
Block Fingerprinting with Firefox - rendall
https://blog.mozilla.org/firefox/how-to-block-fingerprinting-with-firefox/
======
dessant
Google's reCAPTCHA makes it impossible to use large portions of the web once
you take reasonable measures to protect your privacy. The challenge will
continuously fail, despite you spending time to carefully solve it. This cruel
behavior is described in a patent [1] by Kyle Adams of Juniper Networks.

[1]
[https://patents.google.com/patent/US9407661](https://patents.google.com/patent/US9407661)

~~~
kabacha
Google's reCAPTCHA is cancer upon the web. Everyone should enable fingerprint
block to shut this invasive and abusive garbage.

If everyone would block it the website owners would have no choice other than
to move to a different captcha system.

~~~
confounded
“Hm, works in Chrome. Are you using Chrome?”

~~~
molf
This will become a less acceptable answer the more popular other browsers
become.

The only way to make that happen is to stop using Chrome and tell others to do
the same.

~~~
rplnt
"But you told me to use Chrome."

Google took over with shady practices, with the help of tech savvy people.

~~~
maxheadroom
Not to mention Edge moving to the Chrome base; which further disenfranchises
_anyone_ from making sure it works in 'x' browser, anymore.

" _It works in Chrome and Edge, which is based on Chrome, so what 's your
problem, again?_"

~~~
anonymfus
Well considering that Google already specifically blocks Chromium based Edge
from its current YouTube version may be Recaptcha will not work in it soon
too.

~~~
klez
Google is not blocking edge, or at least we have no proof of that. In this
instance I think it's safe to assume an oversight based on naive user agent
whitelisting.

And before I get accused of shilling, I hate chrome and despise Google with a
passion.

~~~
trehalose
As I responded to a comment just below this one, somebody over on reddit
tested different user agents:
[https://www.reddit.com/r/google/comments/btysl9/google_have_...](https://www.reddit.com/r/google/comments/btysl9/google_have_..).

It seems pretty clear from the fact that nonsense user agents like
"TotallyNotMicrosoft" and "IE6" worked, that there is a blacklist, not a
whitelist.

------
OJFord
> You probably wouldn’t appreciate someone tracking your moves in real life.
> There’s no reason to accept it online.

Great to read something like this on mozilla.org.

~~~
ngokevin
Kind of funny though, the vast majority of Mozilla's money comes from the ads
and tracking industry, just one step removed.

~~~
ChrisSD
The irony is they tried diversifying their income. But people don't want their
browser to ask for donations (that's nagging). They don't want their new tab
page pre-populated with websites on a new install (even if their browsing
overwrites them). They don't want "fun" additions to advertise TV shows (even
if they're opt-in).

But they're happy to pay via google's search and tracking. Mozilla doesn't
have a lot of options open to them.

~~~
ademup
Firefox has ~250M users as of about 9 months ago and $562M revenue for 2017.

I'd honestly pay $2 per month (12 times "my share") for a Firefox that
completely disavows the ad model and produces a truly user-centric experience
sans ads, fingerprinting, etc. However, given that over 95% of their revenue
comes from Royalties, I don't see that turning around any time soon.

~~~
simias
I would too, but clearly most people wouldn't, otherwise advertisement
wouldn't be such a popular way to monetize apps and websites (and Google
wouldn't be the behemoth that it is today). Actually I would also gladly pay
for a decent search engine but even DuckDuckGo decided to monetize using ads,
which IMO means that sooner or later if they're successful enough they'll
become just as bad as the rest.

Besides paying for a product doesn't mean that it becomes privacy-friendly,
look at how Spotify still tracks your every actions even when you're a paying
customer for instance.

~~~
fencepost
A possibly relevant distinction for DDG ads is that (I believe) they're
anonymized and tied only to the search, not to your identity.

~~~
simias
You're right but I can't shake the feeling that if they ever become really
popular the temptation to change that model will be huge. Maybe the DDG of
today is principled enough not to do that (and it's also probably in their
best interest at the moment since their most obvious feature compared to other
big search engines is its privacy) but what about 10 years from now? Or 20
years? What happens if their growth starts stalling and the shareholders ask
for more? Will they take the side of their freeloading users over the paying
advertisers and investors? Principles tend to be soluble in a high-enough
concentration of dollar bills.

