Randomize Browser Fingerprint..

Ideas to everything that could be useful. Proposals and tips for JonDonym programming.
Post Reply
mt2014
Posts: 2
Joined: Wed May 14, 2014 3:28

Randomize Browser Fingerprint..

Post by mt2014 » Wed May 14, 2014 4:11

JondoFox still can be easily fingerprinted:

1. check your fingerprint ID here & copy it to notepad:
http://fingerprint.pet-portal.eu/
http://www.browserleaks.com/canvas

2. Do whatever you can to delete your trace (dom storage, html5 storage, cookie, flash cookie, reinstall browser)

3. check your fingerprint once more from above sites. 99% it will still be same!

Most advertising company loves this kind of static fingerprinting, so they can track their user. , especially by big company like google. I have many clients who experienced opening adwords account then for whatever reason their account is banned for life by google, then they open new account by using all new identity (brand new unrelated browser, new credit card identity with different name, new address, new internet connection, the only difference is using same computer), you know what happend? couple days later this brand new account banned because they know it is old user that they banned before. Sometimes I dont know how can they find out, but as far as I know this guys is really really good when fingerprinting everysingle user they have. the only failproof solution is also using completely new computer or using new virtual computer using VPN provider.

Static fingerprint like this also threatening small privacy browser like torbrowser & jondofox, if big companies feel that this privacy browsers a threat they can just easily blocked all access by this browsers using their fingerprint. User will fell it is browser's bug then change another browser. It happens with opera once. This opera browser was growing fastly couple years ago and it becoming a threat for google chrome growth, so google blocked all access to most google service by opera browser then recommend big 4 browser instead.

http://dev.opera.com/blog/google-browse ... -open-web/

Now what happens? opera becomes google's bootlicker. Now they agree whatever google wants them to do. See all opera browser you will notice many google product is there now. Even opera now uses Google's Blink as their engine.

maybe jondofox should randomizing some browser data per browser session like using "Firegloves", "Random Agent Spoofer" & "IpFlood" addon? This asddon works by randomizing some browser data such as timezone, screen dimension, useragent, etc.

RAS also send fake "X-Forwarded-For" & "Via" Header (Usually used by transparent proxy to let the sites know the real ip address), if we send this fake header, the site will think that our real ip address is just a transparent proxy server.

cane

Re: Randomize Browser Fingerprint..

Post by cane » Wed May 14, 2014 9:27

JondoFox still can be easily fingerprinted:

1. check your fingerprint ID here & copy it to notepad:
http://fingerprint.pet-portal.eu/
http://www.browserleaks.com/canvas
Works only with Javascript and Javascript is disabled by default in JonDoFox. You can enable Javascript only for first party content.

It is possible to fingerprint JonDoFox - yes. But it is not easy.
3. check your fingerprint once more from above sites. 99% it will still be same!
I hope, it will be the same in 99,99%. ;-)

We try to build an anonymity group. All JonDoFox user should have the same fingerprint. That's our anonymity concept.

Randomize browser fingerprints is another (new) concept. We think about it but don't have reliable results for comparison at the moment.

mt2014
Posts: 2
Joined: Wed May 14, 2014 3:28

Re: Randomize Browser Fingerprint..

Post by mt2014 » Wed May 14, 2014 11:08

"It is possible to fingerprint JonDoFox - yes. But it is not easy."
Yes. it is because you blocked javascript by default, but theres a drawback there. Most innocent user will just abandon jondofox because they think its very buggy. TorBrowser used to disable javascript by default, their marketshare was dropping a lot that time because of that. Now they learned from that mistake:

https://www.torproject.org/docs/faq.htm ... iptEnabled

For Static fingerprint to work the userbase must be very very large. If not big company will just block access to that one fingerprint. Not hurting their income, its just very very very tiny market.

If you have huge market like apple, you can block everything and still control the market. Remember when they block flash (used to have 98% market share) by default on their ios? Every single website change their site to be able to serve apple users.

