Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 2014-08-02 12:05:28

Heretic
Guest

Anonymizing Epic Flash using DisableDeviceFontEnumeration=1 in mms.cfg

Because Epic has a built in version of Flash that sends System Fonts that can be used for Fingerprinting, now a major concern, it may be worth while to override the default Flash settings by creating a "mms.cfg" file (MacroMedia System Config) specifically for the Epic Browser.

Accordingly, Chromium based browsers use a built in version of Flash that will call to a different file for its settings, not the ones in the Windows directory (for Windows based systems) due to its built in nature.  This needs to be verified.

http://superuser.com/questions/292666/h … details-in

After referencing the above article, I was able to test this on Firefox (not Epic yet) and found that either creating a new mms.cfg file or adding to an existing mms.cfg file a line that says "DisableDeviceFontEnumeration=1" did in fact work.  Panopticlick (Fingerprint check) reveals literally "(via Flash)" or basically an Empty List of fonts.

PERFECT

This may be strongly recommended to implement into future distributions of the Epic Browser in an effort to further combat Fingerprinting as a method of Tracking.

Offline

#2 2014-08-02 12:25:39

sathi
Administrator

Re: Anonymizing Epic Flash using DisableDeviceFontEnumeration=1 in mms.cfg

Hi Hereric,

Thanks for sharing  nice ideas.

Epic may not respond to this mms.cfg . Because We hooked peeper plugin to Epic. This plugin overrides system's Adobe flash plugin. But you can try and let us know. 

Our team is working on blocking the fonts and some other details.

Offline

#3 2014-08-02 22:44:04

Heretic
Guest

Re: Anonymizing Epic Flash using DisableDeviceFontEnumeration=1 in mms.cfg

I'll test it when I get a chance, but Epic is uninstalled at the moment.  Its something for the troubleshooting thread however, not here.

I read a little more into controlling Flash and apparently, the Administrator Documentation does not list everything that can be put into the mms.cfg file.  Tons of hidden features.  Your team probably knows about many of these things, but the average person wont know how many things are not listed.  This is one list I found for deeper control using the cfg file.

http://jpauclair.net/2010/02/10/mmcfg-treasure/

One example is a feature called "WindowlessDisable=1" which may be useful to prevent floating Flash Ads.

You probably have a better solution to Flash sending fonts or other Fingerprinting methods.  It is becoming increasingly obvious that large money grubbing companies like Google and Adobe have little intention of giving users tools that offer real privacy, just the illusion of privacy.  I am glad you all have done your best to return a measure of real privacy back to people.

Offline

Board footer