Jump to content

My Browser Builds (Part 3)

roytam1
 Share

Recommended Posts


VistaLover

VistaLover

Posted
Posted (edited)
24 minutes ago, nicolaasjan said:

They discovered Teamviewer, even in the Tor browser...

OTOH, it doesn't find anything here in latest Serpent 52.9.0 (portable installation) with uBO-legacy:

0aRmxzi.jpg

I've given them more than five minutes... :whistle:

Edited by VistaLover
1
Link to comment
Share on other sites
Sampei.Nihira

Sampei.Nihira

Posted
Posted (edited)
3 minutes ago, nicolaasjan said:

@Sampei.Nihira

This vulnerability has already been brought to the attention of Firefox developers:

https://bugzilla.mozilla.org/show_bug.cgi?id=1711084

:yes:

Vulnerability affects many browsers.

P.S. If you like you can put the test to the attention of W members.

Edited by Sampei.Nihira
Link to comment
Share on other sites
VistaLover

VistaLover

Posted
Posted
6 minutes ago, Sampei.Nihira said:

Schemeflood.com script allowed temporarily

Their script starts its "job" :angry: once you start typing the reCAPTCHA in the input box...
On FirefoxESR 52.9.1, they successfully detected an association with the Telegram desktop app (i.e. Fx can handle ".tg" links...); FWIW, I had only tested the app some years ago, currently it doesn't even support Vista (or XP) ... :o

1
Link to comment
Share on other sites
Sampei.Nihira

Sampei.Nihira

Posted
Posted
On 5/14/2021 at 11:25 AM, nicolaasjan said:

It doesn't work in Chromium on Linux (it "detected" all 24 apps ,haha)

:yes:

If for that matter, it doesn't even work in Android.
But that's OT in this thread

 

On 5/14/2021 at 11:26 AM, VistaLover said:

Their script starts its "job" :angry: once you start typing the reCAPTCHA in the input box...
On FirefoxESR 52.9.1, they successfully detected an association with the Telegram desktop app (i.e. Fx can handle ".tg" links...); FWIW, I had only tested the app some years ago, currently it doesn't even support Vista (or XP) ... :o

No surprise.

Unfortunately, the bugs are there and always will be.
We must do our best to take care of privacy and security, without becoming paranoid.:yes::D

2
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted (edited)
18 minutes ago, nicolaasjan said:

It doesn't work in Chromium on Linux (it "detected" all 24 apps ,haha)

What PERCENTAGE did it give you?

Ignore the detected apps, it is the percentage that is telling you if you are "unique" or not, unless I'm mistaken.

It didn't find any of my apps but only listed me at 92.35%  :(

I have Word installed (but it is version 2003).

If the Adobe icon is for Acrobat Reader, I have it installed (but it is version 9.5.5).

But on the other hand, if I have to DISABLE extensions that run by default just to get this thing to work, then I'm being PROTECTED in the wild and this demo was kind of pointless, IMHO.

Edited by ArcticFoxie
Link to comment
Share on other sites
nicolaasjan

nicolaasjan

Posted
Posted (edited)
19 minutes ago, Sampei.Nihira said:

:yes:

If for that matter, it doesn't even work in Android.
But that's OT in this thread

That's probably because Android has a Linux kernel.

https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux/sandboxing.md

Type: chrome://sandbox/ in Chrome/Chromium and I saw this:

spacer.png

Edited by nicolaasjan
Link to comment
Share on other sites
Sampei.Nihira

Sampei.Nihira

Posted
Posted (edited)
9 minutes ago, nicolaasjan said:

That's probably because Android has a Linux kernel.

https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux/sandboxing.md

Type: chrome://sandbox/ in Chrome/Chromium and I saw this:

spacer.png

It is not possible to claim that Linux/Android are a mitigation to the bug.
Instead it is correct to say that the test fails.
The developer states that the test succeeds with Ubuntu 20.04:

 

https://github.com/fingerprintjs/external-protocol-flooding

The mitigations to the bug are those that I have already cited, therefore a script-blocker.

Edited by Sampei.Nihira
1
Link to comment
Share on other sites
XPerceniol

XPerceniol

Posted
Posted (edited)

test.thumb.JPG.508a58c286590abd5e7311cb0a3e981f.JPG

So, if I understand this, Zero is good, in that, it didn't detect anything? But, Why was my Serpent52 Build Id: 20210508151854 seen 1069 times? Perhaps I'm not understanding the results. 92.24% Unique.

EDIT: FWIW ... The test won't run with the user pref [dom.storage.enabled] set to false (which is how I normally keep it, I only enable when needed).

Edited by XPerceniol
Link to comment
Share on other sites
nicolaasjan

nicolaasjan

Posted
Posted

My Serpent gave the same result as Pale Moon (stuck in the middle):

spacer.png

 

On 5/14/2021 at 11:55 AM, Sampei.Nihira said:

It is not possible to claim that Linux/Android are a mitigation to the bug.

Yes, but there are a lot of Android and ChromeOS users, so fingerprinting will become useless over time, when more and more people visit such sites.

Quote

The mitigations to the bug are those that I have already cited, therefore a script-blocker.

If the script is first party and the site doesn't work properly without it, what then?

 

On 5/14/2021 at 12:09 PM, XPerceniol said:

But, Why was my Serpent52 seen 1069 times?

I think because 1069 people didn't have any of these apps installed (or the apps couldn't be detected)?

2
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...