Firefox uses specific lists for fingerprinting protection similar as used for malware and phishing protection and other types of content blocking.

• https://wiki.mozilla.org/Security/Tracking_protection#Lists

The "Resist Fingerprinting" works by spoofing browser features to make them more general, but this places you in a list with others that have enabled this feature as well.

cor-el said

Firefox uses specific lists for fingerprinting protection similar as used for malware and phishing protection and other types of content blocking.

• https://wiki.mozilla.org/Security/Tracking_protection#Lists

The "Resist Fingerprinting" works by spoofing browser features to make them more general, but this places you in a list with others that have enabled this feature as well.

I was on holiday, sorry for late answers...

Also only the setting "privacy.resistFingerprinting" does create a fake fingerprint. My fake Fingerprint is created by others users that use this fonction? Realy?

Was is privacy.trackingprotection.fingerprinting.enabled setting doing? Which others fake of fingerprint is it doing?

All privacy.trackingprotection prefs use a list to block websites that are on this list. The privacy.trackingprotection.fingerprinting.enabled pref merely extends tracking protection to include websites that are know to track you via finger printing. There is a similar pref for cryptomining (privacy.trackingprotection.cryptomining.enabled). This is about the content blocking feature. These prefs are controlled by the two checkboxes that you can find in "Options/Preferences -> Privacy & Security" and this has nothing to do with "Resist Fingerprinting" that try to show websites some generic setting data instead of your real settings.

cor-el said

All privacy.trackingprotection prefs use a list to block websites that are on this list. The privacy.trackingprotection.fingerprinting.enabled pref merely extends tracking protection to include websites that are know to track you via finger printing.

Also when i understand right, mozilla uses lists with websites that blocking only fingerprint. Only lists blacklisted by mozilla, firefox create a fake fingerprint?

cor-el said

There is a similar pref for cryptomining (privacy.trackingprotection.cryptomining.enabled). This is about the content blocking feature. These prefs are controlled by the two checkboxes that you can find in "Options/Preferences -> Privacy & Security" and this has nothing to do with "Resist Fingerprinting" that try to show websites some generic setting data instead of your real settings.

Ok, the pref with. enable is only for active the setting nothing more. The "Resist" use lists of blacklisted sites`?

McCoy said

I understand that all of this is a lot to take in and a bit confusing ... I too think that people shouldn't worry so much about "being anonymous" on the internet.

1. there are various fingerprinting sub-mechanism, e.g. canvas-fp and font-fp, see: https://browserleaks.com/fonts
2. I think secret services like NSA shouldn't worry so much what free people do on the internet.

nicuhu said

cor-el said

All privacy.trackingprotection prefs use a list to block websites that are on this list. The privacy.trackingprotection.fingerprinting.enabled pref merely extends tracking protection to include websites that are know to track you via finger printing.

Also when i understand right, mozilla uses lists with websites that blocking only fingerprint. Only lists blacklisted by mozilla, firefox create a fake fingerprint?

The Content Blocking/Tracking Protection feature stops Firefox from loading content from bad sites. The content might be a script or an image, for example. If a site is on one of the tracker lists you set Firefox to use, then the fingerprinting script (or other tracking script/image) will not be loaded from that site. No "fake fingerprint" is involved. These lists are not perfect, but provides a "safe" baseline level of protection that should not break too many websites.

By comparison, the privacy.resistFingerprinting preference makes a lot of changes in how Firefox responds to websites, from what time zone you are in to what version of Firefox you run. Enabling this feature can cause unexpected problems using websites and is still somewhat experimental. It is not limited to a list of sites; it affects all sites you load.

Note that privacy.resistFingerprinting also disables site specific settings and a lot of websites may not work because you get a Firefox 60 ESR user agent. (if they are smart then they can still use feature detection to snoop your real Firefox version)

jscher2000 said

nicuhu said

cor-el said

All privacy.trackingprotection prefs use a list to block websites that are on this list. The privacy.trackingprotection.fingerprinting.enabled pref merely extends tracking protection to include websites that are know to track you via finger printing.

Also when i understand right, mozilla uses lists with websites that blocking only fingerprint. Only lists blacklisted by mozilla, firefox create a fake fingerprint?

