Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to prevent AdBlocker from leaking?

  • 7 replies
  • 1 has this problem
  • 5 views
  • Last reply by andmagdo

more options

I did the test at https://test.amiunique.org/?consent=1 and as a result got this: 16 potentially detected lists (over 292) - These filter lists will be used to generate an unique identifier. -see attached screenshot

Also, if any website of your choice creates a unique identifer on me by using the filter list, as long as i use the exact same filters as another person, could it be that the uniqure identififer is the same for me and the other person or a group of many persons/devices using this exact filter list? I mean.. if my list is the same as someone else they will be identically which means it doesn't matter i am unique identifyed because after all im not unique but only in a list of devices using a specific filter?

And i must say that now, if you go to https://test.amiunique.org and do the test, then klick the shield icon, how pathethic is that amount of trackers, social media trackers, and even cryptominers!?!?

Attached screenshots

Chosen solution

Ublock Origin has the same filter lists that ABP uses, it is under the annoyances tab. And for tracking, it has a multitude of lists to choose from.

The reason I suggest NoScript over simply disabling javascript is that it allows you to set exactly what a site is able to use, by default all sites can only use objects, frames, fetches, and noscript tags. You can set sites to temporarily be alowed, as well as permanantly. You can also set sites to be completely disallowed (minus direct html). You can also set specific subdomains as trusted/untrusted/custom without setting the entire domain.

I use quite a few extensions. the big ones are as follows:

Multi-Account containers - Interface for Firefox containers (made by Mozilla) Ublock origin - content blocker NoScript - script blocker (you could use Ublock for this, but I like Noscript's interface better) CanvasBlocker - Blocking fingerprinting measures

The more specific ones are as follows:

Cookie Autodelete - kinda self explainatory Fastfoward - Fork of Universal Bypass that is active, it bypasses link shortners that can track you (or only work with javascript) Keyboard Privacy - delays key-presses randomly so that a fingerprint can't be made via a typing style

Also I use Dark reader because no browser is complete without dark mode everywhere.

Read this answer in context 👍 1

All Replies (7)

more options

Hello,

It is not suggested to use many content blockers for a few reasons {1}. I suggest ublock over adblock plus for many reasons {2}. The shield only protects against direct threats, not ads.

Assuming that people use this fingerprinting method, it would be detectable if you changed the filterlists. You want to be unique by not changing this

The nuclear method is always NoScript, which directly disables this kind of fingerprinting.

{1} Content blockers tend to be on the heavier side of extensions and multiple can cause issues that are easier to fingerprint.

{2} Ublock has a much more robust interface, has many more privacy features (and blocks more than just ads), and does not use the "Acceptable ads" thing that Adblock Plus uses for money, and can still be leveraged for tracking.

Helpful?

more options

andmagdo said

Hello, It is not suggested to use many content blockers for a few reasons {1}. I suggest ublock over adblock plus for many reasons {2}. The shield only protects against direct threats, not ads. Assuming that people use this fingerprinting method, it would be detectable if you changed the filterlists. You want to be unique by not changing this The nuclear method is always NoScript, which directly disables this kind of fingerprinting. {1} Content blockers tend to be on the heavier side of extensions and multiple can cause issues that are easier to fingerprint. {2} Ublock has a much more robust interface, has many more privacy features (and blocks more than just ads), and does not use the "Acceptable ads" thing that Adblock Plus uses for money, and can still be leveraged for tracking.


You said for many reasons uBlockOrigin is recommended over AdBlockPlus. The main reason i see here is as you said, it has many more privacy features. What are those privacy features that adblockplus does not have but ublock does?

Exactly that was my mind, if i manually edit the filter-list i will make it way easyer to be identifyed.

Does NoScript by default block this method of fingerprinting or is there a specific setting i must enable?

In addblockplus, you can opt-out from acceptable ads, which i did. Also, addblockplus has a few settings extra, like social media symbol tracking, push notifications, additional tracking. And generally for a long time i was using both adblockers, in 99% of cases they had the same amount of blocked content which means they use almost the same filterlist.

-see attached screenshots

Helpful?

more options

If you were not aware, NoScript by default blocks all fingerprinting other than http based fingerprinting, due to it simply blocking all javascript by default (allowing you to whitelist websites of your choice).

Ublock Origin has all filter lists that ABP uses, and more (obviously not reccomended to block everything, lest you get fingerprinted like this) The important part of Ublock origin is that it gives users all of the settings. Also they do not accept donations, while ABP freely asks for them.

It is recommended to have as few extensions as possible, as they can both slow down your browsing, and make you more fingerprintable.

