Guest Posted May 14, 2021 Posted May 14, 2021 @nicolaasjan If you change browsers the identifier should remain the same. This is at least the intention of the test developer. We take every precaution possible (Noscript.....etc......) to protect our privacy.
VistaLover Posted May 14, 2021 Posted May 14, 2021 (edited) 24 minutes ago, nicolaasjan said: They discovered Teamviewer, even in the Tor browser... OTOH, it doesn't find anything here in latest Serpent 52.9.0 (portable installation) with uBO-legacy: I've given them more than five minutes... Edited May 14, 2021 by VistaLover
Guest Posted May 14, 2021 Posted May 14, 2021 NM28 + Noscript: Schemeflood.com script allowed temporarily: image hosting
nicolaasjan Posted May 14, 2021 Posted May 14, 2021 @Sampei.Nihira This vulnerability has already been brought to the attention of Firefox developers: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084 2
Guest Posted May 14, 2021 Posted May 14, 2021 (edited) 3 minutes ago, nicolaasjan said: @Sampei.Nihira This vulnerability has already been brought to the attention of Firefox developers: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084 Vulnerability affects many browsers. P.S. If you like you can put the test to the attention of W members. Edited May 14, 2021 by Sampei.Nihira
nicolaasjan Posted May 14, 2021 Posted May 14, 2021 1 minute ago, Sampei.Nihira said: Vulnerability affects many browsers. It doesn't work in Chromium on Linux (it "detected" all 24 apps ,haha)
VistaLover Posted May 14, 2021 Posted May 14, 2021 6 minutes ago, Sampei.Nihira said: Schemeflood.com script allowed temporarily Their script starts its "job" once you start typing the reCAPTCHA in the input box... On FirefoxESR 52.9.1, they successfully detected an association with the Telegram desktop app (i.e. Fx can handle ".tg" links...); FWIW, I had only tested the app some years ago, currently it doesn't even support Vista (or XP) ... 1
Guest Posted May 14, 2021 Posted May 14, 2021 On 5/14/2021 at 11:25 AM, nicolaasjan said: It doesn't work in Chromium on Linux (it "detected" all 24 apps ,haha) If for that matter, it doesn't even work in Android. But that's OT in this thread On 5/14/2021 at 11:26 AM, VistaLover said: Their script starts its "job" once you start typing the reCAPTCHA in the input box... On FirefoxESR 52.9.1, they successfully detected an association with the Telegram desktop app (i.e. Fx can handle ".tg" links...); FWIW, I had only tested the app some years ago, currently it doesn't even support Vista (or XP) ... No surprise. Unfortunately, the bugs are there and always will be. We must do our best to take care of privacy and security, without becoming paranoid.
NotHereToPlayGames Posted May 14, 2021 Posted May 14, 2021 (edited) 18 minutes ago, nicolaasjan said: It doesn't work in Chromium on Linux (it "detected" all 24 apps ,haha) What PERCENTAGE did it give you? Ignore the detected apps, it is the percentage that is telling you if you are "unique" or not, unless I'm mistaken. It didn't find any of my apps but only listed me at 92.35% I have Word installed (but it is version 2003). If the Adobe icon is for Acrobat Reader, I have it installed (but it is version 9.5.5). But on the other hand, if I have to DISABLE extensions that run by default just to get this thing to work, then I'm being PROTECTED in the wild and this demo was kind of pointless, IMHO. Edited May 14, 2021 by ArcticFoxie
nicolaasjan Posted May 14, 2021 Posted May 14, 2021 (edited) 19 minutes ago, Sampei.Nihira said: If for that matter, it doesn't even work in Android. But that's OT in this thread That's probably because Android has a Linux kernel. https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux/sandboxing.md Type: chrome://sandbox/ in Chrome/Chromium and I saw this: Edited May 14, 2021 by nicolaasjan
nicolaasjan Posted May 14, 2021 Posted May 14, 2021 11 minutes ago, ArcticFoxie said: What PERCENTAGE did it give you? 93.58%
Guest Posted May 14, 2021 Posted May 14, 2021 (edited) 9 minutes ago, nicolaasjan said: That's probably because Android has a Linux kernel. https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux/sandboxing.md Type: chrome://sandbox/ in Chrome/Chromium and I saw this: It is not possible to claim that Linux/Android are a mitigation to the bug. Instead it is correct to say that the test fails. The developer states that the test succeeds with Ubuntu 20.04: https://github.com/fingerprintjs/external-protocol-flooding The mitigations to the bug are those that I have already cited, therefore a script-blocker. Edited May 14, 2021 by Sampei.Nihira
nicolaasjan Posted May 14, 2021 Posted May 14, 2021 It didn't work in Pale Moon. See also: https://forum.palemoon.org/viewtopic.php?f=65&t=26860 On 5/14/2021 at 11:55 AM, Sampei.Nihira said: The developer states that the test succeeds with Ubuntu 20.04: Chrome 90 (Windows 10, macOS Big Sur) Ubuntu: Only Firefox and Tor browser. 1
XPerceniol Posted May 14, 2021 Posted May 14, 2021 (edited) So, if I understand this, Zero is good, in that, it didn't detect anything? But, Why was my Serpent52 Build Id: 20210508151854 seen 1069 times? Perhaps I'm not understanding the results. 92.24% Unique. EDIT: FWIW ... The test won't run with the user pref [dom.storage.enabled] set to false (which is how I normally keep it, I only enable when needed). Edited May 14, 2021 by XPerceniol
nicolaasjan Posted May 14, 2021 Posted May 14, 2021 My Serpent gave the same result as Pale Moon (stuck in the middle): On 5/14/2021 at 11:55 AM, Sampei.Nihira said: It is not possible to claim that Linux/Android are a mitigation to the bug. Yes, but there are a lot of Android and ChromeOS users, so fingerprinting will become useless over time, when more and more people visit such sites. Quote The mitigations to the bug are those that I have already cited, therefore a script-blocker. If the script is first party and the site doesn't work properly without it, what then? On 5/14/2021 at 12:09 PM, XPerceniol said: But, Why was my Serpent52 seen 1069 times? I think because 1069 people didn't have any of these apps installed (or the apps couldn't be detected)? 2
Recommended Posts