-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AudioContext Fingerprint Blocking? #71
Comments
I think this fingerprinting could be handled the same as canvas fingerprinting. But I'm not sure if this should be done in a separate addon. Both aproaches have benefits. |
What's the state on this? It is still talked about (https://webtransparency.cs.princeton.edu/webcensus/#audio-fp) and I think solving this would be good. Anyone interested to post his results from https://audiofingerprint.openwpm.com/ ? PS: Also it's not going to be present in uBlock Origin: gorhill/uBlock#1647 [closed]. |
There is no state yet. Had no time to dig into this subject. |
No problem, I see that even the TorBrowser guys are still working on this: https://trac.torproject.org/projects/tor/ticket/13017 |
From what I can tell, the most popular fingerprinting methods here involve the usage of:
I'm not sure if the same fingerprinting could be pulled off with time-domain data (AnalyserNode.getFloatTimeDomainData() / AnalyserNode.getByteTimeDomainData()). See:
I wouldn't be surprised if there are other methods of obtaining audio data in the API, though. |
Has anyone identified an extension that has been created to address this issue yet? Thanks |
I don't know about any addon but Mozilla has made it possible to disable the AudioContext API by setting dom.webaudio.enabled to false (https://bugzil.la/1288359). It's marked for being included in Firefox 51 which is schedules for 2017-01-24 (https://wiki.mozilla.org/RapidRelease/Calendar) so if you want to use it now you'll have to use beta/aurora/nightly. I also haven't really looked into where AudioContext is used so disabling it might break something. |
If it is opt out by default, it would make you more track-able or no? |
So you're mainly interested in the faking modes? |
I guess, I'm not convinced an opt out is the way. I don't know enough about it though, you tell me. |
I totally agree that an opt out is not the best way. Faking would be better. |
There is SIlverdog extension for chrome regarding audio fing. |
@jugi1 are we sure this extension is directly related to this issue? It sounded a bit different from what I read there. I could be totally wrong, anyone test it on FF yet? Awaiting eagerly for your response, thank you. Edit: |
The mentioned site works fine on my end. |
I tried it again today, it's working again, this is still, unfortunately, a problem, at least in Waterfox, not sure if FF 57 fixed it, but I doubt it. Thanks |
@jetwhiz Do you know how to reconstruct function AnalyserNode.getFloatFrequencyData() to add some noise to the data? |
Perhaps you can reuse the source code from the WebExtension AudioContext Fingerprint Defender? |
Thank you! |
I'll have a look. |
Well... I had a look and am not impressed. I think I can do better. |
Nice to hear and happy to get two in one. :) Cheers |
@kkapsner Thank you and cheers |
The basics are already finished, but I have to rethink some RNG things. I think I can provide an alpha within the next week. |
OMG... you made my day. 😄 |
https://github.com/kkapsner/CanvasBlocker/releases/tag/0.4.6-Alpha1
Please test and give feedback. |
Just imported to my main profile and already found a bug... you must not activate storeImageForInspection... |
At first glace it looks that this works as it shoud. |
New alpha: https://github.com/kkapsner/CanvasBlocker/releases/tag/0.4.6-Alpha2 Please test and give feedback. @DRigby26: now it should not be persistent. |
It looks like those two fingerprints are still persistent for me. |
Weird - I get non persistent values. What are your CB settings? |
Same here, they are persisten... default settings. |
Same here { |
Can you please set the logging level to "warning" and tell me if you see any messages in the browser console (to open hit F12 and go to console) that have a "[CanvasBlocker]" in it? Which Firefox version are you using? |
Additional you can set the fixed indices to "0,1" which should force the first two numbers of these two fingerprints to change. |
Oh okay that seemed to work for the first two number which are not persistent. I also checked the browser console, and found no warnings. I set it back to 9 and noticed only the 9th index was changing along with the the 4th index in the Oscillator Node fingerprint, but the other numbers seem to be mostly the same. |
So I went ahead and set it fixed to spoof all the indices and it did that! |
If |
Oh yeah it stays the same for me too. |
The point is that I cannot change all numbers as this would be way too slow (each request contains 44100 datapoints). I have to look into the sum and the hash to check why they stay the same. |
This test page... I will create my own as it is slow and badly written. |
I figured out the problem and will provide a new alpha soon. |
Awesome! Thank you! |
I created this test page which provides the same hash and sum, but is much faster: http://kkapsner.github.io/CanvasBlocker/test/audioTest.html There you can see that the other addon does not fully protect you. The second hash will stay constant. |
New alpha: https://github.com/kkapsner/CanvasBlocker/releases/tag/0.4.6-Alpha3 |
This looks super cool now :) |
It looks great to me so far! Thank you! |
@crssi: the indices that are changed in the audio data are usually picked at random. With the "fixed indices" you can pick some by yourself. The default is to chose one from 0-30 at random by browser start. If I would always fake all audio data entries CB would render the other test page not useable - my test page is actually fine... so I will also add a 10% and 100% buffer fake rate. |
The new release is out. |
Thank you!!! |
No videos on the most popular Swedish new sites play with CV 0.5.1.0b enabled. Examples |
Please try 0.5.1.1b |
I can now play all three videos thanks to your bug fix in that version. |
You're welcome. |
It looks like the world could really use a per-site blocker/spoofer for the AudioContext API. (See https://audiofingerprint.openwpm.com/) Maybe blocking/spoofing this API could be added to CanvasBlocker? Or, if that's too much a departure, maybe a separate extension using the same per-site blocker/spoofer model as CanvasBlocker?
The text was updated successfully, but these errors were encountered: