external-protocol-flooding icon indicating copy to clipboard operation
external-protocol-flooding copied to clipboard

Published 20 hours ago verified publisher icon fingerprintjs

False positives?

Open Forbo opened this issue 3 years ago • 16 comments

Each time I run the test, it returns a different set of applications and gives me a different identifier. The number of applications returned varies from 3-6, although it most often returns four applications. I don't have any of the applications that it says I do. Not sure how I'm defeating this, it could be any number of the privacy oriented extensions I'm currently using. I will see if I can narrow it down.

Edit: In subsequent runs, I have now seen it report anywhere from 1-6 applications. I observed this in Firefox 88.0.1 on Ubuntu 20.04.

Forbo avatar May 13 '21 21:05 Forbo

Hey! Thanks for the feedback. Please provide information about your operating system and browsers you are testing.

spalt08 avatar May 13 '21 21:05 spalt08

Sorry, I added that info after the fact in my edit. Quick response!

Forbo avatar May 13 '21 21:05 Forbo

Further testing with Chrome & Chromium yielded different results. Chromium said that I had all 24 applications installed. Chrome said I had 12 applications installed. However, Tor Browser appears to correctly detect that I have none of the applications installed, and does so consistently.

Oddly enough, Brave seems to be exhibiting the same behavior as Firefox, in that it returns a few results (3-6) that change each time. I figured the Chromium based browsers would all be pretty uniform in their results but it seems to be all over the place.

Forbo avatar May 13 '21 21:05 Forbo

Honestly, I haven't tested it on Linux much.

However the default Ubuntu setup with default FF and Tor should work correctly. Any Chromium browser will not work, since it opens every application through xdg-open (shows the launch confirmation popup for every app)

Also, the accuracy can be low because of:

  • Custom browser settings or flags - The demo was designed for the default setup, but that doesn’t mean your custom setup is not vulnerable.
  • Poorly performant hardware (including virtual machines) - Some timings are just hardcoded and were tested on the MacBook hardware.
  • Fullscreen mode - The demo will work faster and more accurate if the browser is not in a fullscreen mode
  • Slow internet connection
  • Gestures during the process

spalt08 avatar May 13 '21 21:05 spalt08

I've got similar problems: Firefox on Linux returns 24/24 positives for me although I have like 5/24 actually installed. It tries to open using xdg-open for every protocol (which is the case in Chrom{e,ium}), I guess.

System: Debian, FF 78.7.0 - both almost default setup.

Btw: I get a Firefox error popup (yellow bar at the top) with 'The clearkey plugin has crashed' at the end of the analysis.

marvinborner avatar May 13 '21 22:05 marvinborner

If your Firefox opens applications via xdg-open - the demo will not work. You can test this by typing document.location = 'any-existing-scheme://' in the browser console.

I couldn't manage the demo to work this case.

spalt08 avatar May 13 '21 22:05 spalt08

Well, after a quick analysis this doesn't seem to be the case. My previous statement must be wrong then. The console returns Prevented navigation to “nordvpn://” due to an unknown protocol. (using nordvpn as an example as I don't have it installed). The schemeflood site does detect the presence of nordvpn though, which is weird.

marvinborner avatar May 13 '21 22:05 marvinborner

I am getting a lot of false positive on Linux.

Screenshot_20210514_130307

I have just steam, telegram, discord and zoom. Also with another browser in the same pc the same detection.

Mte90 avatar May 14 '21 11:05 Mte90

I have a very custom firefox on linux and with the same browsing session, I have different fingerprints.

Edit: now detects correctly most of the time

andmagdo avatar May 14 '21 12:05 andmagdo

Another small data-point, an up-to-date Kali Linux's OOTB Firefox setup gives 23/24 apps installed for me- which is a pretty good false positive.

(Kali is easy to download as a usable VM image, if you want to test with it)

ancipital avatar May 14 '21 14:05 ancipital

This might be affected by #10 I've just deployed the patch.

spalt08 avatar May 15 '21 11:05 spalt08

Hi, I'm on GNU/linux and I'm getting a lot of false positive on both firefox and brave.

pachainti avatar May 16 '21 07:05 pachainti

I've done more testing since the patch in #10, I see fewer apps being detected on Firefox (typically only about 1-2). Those are still false positives, and still appear to be seemingly random in which ones it detects across multiple tests.

Forbo avatar May 17 '21 16:05 Forbo

The result on Firefox may be affected by the config options in #14 as well

spalt08 avatar May 17 '21 19:05 spalt08

Tried today: image

ghost avatar May 18 '21 15:05 ghost

Tried today:

I have the same identifier show up for me I have only 5 out of 24 apps displayed installed from same list as yours.

Browser: Version 92.0.4493.0 (Official Build) canary (64-bit) (Chrome)

OS: Windows 10 Pro Version 20H2 Installed on ‎3/‎19/‎2021 OS build 19042.985 Experience Windows Feature Experience Pack 120.2212.2020.0

mokanfar avatar May 18 '21 20:05 mokanfar