If you randomize your fingerprint with other big 4 browsers (with default setting), Big company cant just block you, if they do, they will also block very large userbase. which unlikely they will choose that route.

When speaking Anonymity static fingerprint will never gonna provide true Anonymity. Because every big company/government know how to block TorBrowser & Jondofox if they want.
prove:
-) all chinese user cant access anything when using jondofox and torbrowser, because its easily recognized and blocked by government.
-) user cant login/signup to getpocket.com using every single "true" privacy browser like dooble, torbrowser, jondofox)
true anonymity is "everything randomize" which means they dont know what browser you are using, or any info about you, because it keeps changing. you are like a ghost, they cant recognize/block you.
-) you cant signup google adwords account using torbrowser/jondofox, your account will be banned in no time.

cane

Re: Randomize Browser Fingerprint..

Post by cane » Wed May 14, 2014 13:38

TorBrowser used to disable javascript by default, their marketshare was dropping a lot that time because of that.
I think, it is not our way to reduce security to get more user. I know the opinion of TorBrowser devs is different.

But TorBrowsers fingerprint is time by time unique for an individual user if Javascript is enabled, because there are some bugs (Don't know, if they was fixed in the last time.)

Static fingerprint of JonDoFox and JonDoBrowser is equal the latest Firefox 24esr. If you want to block JonDoFox by browser fingerprint you will overblock a large user base too.

JonDo and Tor are mostly blocked by IP addresses of exit nodes and exit mixes or for high sophisticated firewalls like "Great Firewall" by detecting JonDo encryption protocol.

GMail is blocking anonymisation services by IP addresses. Google account security team wrote to Tor mailing list:
Hello,

I work for Google as TL of the account security system that is blocking your access.

Access to Google accounts via Tor (or any anonymizing proxy service) is not allowed unless you have established a track record of using those services beforehand. You have several ways to do that:

1) With Tor active, log in via the web and answer a security quiz, if any is presented. You may need to receive a code on your phone. If you don't have a phone number on the account the access may be denied.

2) Log in via the web without Tor, then activate Tor and log in again WITHOUT clearing cookies. The GAPS cookie on your browser is a large random number that acts as a second factor and will whitelist your access.

Once we see that your account has a track record of being successfully accessed via Tor the security checks are relaxed and you should be able to use TorBirdy.

Hope that helps,

Google account security team
They blocking Tor, not TorBrowser.

Aysha
Posts: 15
Joined: Fri Apr 11, 2014 18:17

Re: Randomize Browser Fingerprint..

Post by Aysha » Sat May 31, 2014 0:57

My non-technical point of view :

I am using both Tor and Jondo. It already happened to me that a website block my IP address because I am on Tor. It never happened with Jondo yet.

2 more things :

- When a website blocks me because I am using Tor, most of the time (in fact : always), as I come mostly from Startpage, I just have to click back and then switch to the Ixquick proxy address to access it.

- If a website blocks me because I am using Tor, it may simply not deserve I visit it. I can understand that Tor Ips can be blocked for forum subscriptions, etc. as some peoples use Tor for bul*** but in all other cases, NO WAY : I am just free to surf anonymously. And even if Tor, Jondo and Ixquick proxies were blocked, I am still using a VPN with another fake useragent on Jondofox. This just makes no sense.

Kameleo.io
Posts: 1
Joined: Fri May 11, 2018 11:35

Re: Randomize Browser Fingerprint..

Post by Kameleo.io » Fri May 11, 2018 11:37

Use Kameleo to stop browser fingerprinting

https://kameleo.io/
  • Defeating JavaScript fingerprinting technologies
  • Beating Canvas fingerprinting technology
  • WebRTC spoofing
  • Simply start a session with 100% privacy
  • Saving and reloading profiles with it's cookies and history
  • Notes and attachments included to your profiles
  • Proxy management for super privacy
  • Automatic updates on the defender technology

Post Reply