34

It is easy to build anti-fingerpriting solutions that work with popular fingerprinting demos.

It is impossible to build anti-fingerprinting solution against a sophisticaed fingerprinter like

GPU fingerprinting
https://arxiv.org/pdf/2201.09956.pdf
https://www.techpowerup.com/291518/researchers-exploit-gpu-fingerprinting-to-track-users-online

Audio fingerprinting:
https://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf
https://techcrunch.com/2016/05/19/audio-fingerprinting-being-used-to-track-web-users-study-finds/

If a sophisticated fingerprinter is allowed to run, it will fingerprint the browser.

Therfore the best solution is to prevent fingerpritner from running. Any other approach is doomed to fail, and can only give sense false sense of protection, when tested with fingerprinting demos that use basic fingerprinting methods, that are easilly avodied.

There is no perfect solution and we simply avoid to play cat and mouse game played by other browsers, giving users false sense of protection. Our approach, blocking fingerprinters from running, is protecting probably agaisnt 99% of what is used out there.

    Vlad thank you Vlad - yes I understand the above. I agree, also.

    I also understand you don’t have time to play cat and mouse.

    The point is, it’s not a popular fingerprinting demo. It’s a real (and popular) fingerprinting product, in use in the wild, who are able to get around the traditional “not allowing it to run” technique.

    Hopefully you were able to read what I wrote above.

    I was just trying to help Orion be the best privacy focussed browser there can be. That’s what I’m interested in, and I’m sure it’s what draws many users.

    I felt you should be aware that your ”don’t run it” solution (as it is) isn’t watertight, and increasingly this will be the case as these methods get further adoption. Sadly I don’t think 99% protection is a realistic figure anymore, given the discoveries above.

    Maybe I’ll find the time one day to write an extension that mitigates these new methods (subdomain, cloudflare worker), as I think it’s important.

    • Vlad replied to this.
        6 days later

        robrecord

        The point is, it’s not a popular fingerprinting demo. It’s a real (and popular) fingerprinting product, in use in the wild, who are able to get around the traditional “not allowing it to run” technique.

        A difference to understand is that their script is allowed to run on their site because it may not have been flagged as malicious (because it is clearly a technology demo). That does not mean it will be allowed to run in wild, when ad/tracking companies package it into their scripts, which are already well documented and publicly known and a part of many blocklists that Orion uses. This is what I meant by 99% protection.

        Yes, one can incorporate this into new scripts, custom subdomains etc, but these either:

        a) get detected by the broad privacy community fast (if they are impactful/used by a large ad/tracking network it will be in a matter of hours)
        b) if a random small site did this - well there is also no harm because you are likely to not visit it ever (and fingerprinting only makes sense when deployed at large scale anyway, which is what a) considers)

        Because this statement holds true:

        "If a sophisticated fingerprinter is allowed to run, it will fingerprint the browser."

        It is clear that the best and only defense against fingerprinting is to block it (we will be adding feature for custom block list so you can stay up to date in a matter of minutes in the future), and not try to avoid it once it is running with stuff like masking your screen resolution and what not, which are basically just gimmicks as proven by those two whitepapers I linked to earlier.

          6 months later

          Currently if you run the fingerprinting test from the EFF website Orion has a nearly-unique fingerprint. All the tracking protections in the world won't help much when the browser is so unique and easily identifiable.

          Heres the Mullvad browser for comparison:

          Love the work youre doing. Great to see another browser that's not made on chromium

            Merged 2 posts from Make orion less fingerprintable and identifiable.
              2 months later


              Results with most common user agent from useragents.me "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" set in the browser.

              I wish there was a fine-grained way to allow what .js to run on what sites. I don't mind having to prune a whitelist. Most services can get on alright without JS, and the few that don't I would like the option of not letting 'scripts/tracking.js' run but allowing 'scripts/post-display.js'


              Even without Javascript enabled though the browser is still very identifiable. Surely theres more that can be done so the browser 'blends in'. Mullvad/Tors letterboxing? Braves Fingerprint randomization?