After all there was a time where most of us trusted Google and their "Do No
Evil" motto. And then eventually in morphed into "Do More Profit" and we have
the corporation that we know today.

~~~
fencepost
If I had the ability to know what a tech company was going to do 10 or 20
years in the future I wouldn't have sold off my Apple stock in the late 90s.

DDG may change how they do things, but I expect that if they do there will be
someone else that shows up to make money by providing a value-added
anonymizing wrapper on top of search performed by a larger company - and it
may not even be on top of the duopoly as it exists right now (are there actual
search providers in the US not wrapping Google or Bing?). This may
particularly happen if a new company grows in India or China then its able to
start spreading coverage to other parts of the world.

------
kakkksaknmdm
I worked in the ad industry. Every web-browser including brave, tor,safari is
uniquely identifiable even on same hardware.

All the public computer researchers and browser vendors are years behind the
techniques to fingerprint devices (probably 5+).

Canvas, WebGl etc are techniques of the past. There are much more advanced
ones, than can identify devices with completely uniquely (on both desktop and
mobile)

Also we know when users fake their fingerprints, and the algorithm respects
the decision even though we know who the user is despite faking with all state
of the art methods.

Latest methods dont even use JavaScript. Just CSS is enough to identify every
device uniquely but you'd need JS to send the data back.

Every public researcher I've seen are given honeypot techniques that they
consider state of the art even thought the industry is way ahead of the
researchers.

~~~
flatb
Not to be picky, because to be honest I completely believe that what you say
is plausible, but that's a lot of outrageous claims with very little in the
way of examples or evidence.

~~~
kakkksaknmdm
This is what we knew of in 2015: [https://boingboing.net/2019/05/22/unique-
device-fingerprints...](https://boingboing.net/2019/05/22/unique-device-
fingerprints.html) you can figure out where the industry is now yourself.

------
b-3-n
Firefox is playing its trump, the privacy, very well lately. This is very
smart as the competition has no good answer. Equalizing on privacy level would
go against their business model so they won't ever do it wholeheartedly.

Trying out Firefox now...

~~~
jopsen
> Equalizing on privacy level would go against their business model...

More importantly it would go against the mission statement.

Mozilla isn't around to make money, it's around to make progress toward a
mission. (Search revenue helps fund that, but revenue is not the end goal for
Mozilla).

~~~
_bAp_
He was talking about the competition, not Mozilla.

------
geekamongus
It seems that almost weekly, I am reminded why I love Firefox because of some
new thing Mozilla is doing. A lot of good decisions have been coming from them
lately.

~~~
dylan604
FF is my primary browser, yet people I know that work in security laugh at me
as they claim FF is always the first browser to fail in the hacker games. I
don't know enough about why, but I'd love for that to not be a thing. Taking
into account my threat profile (types of sites I visit, JS blocking, etc), I
feel the hacking risk is still a worth while trade off for the lack of
tracking.

~~~
Fnoord
"People I know that work in security" is vague and non descriptive.

To be fair, you did follow it up:

> as they claim FF is always the first browser to fail in the hacker games

What are their sources? I also "know such people" and I am unaware of such
claims. If one uses Kali Linux, it has Mozilla Firefox as default browser. The
same for Debian (on which Kali is based upon).

The thing is, you can harden your browser after installation. The first thing
I do with a browser is installing uBlock Origin and uMatrix.

------
xvector
Can someone paste their results (or at least bits of fingerprinting entropy)
from [https://panopticlick.eff.org](https://panopticlick.eff.org) with the
latest Firefox?

With the fancy new anti-fingerprinting Safari on macOS Mojave I get just over
14.5 bits of entropy with the most entropic source being my canvas fingerprint
(1 in 600).

With Safari on iOS I get 11.71 bits of entropy, with the most entropic value
being my screen size and color depth.

~~~
abdullahkhalids
17.62 bits on firefox, 11.0 on Tor, 17.63 on chrome.

On firefox, the big contributors are HTTP headers (my native language is
announced), hash of WebGl fingerprint and time zone.

On Tor big contributors are hash of webGL fingerprint, screen size.

On chrome, they are system fonts, hash of canvas fingerprint, user agent, and
time zone.

I am not too concerned about the fingerprinting in firefox since I have strict
blocking on, ublock origin, and separate containers for facebook and google.
Based on the small amount of data facebook has on me, all the blocking is
working pretty well.

~~~
kevin_thibedeau
The numbers don't make much sense to me. On FF I get 14.05 with NoScript
active. Curiously the headers _increase_ from 1.68 bits to 3.47 when NoScript
is running.