The Content Blocking/Tracking Protection feature stops Firefox from loading content from bad sites. The content might be a script or an image, for example. If a site is on one of the tracker lists you set Firefox to use, then the fingerprinting script (or other tracking script/image) will not be loaded from that site. No "fake fingerprint" is involved. These lists are not perfect, but provides a "safe" baseline level of protection that should not break too many websites.

By comparison, the privacy.resistFingerprinting preference makes a lot of changes in how Firefox responds to websites, from what time zone you are in to what version of Firefox you run. Enabling this feature can cause unexpected problems using websites and is still somewhat experimental. It is not limited to a list of sites; it affects all sites you load.

One of persone has sad, that Resist.fingerprint is creating fake printerprint. You sad that is only blocking the script what i try to printprint my.

nicuhu said

One of persone has sad, that Resist.fingerprint is creating fake printerprint. You sad that is only blocking the script what i try to printprint my.

I'm not sure if your reply got cut off, but there are two different features discussed in this thread:

(1) the privacy.resistFingerprinting preference

If you set this to true, Firefox disguises some true information about your browser and provides more general information. For example, your browser version and time zone are disguised. This changes your browser fingerprint for sites that consider the changed factors. This feature doesn't block any scripts or images from loading.

(2) the Fingerprinters list under Custom Content Blocking

This feature blocks scripts, images, etc., from tracking sites known to use fingerprinting. It does not change your browser fingerprint on other sites. This feature does not attempt to disguise your browser.

jscher2000 said

nicuhu said

One of persone has sad, that Resist.fingerprint is creating fake printerprint. You sad that is only blocking the script what i try to printprint my.

I'm not sure if your reply got cut off, but there are two different features discussed in this thread:

(1) the privacy.resistFingerprinting preference

If you set this to true, Firefox disguises some true information about your browser and provides more general information. For example, your browser version and time zone are disguised. This changes your browser fingerprint for sites that consider the changed factors. This feature doesn't block any scripts or images from loading.

Question to privacy.resistFingerprinting (1). Whats the reason of when I go to aminuque.org thats say "you are not unique..." I have activate this resist of fingerprint. Its nothing change i have same browser version and I think nothing has changed when I try...

is the generaled settings of privacy.resistFingerprinting all time same? Or use this to hidden my fingerprint by changing all day my browser version. (example)

A most likely candidate for a distinct finger print is the reported screen width. If you always run in Full Screen mode or maximized then you get monitor values rounded to the nearest 200px. There are a lot of monitors around and each has their own dimensions and each Firefox user can use their own setting for width and height. The website does uses own database that only has data from other visitors who check this website just like other websites would do.

nicuhu said

Question to privacy.resistFingerprinting (1). Whats the reason of when I go to aminuque.org thats say "you are not unique..."

As you scroll down the page, you will see that fingerprinting scripts use a lot of different factors. Even if Firefox disguises some things, the combination of all of them together still could be unique.

The most unique factors when I visit that site normally are: (1) my plugin list (not sure why, it's just Flash), (2) my IP address, (3) the available screen height (distance between the top of the screen and the top of the Windows Taskbar), (4) my font collection, (5) the canvas test, and (6) my browser user-agent string. And the list goes on.

When I test using privacy.resistFingerprinting, the uniqueness of some of these factors changes. On #1, Firefox hides my plugins, but it's also unusual not to have plugins, so this is not very effective. On #2, this is a fact that Firefox can't change. You need to give an address to get a response. On #3, Firefox tells the site a different number, but that number is very rare as well. On #4, the font collection apparently is more unusual than my collection, so this doesn't help. On #5, the canvas test seems to be blocked, so this is very successful. On #6, the fake user agent also is very rare, so this doesn't help in my case. And the list goes on.

The resistFingerprinting preference causes the site to calculate a different fingerprint and therefore to think I am a different user from who I was on the first visit (I deleted cookies in between), but I still don't blend in to the crowd because taken all together, there are many unusual features of my browser, and most likely I am being compared with a small number of web users relative to the entire population.

It's a work in progress and I think it needs more development before it makes sense to use it as a default setting.

Maybe they should expose a list (top 10 or top 100) of the most common fingerprint settings that they check, so we can try to emulate these.

Ok, thanks of all supporters for help. I would not longer asking many.. :-D