Helpful?

more options

andmagdo said

If you were not aware, NoScript by default blocks all fingerprinting other than http based fingerprinting, due to it simply blocking all javascript by default (allowing you to whitelist websites of your choice). Ublock Origin has all filter lists that ABP uses, and more (obviously not reccomended to block everything, lest you get fingerprinted like this) The important part of Ublock origin is that it gives users all of the settings. Also they do not accept donations, while ABP freely asks for them. It is recommended to have as few extensions as possible, as they can both slow down your browsing, and make you more fingerprintable.

Alright, i will stick with ublock origin only and remove adblockplus. But im still woondering, does ublockorigin also have those features from adblockplus: social media symbol tracking, push notifications, additional tracking?

And about noscript, you are saying it blocks fingerprinting simply by disabling javascript? In that case i can also disable javascript in about:config I am not happy about javascript... but what choice do i have? i mean 80%+ of websites are unuseable when javascript is disabled. One question just came to my mind, if i connect to a website and whitelist it in noscript, will the sub-domains also be whitelisted? that would allow the website to take fingerprints then?

Since you seem to know alot about firefox and in general security, what addons are you using, or in other words what addons/extensions would you recommend?

Helpful?

more options

Chosen Solution

Ublock Origin has the same filter lists that ABP uses, it is under the annoyances tab. And for tracking, it has a multitude of lists to choose from.

The reason I suggest NoScript over simply disabling javascript is that it allows you to set exactly what a site is able to use, by default all sites can only use objects, frames, fetches, and noscript tags. You can set sites to temporarily be alowed, as well as permanantly. You can also set sites to be completely disallowed (minus direct html). You can also set specific subdomains as trusted/untrusted/custom without setting the entire domain.

I use quite a few extensions. the big ones are as follows:

Multi-Account containers - Interface for Firefox containers (made by Mozilla) Ublock origin - content blocker NoScript - script blocker (you could use Ublock for this, but I like Noscript's interface better) CanvasBlocker - Blocking fingerprinting measures

The more specific ones are as follows:

Cookie Autodelete - kinda self explainatory Fastfoward - Fork of Universal Bypass that is active, it bypasses link shortners that can track you (or only work with javascript) Keyboard Privacy - delays key-presses randomly so that a fingerprint can't be made via a typing style

Also I use Dark reader because no browser is complete without dark mode everywhere.

Helpful?

more options

andmagdo said

Ublock Origin has the same filter lists that ABP uses, it is under the annoyances tab. And for tracking, it has a multitude of lists to choose from. The reason I suggest NoScript over simply disabling javascript is that it allows you to set exactly what a site is able to use, by default all sites can only use objects, frames, fetches, and noscript tags. You can set sites to temporarily be alowed, as well as permanantly. You can also set sites to be completely disallowed (minus direct html). You can also set specific subdomains as trusted/untrusted/custom without setting the entire domain. I use quite a few extensions. the big ones are as follows: Multi-Account containers - Interface for Firefox containers (made by Mozilla) Ublock origin - content blocker NoScript - script blocker (you could use Ublock for this, but I like Noscript's interface better) CanvasBlocker - Blocking fingerprinting measures The more specific ones are as follows: Cookie Autodelete - kinda self explainatory Fastfoward - Fork of Universal Bypass that is active, it bypasses link shortners that can track you (or only work with javascript) Keyboard Privacy - delays key-presses randomly so that a fingerprint can't be made via a typing style Also I use Dark reader because no browser is complete without dark mode everywhere.

Interesting, maybe i will try noscript again. Im a little lost in that extension, when i look at such extensions as noscript or canvasblocker i realise how less knwoledge i have on web-security or in general just basics.

Fingerprints can be taken by identifying a specific typing style?! How the hell would that work? I mean there are billions of humans on this planet, many of them have a pc or so, there cant really be an AI that can identify a single person via typing style, that sounds like crazy sicience fiction and somewhat unrealistic. But what do i know..

Als do you know this extension? https://addons.mozilla.org/en-US/firefox/addon/universal-bypass/ Now sure if its any good? The description sounds nice but is it really usefull, cant tell. And btw, i sent you a personal msg but ill just ask here again. About canvas blocker, default general is fake, but there are 6 options so maybe i should change that? And advanced settings show option to, readout, input, nothing, everything, which one to use? Any checkmark to thick or unthick? I would simply leave everything on default but since you recommended this extension i tought why not ask.

About ublock vs ADP again, i know ublock has many settings but is social media symbol tracking one of them? because i cant find it.

Helpful?

more options

Yes, fingerprints can be made from subtle differences in typing styles.

Yes, I do know Universal bypass. I used to use it, but it is no longer updated. A big fork of it is FastFoward, which is actually updated and recommended by the owner of Universal Bypass. it is quite good.

Yes, social media tracking is under the "Annoyances" section of filters

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.