~~~
zucker42
Of course no script increases the entropy. Most people don't run NoScript, so
you are more identifiable when you run it.

~~~
kevin_thibedeau
It increases the entropy for the JavaScript tests as would be expected. It
shouldn't affect the HTTP_ACCEPT header.

------
wybiral
I've been really impressed with Firefox Quantum for the steps they've taken
towards privacy and transparency.

This definitely seems like the edge that Mozilla will have when trying to
stand out against Chromium-based browsers going forward (especially now that
everyone else seems to base their browser off of Chromium).

~~~
ojosilva
I'm a big user of Firefox since I switched from Chrome 1 year ago for these
reasons, but I wonder why don't they base their underlying engine on Chromium
then build all their safety, privacy and other niceness on top of that?

I know Mozilla has been working hard on the engine (rewrite with Rust?) and
new versions like Firefox Focus on mobile is blazing fast, but keeping a
separate renderer (and developer tools!), with its own issues and
discrepancies, seems like a lot of sweat and pain when the Chromium project
seems decently sound OSS. I know being able to put in practice your own
interpretation of standards is a great exercise in freedom and web diversity,
which seems to reinforce their mission, but still... the end result is
probably millions in economic impact worldwide to keep website codebases
aligned with browser standards, even if the differences are apparently minimal
and 99% of the time it just works.

Is being a fully independent browser Mozilla's main raison d'être?

------
vxNsr
As much as I hate more legislation I think the only way to solve this is to
make it very onerous to own and compile this data and to level heavy fines (as
in criminal charges and/or force the company into bankruptcy via 90% revenue
fines) in cases when the database is breached.

Everything else will just turn into an arms race between those who don't wanna
be tracked and those who wanna track.

If the US did something like the GDPR but in our constitution I wouldn't be
surprised if a cottage industry opened up overnight in secure data-
warehousing. I get that it would complicate things for small companies but we
brought this on ourselves.

~~~
joaobeno
These companies then lobby the government, asking to be relieved of the fines,
because if they go down, so many workers will be out of jobs, and that they
will comply (pinky promise), so the fines should be lifted to help these
innocent people...

------
stockkid
> Keep in mind that blocking fingerprinting may cause some sites to break.

This represents the sad state of Internet we are all living through. I have
noticed that when I turn on privacy settings on Firefox, some major websites
are broken and rendered unusable. It seems that the Internet is rampant with
tracking and privacy violation, and we consumers are passively accepting it,
by and large.

~~~
kgwxd
I haven't had an issue, but I avoid "major websites" like the plague, as they
are the modern equivalent (though measles is making a comeback). If a site
breaks with good privacy settings, it's a decent indicator you're better off
not visiting. If a breaking site shows up on my radar too much, I add the
domain to an add-on I made to hide links to it on any page. My
HN/reddit/search results/etc views usually have a few blank lines, they're
links to domains I have determined I never want to visit ever again. My RSS
reader gets a variation of the filter, so they don't show up there either. It
feels really good to have the power to remove an entire site from my personal
internet.

~~~
stockkid
> I add the domain to an add-on I made to hide links to it on any page.

That sounds interesting. Have you published it or made source available? I'd
love to try.

~~~
kgwxd
I published it [1], but only because I had to in order to use it without
adding and approving it every time I started Firefox :/ I originally thought I
had made the source available but eventually realized the code repo on Mozilla
was only available to me (not sure what the point of that is). You just
inspired me to get it up on github [2].

It's a pain to configure but the example JSON in the "Preferences" section of
the add-on should be enough to get started. Just paste it into the textarea,
save, then visit HN or Reddit, you'll probably see a few blank lines where
links should be.

Right now, the top post on HN is a WSJ link. I don't want to see their links
because I don't ever want to click them just to hit a paywall I already know
I'll never accept. So my HN page looks like this [3].

The tool uses regular expressions on text and element attribute values.
Anything that matches gets a given CSS style applied. I think it would be
great if uBlock Origin could do this but it doesn't allow the level of
granularity needed to accomplish the end result.

[1] [https://addons.mozilla.org/en-
US/firefox/addon/ssure/](https://addons.mozilla.org/en-
US/firefox/addon/ssure/)

[2] [https://github.com/7w0/ssure](https://github.com/7w0/ssure)

[3] [https://i.imgur.com/pEV50xr.jpg](https://i.imgur.com/pEV50xr.jpg)

------
banachtarski
Serious question. Suppose we have this. I suppose my expectation is that
instead of seeing the same ad over and over again, now I'm seeing effectively
a random one.

