this post was submitted on 29 Jun 2024
23 points (87.1% liked)

Firefox

17815 readers
29 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
23
Firefox@Lemmy.ml : Does Firefox block websites from uploading data that could be used for fingerprinting like resolution, installed fonts, etc.? (lemmy.world)
submitted 4 months ago by TheTwelveYearOld@lemmy.world to c/firefox@lemmy.ml
12 comments fedilink hide all child comments
 

Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn't browsers like Firefox see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.

you are viewing a single comment's thread
view the rest of the comments
[–] Strawberry@lemmy.blahaj.zone 12 points 4 months ago (5 children)

once the javascript gets that information from the browser it's kinda impossible to prevent it from being included in a request without just blocking all requests. It could be anywhere in arbitrarily structured data and/or encrypted

[–] TheTwelveYearOld@lemmy.world 2 points 4 months ago (4 children)

But couldn't the JS runtime track which objects and variables interact with such information, so if they make any HTTP requests with the info after getting it and maybe processing it then it could be rejected?

[–] MartianSands@sh.itjust.works 0 points 4 months ago (1 children)

While that sort of analysis probably isn't impossible, it is computationally unrealistic to do in realtime on a language which wasn't designed for it.

It's the sort of thing which is simple in 99% of cases, but the last 1% might well be impossible. Sadly it's the last 1% you need to worry about, because anyone trying to defeat your system is going to find them

[–] jokro@feddit.org 1 points 4 months ago* (last edited 4 months ago)

Even if you would be able to track js code like that, the js code can react to it's own sideeffects. E.g. have 8 Elements and encode the 8-bit Fingerprint as a custom style sheet that adds an animation some of the 8 elements. Then react on the animation events and rebuild the fingerprint. It's virtually impossible imo. Maybe it can even be formal proven.

load more comments (2 replies)
load more comments (2 replies)