You are not logged in.
Pages: 1
@alok
Im not sure that getting ahold of people at Adobe will help. They care about Money, not Privacy.
On that topic, it appears that many of the features in Flash are totally undocumented!
http://jpauclair.net/2010/02/10/mmcfg-treasure/
One way I think will stop the Flash font-data leakage is to use a "mms.cfg" file in the Windows folder and set a param to read: "DisableDeviceFontEnumeration=1" It seems to work just fine on Panopticlick, but I suck with packet sniffing so I cant verify.
Sathi replied elsewhere and said Flash didnt like to obey its mms.cfg by attaching a Peeper plugin to alter fonts list, but from what Ive found is that the Flash config mms.cfg file for Chrome / Epic is actually supposed to be located elsewhere, somewhere within Chrome, thus, most likely also for Epic, which could be the source of the trouble.
Im glad you have something working to fight back against the Canvas Fingerprinting, but AddThis accordingly has pulled it. However Google has not, but I dont think they are using Canvasing techniques. Youtube, with all local tracking blocked, is still able to fingerprint users. Thus, youtube may work better as a testbed for fighting fingerprinting. They're doing something else, and by comparison of Google to AddThis, Google is much more dangerous than AddThis.
I mentioned the mms.cfg and other Flash stuff other times here because I think it could be highly useful.
= = = = =
Off topic, on the concept of Proxies. Proxies are imperfect. They can be bypassed by various server tricks. Such as (*sigh*) Flash phoning home to verify an IP. And I know you guys need funding for this project. Would it be in your interest to set up a full scale VPN network? I guess you'd have to consider making it a paid VPN as an optional service that could supplement Epic, but just a thought...
I'll test it when I get a chance, but Epic is uninstalled at the moment. Its something for the troubleshooting thread however, not here.
I read a little more into controlling Flash and apparently, the Administrator Documentation does not list everything that can be put into the mms.cfg file. Tons of hidden features. Your team probably knows about many of these things, but the average person wont know how many things are not listed. This is one list I found for deeper control using the cfg file.
http://jpauclair.net/2010/02/10/mmcfg-treasure/
One example is a feature called "WindowlessDisable=1" which may be useful to prevent floating Flash Ads.
You probably have a better solution to Flash sending fonts or other Fingerprinting methods. It is becoming increasingly obvious that large money grubbing companies like Google and Adobe have little intention of giving users tools that offer real privacy, just the illusion of privacy. I am glad you all have done your best to return a measure of real privacy back to people.
Because Epic has a built in version of Flash that sends System Fonts that can be used for Fingerprinting, now a major concern, it may be worth while to override the default Flash settings by creating a "mms.cfg" file (MacroMedia System Config) specifically for the Epic Browser.
Accordingly, Chromium based browsers use a built in version of Flash that will call to a different file for its settings, not the ones in the Windows directory (for Windows based systems) due to its built in nature. This needs to be verified.
http://superuser.com/questions/292666/h … details-in
After referencing the above article, I was able to test this on Firefox (not Epic yet) and found that either creating a new mms.cfg file or adding to an existing mms.cfg file a line that says "DisableDeviceFontEnumeration=1" did in fact work. Panopticlick (Fingerprint check) reveals literally "(via Flash)" or basically an Empty List of fonts.
PERFECT
This may be strongly recommended to implement into future distributions of the Epic Browser in an effort to further combat Fingerprinting as a method of Tracking.
Do you have a Firewall that might be blocking the browser from accessing the web?
Im starting to think that a combination of both being very unique and very random as well as absolutely not unique might work. Randomizing certain aspects of fingerprint signatures that shift around might create a very confusing situation for those trying to fingerprint. This signature popped up here (randomly) then its over there, then it went that way. Confuse to the point of total failure of fingerprinting methods?
Fonts
Perhaps another way to muck with fonts is another program that reports back to any font requests to any program other than "authorized" programs a phony list that is made to be generic (or random, above paragraph). One version of Flash might be tricked by this data, but another might not be. Im thinking the key isnt to go after Flash itself, but where Flash actually gets its data from, the real fonts. Personally, I could care less if I have to alter my Real Fonts for Privacy. Lots are installed by games or other programs. Screw it. Dump em. Or restore as needed. Just tossing ideas around.
