Context Navigation

Changes between Version 2 and Version 3 of Fingerprinting

Timestamp:: Dec 29, 2010, 4:41:00 AM (14 years ago)
Author:: robert@roberthogan.net
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

Fingerprinting

-              v2
+              v3
 be considered.
 The WebKit bugzilla entry for tracking progress against items in this page is:
+The bugzilla entry for tracking progress against items in this page is:
   * https://bugs.webkit.org/show_bug.cgi?id=41801
 …
 WebKit defines private browsing as:
 {{{
+// When this option is set, WebCore will avoid storing any record of browsing
+activity
+// When this option is set, WebCore will avoid storing any record of browsing activity
 // that may persist on disk or remain displayed when the option is reset.
 // This option does not affect the storage of such information in RAM.
 …
 == Things that aren't 'Private Browsing' but are 'Fingerprinting' ==
 === 1. Session Isolation ===
+=== 1. Session Isolation === #SessionIsolation
 If you have implemented an anti-fingerprinting mode you don't want a website
 to access information from the browser's normal mode - doing so might reveal
 …
 sidechannel-cookies such as 'window.name'.
+== A 'Tracking-Resistant Mode' vs 'A Tracking-Resistant Browser' ==
+If you implement a tracking-resistant mode which users can switch in and out of then
+you need to worry about SessionIsolation. If websites can read cookies and cache objects
+from your browser's 'normal' mode that will undo a lot of the work you have put into
+managing the user's fingerprint in tracking-resistant mode. This means you will have to
+ensure the browser maintains separate profiles for each mode and no information is shared
+between them.
+This is not a concern if you are impementing a browser that is always tracking-resistant, since
+you can purge cookies and cache objects without having to worry about the state of any other
+sessions maintained by the user.
 == Creating a Common Fingerprint ==
 This page is premised on the notion that the best way to mitigate against
 …
 hard to implement and even harder to get right.
 = Creating a Static and Common Fingerprint for your WebKit Browser =
+= Creating a Static Fingerprint for your WebKit Browser =
 == 1. Javascript Objects ==
 …
 The document.referrer property needs to be managed in the same way as
+[Referer Header and Origin Header] below.
+=== ii. History Object ===
+history.length::
+This value has potential, in cases where it is unusually high due to prolonged
+use of a single browser/tab session, to assist sites in tracking the
+user. That said, such users already have a pretty revealing cache and
+coookie data set.
+[#RefererHeader Referer Header and Origin Header] below.
+=== ii. Window.History Object ===
+[https://developer.mozilla.org/en/DOM/window.history history.length] has the potential, in cases where it is unusually high due to prolonged
+use of a single browser/tab session, to assist sites in tracking the user. In the case of long-running sessions you may need
+to update the value periodically so that it does not become revealing.
 === iii. Window object ===
 …
 === v. Screen object ===
 Torbutton and Torora use the following values for the Screen object's
+[http://www.torproject.org/torbutton/index.html.en Torbutton] and [https://github.com/mwenge/torora Torora] use the following values for the Screen object's
 properties:
 …
 }}}
 Entropy for the values provided here is as much as 4.83 bits.
+Entropy for the values in the Screen object can be as much as 4.83 bits.
 ===  vi. Navigator Object ===
 …
 object and decide on a set of values that can remain static across many
 releases as long as possible. You will also need to ensure that the values
 decided upon here are also presented in the user-agent HTTP header by your
+decided upon here are also presented in the [#UserAgentHeader user-agent HTTP header] by your
 browser.
 …
 it - making it a relatively safe option to follow IE's suit. If you do expose
 a list of plugins through this property you will need to ensure your decision
 is consistent with the behaviour you have implemented under Plugins below.
+is consistent with the behaviour you have implemented under [#InstalledPlugins Plugins] below.
 === vii. Date Object ===
 …
   * https://bugs.webkit.org/show_bug.cgi?id=46566
+== 3. CSS ==
+== 3. Form Auto-Filling ==
+Javascript can inspect the contents of form fields at any time so auto-completing forms with
+cached values should be avoided. At the very least you will want to ensure that values cached
+from the normal browsing mode are not used when in tracking-resistant mode. The safest bet is
+to disable auto-completion altogether.
+== 4. CSS ==
 ===  i. CSS Media Queries ===
 …
 CSS rules may be used to inspect locally available fonts. A working example of
 this 'font introspection' using simple CSS rules can be found at
 http://flippingtypical.org.
