ffprofile icon indicating copy to clipboard operation
ffprofile copied to clipboard
verified publisher icon allo-

Mozilla buildID

Open allo- opened this issue 8 years ago • 6 comments

Mozilla exposes its buildID via javascript, which can be used to determine the browser version even without reading the useragent. Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=583181 Addon, which could be a solution: https://addons.mozilla.org/en-US/firefox/addon/blend-in/

Is there a setting, which allows to change it without an addon?

allo- avatar Jun 24 '17 12:06 allo-

These are all the settings and current values to "blend in". (As Windows 7 64-bit, FF57). This is also changed when using "privacy.resistFingerprinting"

general.useragent.override = Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
general.appversion.override = 5.0 (Windows)
general.buildID.override = 20171112125346
general.oscpu.override = Windows NT 6.1; Win64; x64
general.platform.override = Win64

ryandaniels avatar Nov 19 '17 01:11 ryandaniels

Thank you. The problem with the setting is the same as with the override useragent field I already have: When I would integrate these directly, they will be outdated in a few weeks and make you more unique in a few month. I am not sure how to handle "most commonly used useragent" directly.

And the problem is not only the profile generator, but the generated profiles as well. People generating a profile now and using it in 2 years will appear to use an outdated browser, which increases the fingerprint and triggers "update your browser" warnings.

What do you think of the blend in addon? If they stay up to date this would probably be the better solution.

allo- avatar Nov 19 '17 09:11 allo-

Agreed, above requires constant (manual) updates. And if outdated does more harm than good.

The "Blend in" addon also has the same problem if not updated by the author. And it's another add-on running (with access to all data on all websites).

Another solution is to use the "privacy.resistFingerprinting" (which you already have an option for). But that also has problems. Firefox appears to be too old (uses FF 52 in user agent, etc) and some websites don't work properly because of that. Hopefully they will do a version bump soon.

ryandaniels avatar Nov 19 '17 18:11 ryandaniels

Resist Fingerprinting has similar issues and it is not clear how to handle it the best, see https://github.com/allo-/firefox-profilemaker/issues/56#issuecomment-333452774.

TL;DR: Resist-Fingerprinting works best if you do not touch the settings which are hardened yourself. Else the fingerprint may contain "has changed the setting", which resist fingerprinting tries to avoid.

I am still not sure how to handle such things, as we need to assume that people really use the settings only to create new profiles and never update them. This may get better when we add some merge-with-prefs.js tool.

allo- avatar Nov 19 '17 19:11 allo-