Anti Fingerprinting
- Edited
For improving privacy. Other anti-fingerprinting methods haven’t been working for me on my iPhone. The fingerprint detector on Coveryourtracks.eff.org keeps returning me the EXACT SAME hashes of canvas, WebGL, etc. fingerprints, whether I use any anti-fingerprinting extensions, or use the Brave browser (which claims to randomise my fingerprint). Why not have the option to simply disable those features altogether (and also have the option to whitelist sites that do really need them)? Epic is the only browser available on iOS that actually does this (coveryourtracks also returned to me a very different hash of canvas and WebGL when I used Epic as a result), but it would be really great to see this feature on Orion 
This is what I got from amiunique.org when using Epic:
I would imagine those options to be in the Settings or in a pop-up opened by selecting an icon on the header or near the tabs. We would toggle on/off various features, and manually enable them locally for or whitelist sites that won’t work without them enabled. Like in Brave, where we can choose to block or enable trackers, phishing, fingerprinting and scripts on individual sites.
It appears to me that Orion doesn’t want to create anti fingerprinting techniques because it would be a maintenance burden, which is a shame. Many of us have shown the techniques employed at the moment (blocklists) go a long way but don’t cover the depth and breadth of the situation. I guess plug-ins might be able to eventually fill in the gaps.
And, I appreciate Orion has to make decisions that are right for them.
I recently reinstalled Orion on my iPhone, and I'm impressed with the browser in many ways. However, upon running Cover Your Tracks, I noticed that the browser has no canvas blocking or WebGL blocking, which makes the browser more fingerprintable.
It's relatively simple to block this. The WebGL fingerprint can be spoofed, and HTML canvas can be disabled altogether.
As of right now, I don't think any other browsers on iOS can do this, but I'm sure it would be quite beneficial if included as a toggle in the settings, as canvas does have some legitimate uses.
Could this be done?
A user could turn on the feature to avoid being tracked across various websites.
- Edited
Hellfire103 Fingerprinters you should be afraid of do not use techniques that are easy to block.
The only thing that works is blocking the fingerprinter itself from running. Everything else is cheap marketing aimed at creating false sense of protection. Orion is the only browser on the market that ships with built in blocker for both 1st and 3rd party ads and trackers.
Vlad Well, but it will break those websites completely now, wouldn't it? I don't know if anyone has employed that technique in the wild yet, but it's a neat circumvention idea. I'm just not sure I described it clearly.
The idea is to hold a common third-party javascript library ransom, so you either have to break the site's functionality completely or agree with whatever that was added in that script.
Vlad Why is it not Orion's job to fix that? I don't see how that follows. I don't mean you need to "take on a job" right now literally, but rather that you do hold this anti-fingerprinting stance (and javascript blocking is being advertised as one of the defining features of Orion), and you do agree that fingerprinting should be avoided, and you also stated that the only reasonable way to do that is by blocking fingerprinter's javascript code from running, so no other ways that you want to consider. If we follow that logic, then when some entity decides to break (easily, at that) your only way of defence then you need to think of a better way, otherwise it makes the type of protection you offer pointless.
I don't see how just shrugging it off can make it work for Orion, or how advertising tracking safety in Orion can hold then. Certainly those entities can care less about their websites being broken in it.
Certainly those entities can care less about their websites being broken in it.
I agree. But I am counting on those entities not showing an infected JS to their users would be something they would care about. It breaking in Orion and Orion users reporting it to them would even help them realize that they are carrying infected, malicious scripts. But it is absolutetly website's job to fix that, not Orion's.
Vlad
You're making two points here:
- It's absolutely the website's job to fix a script hijacking issue, and
- You're counting on website entities to care about Orion users's opinion
Not arguing with any of those two points but simply extending that logic leads us to a conclusion that it's absolutely those entities's job to remove regular fingerprinting and tracking scripts from their products in the first place, given that users are complaining about them left and right, and not only Orion users at that. Which brings us to question why blockers even exist in Orion at all.
pibeh I am making just the first point. The other point I am making is that it is not Orion's job to fix maliciously infected websites, but to protect its users, which it does.
Blockers exist because most websites on the web are monetized by ads which people do not like. In addition blockers block tracking scripts, which contain fingerprinters, which is what this thread is about.
Similar in the way we're able to set a custom User Agent, please also allow the ability to spoof the locale, timezone, and geolocation. This will add greater granularity to privacy with the browser.
Within the same area where a user can change their User Agent, also allow them to also change the locale, timezone, and geolocation to a specified setting.
joystmp We can use https://webbrowsertools.com/ or https://vytal.io/ to test if successful.
tested dozen of browsers on fingerprint.com
@Vlad you mention advanced fingerprint is impossible to prevent. how come Brave browser wasn't "tracked" on the fingerprint.com website? (unlike Orion)
thanks! keep up the good work