+http://flippingtypical.com.
 WebKit currently does not offer a means of countering this.
 …
 fonts are locally available when CSS rules are evaluated.
 See also Fonts.
+See also [#Fonts Fonts] below.
 === iii. Querying Page History with CSS ===
 …
 == 4. Plugins and Java Applets ==
+== 5. Plugins and Java Applets ==
 If you want complete control over the information your browser reveals to
 …
 still scope for collecting a lot of information.
 === i. Using the List of Installed Plugins To Build Up A Fingerprint ===
+=== i. Using the List of Installed Plugins To Build Up A Fingerprint === #InstalledPlugins
 As well as isolating users who have an exotic set of installed plugins, a major
 …
 == 5. SilverLight And ActiveX ==
+== 6. SilverLight And ActiveX ==
 TBC
 == 6. Fonts ==
+== 7. Fonts == #Fonts
 A site may render a page in a number of different fonts and then use
 …
 == 7. Cookies ==
+== 8. Cookies ==
 You either have these (i) disabled completely, (ii) clear them every time a new
 …
 your implementation of the Page Cache.
 == 8. Third Party Cookies ==
+== 9. Third Party Cookies ==
 If you are clearing all cookies periodically then third-party cookies are not
 …
 bug.
 Most WebKit ports offer you the possibility of managin third-party cookies
+Most WebKit ports offer you the possibility of managing third-party cookies
 however you choose, and the default behaviour between WebKit ports often
 differs - Safari is the most restrictive as it does not allow 3rd parties to
 …
   * https://bugs.webkit.org/show_bug.cgi?id=45455
 == 9. Page Cache ==
+== 10. Page Cache ==
 The [http://samy.pl/evercookie/ evercookie] is an excellent practical
 …
 the page cache in the same way.
 == 10. HTTP Headers ==
+== 11. HTTP Headers ==
 You will need to decide what to do with the Referer header, the Origin header,
 the Accept header, and the Accept-Language header.
+=== i. User-Agent Header ===
+=== Manipulating HTTP headers in QtWebKit ===
+In QtWebKit you can manipulate HTTP headers by subclassing QNetworkAccessManager and
+reimplementing:
+{{{
+QNetworkReply * QNetworkAccessManager::createRequest ( Operation op, const QNetworkRequest & req, QIODevice * outgoingData = 0 )
+}}}
+You could then perform the following:
+{{{
+    if (req.hasRawHeader("Referer"))
+        req.setRawHeader("Referer", "/");
+    if (req.hasRawHeader("Origin"))
+        req.setRawHeader("Origin", "/");
+}}}
+=== i. User-Agent Header === #UserAgentHeader
 Whatever decision you make about the User-Agent header, be prepared to stick
+with the values you set initially for as long as possible.
+=== ii. Referer Header and Origin Header ===
+with the values you set initially for as long as possible. The simple reason for this is that
+every change to the user-agent will divide your userbase into those who have the old header and those
+who have the new one - creating new, unnecessary entropy each time.
+=== ii. Referer Header and Origin Header === #RefererHeader
 Manipulating these headers isn't strictly a fingerprinting-resistance
 …
 aggressive cache-clearing policy.
 == 11. DOM LocalStorage/DOM SessionStorage/DOM GlobalStorage ==
+== 12. DOM LocalStorage/DOM SessionStorage/DOM GlobalStorage ==
 Private browsing in WebKit denies read and write access to DOM storage since
 https://bugs.webkit.org/show_bug.cgi?id=49329.
+== 12. GeoLocation ==
+== 13. TLS/SSL Session IDs == #SessionIDs
+WebKit does not implement your TLS/SSL network connections, but if you are offering
+a tracking-resistant mode to users you will need to ensure that you keep a separate
+TLS session cache for tracking-resistant mode.
+You need to avoid the situation where a user can go to https://gmail.com in
+ordinary mode, open a window in tracking-resistant mode, go to https://gmail.com and
+use the same TLS Session ID from ordinary mode to resume that TLS session.
+For more information see:
+  * http://code.google.com/p/chromium/issues/detail?id=30877
+== 14. TLS/SSL Client Certificates ==
+As with [#SessionIDs Session IDs], WebKit is not responsible for your SSL stack. But you will need to ensure
+that you keep a separate certificate store for use in tracking-resistant mode.
+See also:
+  * http://code.google.com/p/chromium/issues/detail?id=47129
+== 15. GeoLocation ==
 You will, um, need to ensure you disable geolocation if it supported by your
 …
   * https://www.torproject.org/torbutton/design/#FirefoxBugs
   * http://browserspy.dk
+  *http://blog.torproject.org/blog/firefox-private-browsing-mode-torbutton-and-
+  fingerprinting
+  * http://blog.torproject.org/blog/firefox-private-browsing-mode-torbutton-and-fingerprinting
   * http://www.collinjackson.com/research/private-browsing.pdf
   * https://wiki.mozilla.org/Security/Anonymous_Browsing
 …
   * https://wiki.mozilla.org/Thirdparty
   * http://lists.macosforge.org/pipermail/webkit-dev/2009-May/007788.html
+  * http://flippingtypical.org
+  * http://flippingtypical.com