Why is this necessarily better? I guess personally, I've always thought that
regulating the content of the ads, rather than the usage of sufficiently
anonymized data for ad targeting.

~~~
treve
Getting a targeted advertising that is likely relevant to you is probably one
of the few positives of tracking.

The issue people have with tracking is not 'what ad am I getting on a given
website'. To get a targeted ad they need to maintain a database of privacy
infringing information. 3rd parties having this data, and what they might do
it with it (or who they might lose the data to) is what many people have an
issue with.

Being served a targetted ad is just a strong signal that someone out there has
this private data on you.

For example, chances are that google has a pretty rich database of your
location history. If not you specifically, they do for most people. You can
probably imagine a few different scenarios where someone else obtaining that
data could be bad for someone. You're trusting google with it, but is that
trust warranted?

~~~
chrisshroba
Serious follow-up: I've always been fairly apathetic towards companies
tracking me because I don't see too many plausible situations that would end
up truly affecting me negatively. Do you have any examples (preferably that
have happened in the past, but hypothetical are okay too) of what can go wrong
if the tracking information falls in the wrong hands? Sure, street addresses,
SSN's, credit card numbers would be bad, but why should I care if someone
finds out that I'm a male aged 24 interested in backpacking, Apple products,
and programming?

~~~
OhHeyItsE
Hypothetical: individual pricing based on how likely you are to pay more for
an item, or how badly they think you need it. Sharing of data across domains
could place you in a "bubble" where you see the same price no matter where you
look.

~~~
kabacha
That's exactly what a lot of airline websites do. If you're an active user of
one try firing up a clean instance of different browser and it's very likely
you'll see a different price.

For products that can benefit from information asymmetry[1] fingerprints are
an amazing tool.

1 -
[https://en.wikipedia.org/wiki/Information_asymmetry](https://en.wikipedia.org/wiki/Information_asymmetry)

------
bojanvidanovic
Firefox is really stepping up in the game of online privacy. I switched to
Firefox almost 2 years ago and never looked back.

------
thomasfedb
Recent progress in Firefox contrasts very strongly with Chrome. I know I'm
very happy to be a FF user right now.

------
rhaksw
I've had some issues maintaining reVddit.com while keeping Firefox's tracking
protection in mind. I'd love some help if there is anyone who can provide
insight.

Basically, you can't load reVddit pages on Firefox because reVddit accesses
reddit's API, and reddit is listed on Firefox's list of websites that are
considered trackers [1].

In my uneducated opinion, this list is weird. I had some discussion about this
with Mozilla devs [2]. In that message chain, devs acknowledged reVddit is not
doing anything wrong, rather it is reddit who could infringe users' privacy.
Yet it is the non-infringing site that breaks.

Further, the devs' suggestions for remedy are not workable. They propose
moving requests to the server so that reVddit.com makes the requests to
reddit.com. There are multiple problems with this,

* It would hide more code from users

* Reddit rate-limits requests coming from a single source

* Infrastructure becomes expensive on what is supposed to be a low cost website

My conversation with devs was good but needs more. Is there any solution here,
or do we just go our separate ways?

[1] [https://github.com/disconnectme/disconnect-tracking-
protecti...](https://github.com/disconnectme/disconnect-tracking-
protection/blob/master/services.json)

[2]
[https://groups.google.com/d/msg/mozilla.dev.privacy/XO84Ezrw...](https://groups.google.com/d/msg/mozilla.dev.privacy/XO84EzrwWp0/t3cgc7H-AgAJ)

~~~
Mathnerd314
There is a similar bug in Bugzilla for redditp.com, open since 2015:
[https://bugzilla.mozilla.org/show_bug.cgi?id=1235978](https://bugzilla.mozilla.org/show_bug.cgi?id=1235978)

My general impression is that tracking protection is low-priority for Mozilla
and anyone who actually cares is using uBlock Origin / uMatrix or similar
extensions since those use filter lists that are actually updated.

~~~
rhaksw
> My general impression is that tracking protection is low-priority for
> Mozilla

It is on by default, and as you point out, breaks many innocent sites. People
may migrate elsewhere. That should bump _up_ its priority.

------
securityfreak
All of this is fantastic. I just hope the day comes, when Google is no longer
the default search engine in Firefox. Safari is my default browser, but I use
Firefox heavily for “social” media accounts. I love the extensions.

~~~
vidyesh
You can change the default to any other search engine you want. Just a few
clicks away.

~~~
securityfreak
Yes, that is true. But the hypocrisy is how Firefox criticises Google (either
directly or indirectly), but is paid by Google to have them as the default
search engine. The emphasis is on the word default, not that you can't change
it. The same thing goes for Apple with Safari. They disabled 3rd party cookies
and promote privacy, but Google is still the default browser, for which Google
pays a very large amount of money each year.

~~~
jrochkind1
They (implicitly) critisize some of Google's behavior, while taking Google's
money, yes. What makes that hypocrisy? It would be hypocrisy if they were
doing what they are critisizing; it's not clear to me it's hypocrisy to take
money from someone who is... while still critisizing them! _not_ critisizing
them because you are getting money from them might be hypocrisy...

------
Despegar
As always when it comes to Firefox and privacy, the question is why isn't it
on by default?

~~~
stuff4ben
Because it may cause some websites to break and they're aiming to provide a
good user-experience for the majority of the population. If they turn this on
by default without users knowing the risks of sites not working correctly,
they'll unfairly blame Firefox, bad mouth it, and switch to
Chrome/Edge/Safari/etc.

~~~
Despegar
That's the stated reason but it's pretty weak to me. Safari hasn't had to make
similar compromises.

~~~
mevile
I don't think you've turned on very strict anti-tracking in a browser if you
think that's a weak reason. The setting can really break websites, making them
unusable or whole blocks of content don't load. Before this update I used to
use Privacy Badger and it also broke websites all the time.

I don't believe Safari has anything like what Firefox or Privacy Badger offers
built in. So you wouldn't be able to use your default experience with Safari
as a comparison.

~~~
Despegar
Safari has been leading on the privacy front for more than a decade. They were
first to block third-party cookies by default (which led to the FTC collecting
a scalp from Google when they bypassed it), blocking trackers with ITP by
default, and blocking fingerprinting by default [1].

[1] [https://www.cnet.com/news/new-safari-privacy-features-on-
mac...](https://www.cnet.com/news/new-safari-privacy-features-on-macos-mojave-
and-ios-12-crack-down-on-nosy-websites/)

~~~
baroffoos
Firefox anti fingerprinting breaks a lot of legitimate web features because
they can be used for fingerprinting. Most notably every timestamp on the
internet no longer shows the date in your timezone and every single website
thinks you are a bot and blocks you or captcha spams you.

------
tadzik_
> At the top left of your Firefox browser, you will see an icon that looks
> like an i inside a circle. Click on it and then click on Content Blocking

...did anyone figure out what the hell that is supposed to be, or look like?
Why wouldn't they just put a screenshot.

Apparently they just mean the security settings and selecting Custom in those.
Except it's on the right. And it's stripes, not a circle. _shrug_

~~~
StavrosK
Left of the URL on the URL bar is an information icon. Click that and click
"custom" next to Content Blocking, or just go into the options at Security &
Privacy.

------
cypherpunks01
Does this just turn on the privacy.resistFingerprinting flag? I liked that
flag but it set all sites to UTC time which caused me random issues..

~~~
cpeterso
No, this is different. This feature is a block list of known fingerprinting
and cryptomining scripts. The privacy.resistFingerprinting flag changes
Firefox settings that scripts use to fingerprint users, such as User-Agent
string, window dimensions, and time zone (as you mentioned). The flag is
enabled in Tor but not Firefox because the setting changes can break some
websites or hurt performance.

------
hwj
The German version of that article has a casual slang:

> Clearly, you don't want to throw your computer out of the window and never
> use the internet again, just to get rid of ads.

[https://blog.mozilla.org/firefox/de/loesche-deinen-
digitalen...](https://blog.mozilla.org/firefox/de/loesche-deinen-digitalen-
fingerabdruck-in-firefox/)

------
anoplus
I am posting this again, because I still didn't get opinions about it and I
think it is important.

How much of Firefox success depends on donations?

I have seen successful crowd-funding projects where the budget is always
transparent and communicated to the public. I am certain this motivates the
masses to donate.

