer, could you please tell me what that is?
    Also, is the icecat browser a better option then the standard Firefox browser?
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    It's an HTML5 "feature" called canvas fingerprinting. The Tor browser blocks it by default, but does provide the option to accept. That's the prompt that you're seeing. See http://www.w2spconf.com/2012/papers/w2sp12-final4.pdf for background and details. The Tor Project has filed an upstream bug report, but Mozilla hasn't addressed it yet. See https://bugzilla.mozilla.org/show_bug.cgi?id=967895.
    The Tor browser is your best bet, I think.
     
  7. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    I believe RequestPolicy can also block this, since it prevents third-party content from loading unless allowed.
     
Loading...
Thread Status:
Not open for further replies.