              What does the project need to make it happen?

              • Vlad replied to this.

                tmp339 Please read the entire thread here for our stance on fingerprinting and why all the methods in other browsers are basically a marketing gimmick.

                    Vlad Are there more resources of GPU fingerprinting complexities?
                    It seems to me that there doesn't exist much research or consensus.
                    I think it would involve alot of advanced mathematics to spoof a GPU fingerprint, and if it could be done for the Orion browser, but that would probably be too complex.

                        20 days later

                        spicysalmon I've called anti-fingerprinting marketing in browsers a gimmick, not the tests. The tests are also largely irrelevant, I do not know of tests that employ tactics uncovered in cutting edge tracking research like inicated here https://orionfeedback.org/d/2450-anti-fingerprinting/5 which most powerful ad-tech that we should be afraid of certainly does. The only protection against fingerprinting is not to allow the fingerpritner to run in the first place which is the strategy Orion employs.

                            9 days later

                            techfreak85 Maybe too much to ask, but reading this thread may give you the answers.

                                a month later

                                @Vlad I've read the entire thread. I understand your point. But what I don't understand is why do one thing but leave other things? Orion has GPU fingerprinting protection which is great, but why would you not make it anti-fingerprint for other methods of fingerprinting? Even if they don't matter in your opinion, why not just do it for the sake of making Orion 100% anti-fingerprint browser without any doubts?

                                • Vlad replied to this.

                                  Soum Because you can't. If a sophisticated fingerprinter (not talking about vanity/promotional tests found on many websites) is allowed to run, it WILL fingerprint you. These are massive corporations with billions to spend doing only that. We are a small team doing million other things. At the cutting edge level, we can not outrun them (and I'd argue no browser vendor can).

                                  The absolutelty best strategy is not to allow the fingerprinter to run in the first place.

                                  • Soum replied to this.

                                      Vlad So are you saying currently Orion is 100% anti-fingerprint because fingerprinter can't run in the first place?

                                      • Vlad replied to this.

                                          Soum No, I am saying that our approach is the best possible. The quantity of fingerprinters stopped with this method will depend on the quality of blocklists (which are now customisable since last release). But this approach does not care about the sophistication of the fingerprinter as long as it is on the blocklist.

                                          • Soum replied to this.
                                              10 days later

                                              Vlad

                                              Since you talk about GPU fingerprinting protection, I was doing tests with https://www.deviceinfo.me on my current browsers: Brave, hardened Firefox dev edition, Mullvad browser, and TOR browser. In short my data is almost completely exposed by Firefox even the hardened one. Brave spoofs and randomizes a lot of the data but not fully stops the expose. Mullvad is like 99% there and TOR 99.99% full anonymize. Check yourself if you want.

                                              Then I thought let's test this on Orion. So I reinstalled Orion (so cool intro video, always good to see it). The conclusion for Orion test is that it's on the same level as Brave (except that it has zero telemetry when compared to Brave)

                                              I might not understand what GPU fingerprinting is but the GPU fingerprinting you talk about isn't helping in stopping the expose of all information regarding my Mac. My local time. Etc. A lot of my info is exposed. What do you think?

                                                9 days later

                                                I do understand Orion's philosophy. However, I don't accept that it's pointless to make these changes. My standpoint is not from a perspective of trying to be unidentifiable; if that was what I wanted, I would be using Tor Browser. I will make that explicitly clear: I am speaking as someone who doesn't care about being fingerprinted.

                                                My standpoint is from privacy: preventing scripts that aren't known about yet from getting anything - and to be more specific, said scripts getting accurate information about me. I care less if a fingerprinter tries to track me, or if it can follow me around the internet, or if it does indeed have a unique fingerprint on me, if the information it ends up having is wrong. I do, however, understand that this can lead to a false sense of security as fingerprinters get better and better.

                                                I think an acceptable compromise would be to have these features, but have them off by default, put somewhere away from the main settings, and made explicitly clear as settings that Orion does not think is truly beneficial to stop fingerprinting (basically an "enable at your own risk" thing.)