Wouldn't it be better for Mozilla to make their funding fully transparent to
attract the masses?

~~~
tngranados
I'm not sure how transparent they are about their finances, but most of
Mozilla funding comes from search engines deals to make them default in
certain regions (Yahoo, Google, Yandex and Baidu).

------
Justsignedup
I've used this feature in the past. There are some weirdneses.

You lose your timezone and ALL dates appear in UTC. This is definitely not
desirable.

Fingerprinting cannot be allowed for some sites, and thus things like android
messages cannot work because it cannot accurately identify the browser.

Hopefully they'll do something about all this.

~~~
kabacha
> You lose your timezone and ALL dates appear in UTC.

Seems like an easy fix would be to have client based converter, even more
simple than what fingerprint blocker does with screen resolution.

------
ziddoap
I find it really interesting that when a company is making moves in a
direction that benefits privacy of consumers, everyone takes the opportunity
to shit on them for past mistakes or how it isn't good enough or why isn't it
on by default or any other thing they can find to shit on.

Yes, every single company has made mistakes. FireFox is no exception. Some of
them were pretty egregious. Mistakes are - hopefully - an opportunity to learn
and adjust, move forward, and continue progress towards something we all want:
privacy.

We should absolutely call out companies when they make mistakes or ill-advised
choices. I'm not saying we shouldn't. However, we should also _applaud_
efforts that are in-line with bringing privacy to consumers. Not just spend
all of our time looking for something negative to be outraged at.

This always-negative/outrage attitude just erodes any sort of meaningful
discussion.

~~~
Kiro
Pretty sure you would never say the same thing about Google.

~~~
ziddoap
What are you basing this assumption on?

The funny thing is, no matter how I reply to your comment I lose by default.
If I say I have - you say I'm lying. If I say I haven't, your point is proven.
What option do I have?

Perhaps you'd like to chime in on the discussion at hand rather than
speculating on my personal life.

~~~
dmos62
Kiro does have a point. Not you personally, but in general the popular opinion
is that Google is morally bad, while Mozilla is good. I think it would
currently be very unpopular to say that Google just made some bad decisions,
as in it's not actually "bad", because it would muddy the one-dimensional
good-bad discourse to which most of these mainstream problems descend to. Note
I'm not actually passing judgements, just talking about group think.

~~~
ziddoap
I concede that this is a valid outlook (which I did not gather from Kiro's
comment, so thanks for clarifying).

I tried to word my comment in a way that made it clear that I believe this
mentality should apply to _all_ companies, including Google, when a company
makes a move in the direction of benefiting consumer privacy. I perhaps could
have made that more clear in my original comment.

------
scoutt
I wonder is there is the possibility (or if someone came across) of saving
(and loading) all the data of a _fingerprint state_ , or to be able to craft
one, modify it, or share it. That is, all the metadata (cookies, history,
etc.) that supposedly identifies a user-type.

It could be interesting to have a drop-down in the browser to select a "who I
want to be today" profile and be able to _see the world_ from that
perspective.

------
muxator
Whatsapp web does not show the authentication QR code if resistFingerprinting
is on. This is annoying at minimum.

I would happily use another IM, but the bad thing about network effect is that
one would need to convince everyone else to make the switch, too.

In order to take over, freedom-respecting services need to become _better_
than the non free ones not only on a technical level, but on a UX one, too.

~~~
roboyoshi
which is basically impossible of you're a non-profit or donation based
insitution versus a multi-billion dollar company. It's why Evernote is still
unreplaced and dropbox has the best filesync. Anyy,way.. I've heard good stuff
about matrix so will try to setup this over the weekend.

------
quickthrower2
Are they are biting the hand that feeds them? Interesting relationship with
Google - they get revenue from them, but are a competitor with conflicting
ideals.

I'd like to see Firefox premium services (like a dropbox clone etc.) to
provide independent revenue, so they can be aggressive for privacy.

------
t0astbread
How does this work? Does it just block domains known to host fingerprinting
scripts? If no, how does it hide addons and settings that interfere with the
website? And how does it prevent leaking information by itself that can assist
fingerprinting?

------
ddffre
What about them selling their data on the darkweb?

They claimed that there was no breach, but yet all of their database is being
sold on the darkweb.

Is it so easy to gather their database and publish it?