Canvas
I Aaree with Jim. Not sure if its possible or easier to block drawing Canvas through JS. My primary target right now is Youtube, and I suspect they are using something other than Canvas. I could be wrong. Perhaps a blacklist for the Noscript addon that targets the location of the script on their servers? Why not? They target us because we are for sale. Why not take a stab at it with the Block Ads concept? Leave the functionality of sites, but block anything that has to do with Fingerprinting, which Youtube is definitely now doing. Might this work?
Flash and Images arent the only way to display a visual ad. One may wish to consider "HTML5 Canvas" Block as well, as that is the currently described method for Fingerprinting which affects both Privacy and Advertising Pollution.
GOOGLE IS NOW FINGERPRINTING
My computer is getting Fingerprinted by Youtube and I can not figure out how to stop them!
Let me explain "Computer" over just "Browser"...
I've been on Firefox for forever. Ive NEVER created any form of Google related acct. I do not allow any form of tracking to the best of my abilities. I dont sign in, I dont allow cookies, blocked Flash cookies, blocked HTML5 cookies, DOM cookies, rotate browser headers and send random Etags with Secret Agent or others (tried a few), block connections with a Firewall and run a personal DNS Server for Ad and Tracker Blocking.
In short, I dont log in to ANYTHING Google related and go to what some would consider ridiculus lengths to block tracking of any form.
Now for the cunundrum of Privacy vs Functionality.
I do like watching some videos on Youtube. But to do so, Javascript needs to be enabled. Flash kinda sorta does too as their HTML5 Player is horrid and causes mostly stutter. Lots of that has to do with my crappy low bandwidth internet tho and Im flat broke and unemployed so all I have is what I got.
When I go to Youtube on ANY browser, despite every form of tracking being blocked but allowing the dead minimum for functionality, they still show "Recommended Channels for you" crap, and its the same channels each and every time. This leads me to believe they have gone hard core after Fingerprinting.
Ive only had one successful test where I was not being Fingerprint Tracked and that was with the Tor Browser. Problem is Tor doesnt have Flash due to the number of problems that Flash creates with Privacy. Anything else I've tried in Firefox, including a full uninstall and reinstall so far has failed to prevent the same "Recommended Channels" from popping up, which tells me, despite not knowing my name, they are uniquely tracking me, and its pissing me off.
Im connecting through a VPN (Private Internet Access), disconnect, reconnect, etc. Its not my IP they are getting, its something else. There are a couple of videos that I did bookmark and due to Image Manipulations, figure that it may be possible to make a Favicon work like a Cookie. I know it isnt Cache, as that is completely cleared, and still maintained across a full reinstall of Firefox, Opera, IE (ugh, but had to test it), and even the Epic Browser! The Firefox Plugins I dont see as a valid solution, but I've made efforts that all failed. I used to try to block Trackers and Ads (usually one in the same) with a Hosts file, but due to the way DNS names are now being used to serve ads as well, had to upgrade to running my own DNS server on my computer to be able to use wildcard DNS blocking methods. Some ads come only from IP's. Used a Firewall to block all access from any program on my box to those IP's and ranges. I've uninstalled Flash, (still have Flash Developer, but not the player), dumped Google Earth, and tried just about everything I can think of to block their Fingerprinting, but to no avail, excluding Tor, and including Epic Proxy.
I know my way around computers and networking.
Suspicions have been limited down to this:
- Bookmarks with Favicon
- HTML5 Canvas Object for Fingerprinting
- Some form of DNS Testing
- Unknown Method of Fingerprinting
I dont think I need to go into the deep end of why I want my Privacy, so I'll make it short. Its not about "Right or Wrong", it is all about a difference of opinion being the source of almost all conflicts or abuse. Im not a bad person. I believe in balance and peace. However, some of the videos that I watch could be used to build a profile that could make me (or anyone for that matter) out to be some sort of violent radical, which Im not. I think we are very close to the point of Privacy once again becoming a Life or Death situation for many ordinary people. Think it wont come to Life or Death? There is nothing wrong with being born of Jewish descent. Try asking a Jew that got killed in the hollocaust what they think about Privacy. Oh wait, you CANT because they are dead for something that someone else thought was wrong. I do not think what I am told to think (Privacy is Dead or Privacy is just for Criminals), hence why my user name here is Heretic. I dont want to be the next Jew that gets killed for their beliefs.
If Youtube had a competitor that I could observe the same material from, I'd go there (hoping they are respectful to privacy) but unfortunately, too many sources use just Youtube
Any advice to block their Fingerprinting in any way shape or form would be greatly appreciated as the rest of my efforts have been unsuccessful.
(sorry for the wall of text)
Pages: 1