firefox 85 android

@Pants

Please, stop the misdirection. Yes, DRM is not part of, or covered by, the privacy.resistFingerprinting flag, but the module itself is fingerprintable and therefore falls under the entire “anti-fingerprinting” umbrella. Enabling it makes fingerprinting easier;

> it still is. Please learn to fact check

This issue of yours attempts to change that, and was created today:

https://github.com/arkenfox/user.js/issues/1107

I didn’t say that you already altered it in the user.js itself – if you did, that would be even worse than mere considerations.

> it already has mechanisms in place, please learn to read what a template, readme, wiki, instructions and setup tags are.

Nowhere do you hint in there that users should use streaming apps outside of the browser – the only reasonable reaction to a fingerprintable blackbox in the browser.
Leave me alone with all that “template” talk – you offer a preconfigured config file that is meant to be halfway workable at least; otherwise, why would you even consider enabling DRM by default for usability reasons? Those are usability considerations are contradicting your “template” claim. Not all recommendations on a “template” (= recommendation list users can selectively choose from) must be workable (however, those on a preconfigured config must be workable – hence usability considerations), a “template” would also provide extensive reasoning why a certain change was made and what alternatives are reasonable etc.

> I’ll make it easy for you .. take the reddit script and let me know the metrics gained and how much entropy they contain. Looking forward to your detailed breakdown

It checks for the following things:

– If DRM modules are available at all, whether it’s enabled or disabled.
– What type of DRM module it is.

I quote:

“In July 2020, Reddit started running a javascript program that launches a fingerprinting attack (which makes it possible to persistently track individuals around the web) against the user’s web browser. Part of the script attempts to load every possible DRM module that browsers can support, and logs what ends up loading as part of the data collected. Users noticed this when Firefox began alerting them that Reddit “required” them to load DRM software to play media, although none of the media on the page actually needed it.”

source: https://en.wikipedia.org/wiki/Encrypted_Media_Extensions#Criticism

DRM is just one possible fingerprinting vector, so one CANNOT identify a user JUST based on DRM. However, DRM is a further identifier on a list of identifiers that together form the fingerprint – you know that, those are the basics. Why would you allow yet another identifier?

> secondly: arkenshill?

Accurate description. I like to call it “Tor copycat effort”, but everyone has different wording of course.

PS: I am waiting for your user.js to to resolve the fact that Firefox still connects to firefox.settings.services.mozilla.com even if your user.js is fully applied – please resolve. By the way, there is no about:config flag for that, so good luck modifying the code.

(Excerpt) Read more Here | 2021-02-02 04:07:30
Image credit: source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.