~~~
eVeechu7
Who is them? Whose database?

~~~
ddffre
Truecaller: [https://techunalt.com/truecaller-data-sold-on-dark-
web/](https://techunalt.com/truecaller-data-sold-on-dark-web/)

------
emptyparadise
Google Recaptcha becomes absolutely unbearable once you use this and also
block Google cookies on non-Google sites.

Given all that, features like this will not make their way to Chrome.

------
porky
At first I read "block Fingering with Firefox"

------
bitdeep
Damn... I was using some fingerprint to prevent sensitive accounts to be
stolen or misused, now moz guys is taking away my cake.

------
hinkley
I'm starting to wonder what would happen if you made a proxy that made your
web browsing look like bot traffic.

~~~
jamiek88
Captchas. Lots of captchas.

------
mod_stretch
Mozilla has been up to some questionable activity lately as well. They blocked
the Dissenter extension.

------
somezero
Does using "User-Agent switcher" or similar extensions have any effect on this
functionality?

------
amanzi
I use the Strict blocking setting and have no need for a separate adblocker.

------
thejohnstone
You should try Kameleo software manipulate your fingerprint!

------
ycombonator
Is there a test to check whether a site is fingerprinting ?

~~~
kube-system
There are likely some blacklists for known fingerprinting libraries. But,
there's nothing that can tell you for sure, because it is also possible to
fingerprint entirely server-side using the information your browser
voluntarily transmits or contextual information about your connection.

------
terrycody
Awesome feature, already activated it!

------
SmokeGS
This might make me download Firefox

------
lcao
Yes, the same browser that sent the raw browsing history of a portion of users
to a third party. Talk about tracking!

>Users who receive a version of Firefox with Cliqz will have their browsing
activity sent to Cliqz servers, including the URLs of pages they visit.

[https://blog.mozilla.org/press-uk/2017/10/06/testing-
cliqz-i...](https://blog.mozilla.org/press-uk/2017/10/06/testing-cliqz-in-
firefox/)

~~~
jszymborski
Damned if you disclose your responsible stewardship of user data, damned if
you don't.

> Less than one percent of users in Germany installing Firefox from our main
> download page will receive a version of Firefox with Cliqz recommendations
> enabled out of the box.

> Cliqz does not build browsing profiles for individual users and discards the
> user’s IP address once the data is collected.

> One of Mozilla’s core privacy principles is No Surprises: we will use and
> share data in ways that are transparent and benefit our users. That is why
> we are telling you about this today. We

> We hope that users will appreciate the improved experience, but if users
> want to turn it off, they can always disable data collection or remove the
> Cliqz add-on entirely.

~~~
sdoering
Sorry. If I want my data somewhere else I can stay with Chrome.

I switched years ago because of performance reasons. Whenever I tried to
switch back I felt stabbed in the back shortly thereafter by Mozilla.

~~~
JoshMnem
Chrome is much worse. It seems like chopping a leg off because someone stepped
on a toe.

~~~
sdoering
With Chrome I do not expect privacy. With FF every time I trust them the f __k
me over.

So - with Chrome I know what I am getting and I treat it as such. With FF I
only wanted a Browser. I never aigned up for their (internal and external)
advertising, Pocket stuff and other s __t like this.

So no - because FF brands itself as a privacy option, I hold them to a
different and much higher standard - and the fail every time.

------
Causality1
AdNauseam is an extension that clicks ads at random in the background, thus
polluting your user data. It was useful enough to get banned from the Chrome
web store.

~~~
floatingatoll
It’s probably wise not to encourage interstate advertising fraud that the FBI
might decide to investigate and arrest you for knowingly participating in.

[https://www.fastcompany.com/90273549/fbi-and-google-take-
dow...](https://www.fastcompany.com/90273549/fbi-and-google-take-down-multi-
million-dollar-ad-fraud-operation)

~~~
Causality1
They arrested people for making money by generating fake clicks on their own
site. AdNauseam isn't ad fraud any more than running a web crawler bot is ad
fraud.

~~~
floatingatoll
I’m sure you’ll be fine, eventually - but that’s not guaranteed to stop them
initially, or without a digital search of your entire computer, for example.

~~~
Causality1
Do you have any evidence that any AdNauseam user has ever been arrested for ad
fraud?

~~~
floatingatoll
I am neither a lawyer nor do I work for any criminal justice entity,
apologies. You’ll need to discuss this with a lawyer if you’re materially
concerned about this line of reasoning coming to pass.

~~~
Causality1
I, personally, think you're full of it, but I'm offering you the opportunity
to present evidence for your claim that using AdNauseam is "interstate ad
fraud" that leads to arrests of its users. If I were the dev I'd consider
those claims potentially libelous.

