Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hide operating system in user-agent with fingerprinting protection enabled #701

Closed
riastradh-brave opened this issue Aug 7, 2018 · 11 comments
Assignees
Labels
closed/duplicate Issue has already been reported feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields

Comments

@riastradh-brave
Copy link
Contributor

Currently Brave's user-agent string always reports the true operating system under which it is running. This partitions the anonymity set of users by operating system. When fingerprinting protection is enabled, it should always report the same user-agent string, including the same operating system, for everyone. For comparison, the Tor Browser always reports Windows and the Firefox ESR version on which it is based: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

If Windows and Mac users report different user-agent strings, then the advertisers and NSA/GCHQ and anyone else watching can distinguish Windows and Mac users simply by looking at the user-agent strings.

If Windows and Mac users all report that they are using GNU/Hurd, then the advertisers and NSA/GCHQ and anyone else watching has to try harder to tell who's using Windows and who's using a Mac.

Forcing them to try harder is what fingerprinting protection is supposed to do.

(migrated from brave/browser-laptop#14852)

@riastradh-brave riastradh-brave added the feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields label Aug 7, 2018
@riastradh-brave riastradh-brave added this to the Releasable builds milestone Aug 7, 2018
@riastradh-brave riastradh-brave self-assigned this Aug 7, 2018
@lawl
Copy link

lawl commented Aug 8, 2018

Most fingerprinting libraries already check for this.

See e.g. getHasLiedOs() in fingerprint2.js.

Would it make sense to spoof navigator.oscpu and navigator.platform too?

@ciampolo
Copy link

ciampolo commented Aug 8, 2018

If Windows and Mac users all report that they are using GNU/Hurd, then the advertisers and NSA/GCHQ and anyone else watching has to try harder to tell who's using Windows and who's using a Mac.

This is plainly wrong. Networking stacks are implemented differently in any Kernel. A ping to any server is enough for the server to not only know (not guess but know!) your OS kernel and more likely than not very reliably guess your kernel version. No javascript executed or anything. Just a simple ping is enough. Now imagine what can be done with actual Javascript being executed..

What you are doing is making users way more unique. But appearently again my post was ignored; how surprising I am frustrated with this project calling itself "Private/Secure/Fast Browser" when THE DEVS THEMSELVES MAKE THE BROWSER EASIER FOR ADVERTISES/STATE ACTORS TO FINGERPRINT/TRACK right?

I really don't get why Brave devs want to modify such (comparably) irrelevant properties while the biggest fingerprinting/tracking points are intact? It doesn't matter how much you spoof your Useragent/navigator object if you can still get the font list of the user, if you can still apply the height/width tricks, if you can still track the version number in the ua, if you can still check the Timezone object, if you can still track the WebAudio etc. etc. etc.

@lawl
Copy link

lawl commented Aug 8, 2018

Dude, calm down. Yes you can fingerprint the OS from network connections, but this doesn't make anything easier and it doesn't leak an additional bit. At worst it does nothing.

@ciampolo
Copy link

ciampolo commented Aug 8, 2018

@lawl
Imagine a Windows/Linux/BSD user visiting a website with a Hurd Useragent. That guy will be one in at least 10 million (more realistically in one billion but lets give it the benefit of doubt). Now couple that with Brave being specifically easy to fingerprint among all Browsers; it raises entropy levels of the already high entropy provided by Brave which should be the exact opposite of what this repo would want or am I missing something?

Imagine yourself how does Tor work? People connect to random nodes and those nodes acces the websites in the name of the user. Everyone knows how Tor works so and everyone knows the Tor nodes. So if a useragent of Firefox 52 ESR Win NT connects to a website but with a Linux/BSD fingerprint it doesn't matter what the Server OS is or the Useragent of the enduser since the connection pattern is the same for every single user on the entire network. This is not the case for Brave.

@riastradh-brave
Copy link
Contributor Author

If Windows and Mac users all report that they are using GNU/Hurd, then the advertisers and NSA/GCHQ and anyone else watching has to try harder to tell who's using Windows and who's using a Mac.

This is plainly wrong. Networking stacks are implemented differently in any Kernel. A ping to any server is enough for the server to not only know (not guess but know!) your OS kernel and more likely than not very reliably guess your kernel version. No javascript executed or anything. Just a simple ping is enough. Now imagine what can be done with actual Javascript being executed..

You are correct that there are other fingerprinting vectors. The point of this issue is to force the adversary to use those other fingerprinting vectors instead of the user-agent string. If you want to discuss other fingerprinting vectors, please take that discussion to other issues.

Imagine a Windows/Linux/BSD user visiting a website with a Hurd Useragent. That guy will be one in at least 10 million (more realistically in one billion but lets give it the benefit of doubt). Now couple that with Brave being specifically easy to fingerprint among all Browsers; it raises entropy levels of the already high entropy provided by Brave which should be the exact opposite of what this repo would want or am I missing something?

This is why the issue is to make all Brave users report the same user agent, so that it is not one in ten million but ten million in ten million, and the entropy of the user agent variable would be exactly zero.

@riastradh-brave
Copy link
Contributor Author

Would it make sense to spoof navigator.oscpu and navigator.platform too?

Yes.

@bbondy bbondy modified the milestones: Releasable builds 0.55.x, Backlog Aug 16, 2018
@bbondy
Copy link
Member

bbondy commented Aug 16, 2018

I don't think we do this in browser-laptop today, and there's also some product downsides in terms of some download pages offering the wrong build types. Moving this to Backlog since Releasable builds is only for parity things with browser-laptop.

@riastradh-brave
Copy link
Contributor Author

Correct, we don't do this in browser-laptop -- issue was migrated from there. The product downsides are why I suggest it be done with fingerprinting protection enabled, rather than always.

@bbondy
Copy link
Member

bbondy commented Aug 18, 2018

Gotcha, thanks for the clarification, makes sense.

@tildelowengrimm tildelowengrimm added the priority/P5 Not scheduled. Don't anticipate work on this any time soon. label Nov 7, 2018
@rebron rebron modified the milestone: 1.x Backlog Feb 7, 2019
@rebron rebron modified the milestone: 1.x Backlog Feb 7, 2019
@maximbaz
Copy link

Until this is implemented, feel free to use my extension to get this functionality: it's a short script that basically replaces the OS part of the User-Agent with "Windows", making your User-Agent appear as one of the most common ones according to the popular Most Common User Agents report.

Initially developed for Chromium, so the script partially intersects with what Brave provides out of the box, such as language protection.

@pes10k
Copy link
Contributor

pes10k commented Jul 23, 2020

closing in favor of #9190

@pes10k pes10k closed this as completed Jul 23, 2020
@pes10k pes10k added closed/duplicate Issue has already been reported and removed priority/P5 Not scheduled. Don't anticipate work on this any time soon. labels Jul 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
closed/duplicate Issue has already been reported feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields
Projects
None yet
Development

No branches or pull requests

8 participants