Firefox Enhanced Tracking Protection doesn't seem to be working
I was reading an article on Sophos about Firefox and how it is protecting our privacy
In the comments it listed 3 sites to check how unique your browser is: https://www.deviceinfo.me – Device Info https://panopticlick.eff.org – Panopticlick https://amiunique.org – AmIUnique
I have Fingerprinters checked to be blocked but on all these sites it still was able to uniquely ID my browser. I thought I had the options set pretty well to lock it down but it doesn't seem that way. Is something not working right or ???
Thanks
Усі відповіді (16)
Do those tests reflect any specific information about how your browser is identified as "unique"? For example, tests that I have run say that my browser is a "unique" version 68. I'm on version 71.
These articles have much more information:
Trackers and scripts Firefox blocks in Enhanced Tracking Protection https://support.mozilla.org/en-US/kb/trackers-and-scripts-firefox-blocks-enhanced-track
Firefox's protection against fingerprinting https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
I went and looked again and all 3 of those sites were correct with what version of Firefox I was using (71) as well as other details that I thought would be masked with the fingerprint blocking in Firefox.
In fact 2 of them specifically said there was no browser protection from fingerprinting
Take a look at the article
Firefox's protection against fingerprinting https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
Try that config entry and test again.
Interesting.... I went into about:config and it shows
privacy.resistFingerprinting false
Yet in the options screen it is checked
It's a higher level of Fingerprinting protection. As a matter of fact, I think it's in beta but I've been using it for months. Set it to True and try the test again.
Oops! You'll need to restart Firefox.
Ok I changed that setting and restarted FF. I got mixed results, deviceinfo.me says protected and panopticlick says it is not..
Also odd that the box in the options says it protects but not really. People (like myself) would think it is working but it's not really
The Options -> Privacy & Security setting is blocking some information from being collected. resist.fingerprinting is sending out erroneous information.
You'll see different results in tests depending on how they run the test. If a test says that you're not protected, run the test again, you'll probably see different results.
https://panopticlick.eff.org/ still comes back with the same info and still says it is unique. The browser info and screen size is wrong (good) but it is showing the same values every time I visit. So even though not the correct info still enough to fingerprint this browser. I think it should be mixing that data up to make it more random.
I just tested at Panopticlick and it says: "Yes! You have strong protection against Web tracking, though your software isn’t checking for Do Not Track policies."
Which is true. I have DNT turned off. Further down in the test results it says that DNT is detected. (???)
Try it out for awhile and test at some other sites.
You can give Feedback on it at Menu -> Help -> Submit Feedback...
Weird... as I have that set now and it still comes back that browser is not protect from fingerprints and the data and we have it set the same way.
I have privacy.resistFingerprinting set to true and privacy.trackingprotection.fingerprinting.enabled set to true.
I would think that should cover it??
You should be getting good results with those settings. If you want to dig deeper, check out this article:
Firefox Privacy – The Complete How-To Guide https://restoreprivacy.com/firefox-privacy/
This article:
A comprehensive list of Firefox privacy and security settings https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/
might be a little bit outdated but, it's the real slam-dunk.
Still baffles me why Panopticlick is coming back saying it is not protecting against fingerprinting.
I'll take a look at that article you listed above.
Thanks!
These sites use a database to determine whether your browser is unique. If you are the first or first few visitors with these settings then you are considered unique. You can probably only be unique for a specific website if they would publish a list ordered by most common test results, but event then another website would likely come up with a different result and it is probably futile trying to be not unique. Regularly clearing cache and cookies and disabling third-party content and resizing the browser window makes these stats anyway not very useful for websites. A website need to deliver content to a specific IP and that will always make you unique although you can spoof this via a VPN or proxy.