ClientRects & Font Fingerprinting

Ask for help about NoScript, no registration needed to post
nishantguru007
Posts: 3
Joined: Tue Feb 06, 2018 12:51 pm

ClientRects & Font Fingerprinting

Post by nishantguru007 »

Can anyone help if noscript can block clientRects and Font fingerprinting in Firefox browser? If its possible, then please explain how to do it from noscript dashboard with custom rules.

Let me explain in detail for more information.

when u visit https://browserleaks.com/rects & https://browserleaks.com/fonts, you will see the signature firefox browser revealing. It is unchanged if you use proxy service or vpn. I am more worried because its related to the privacy when browsing over the internet.

For clientrects & other fingerprints, I found noscript is not working or I don't know the configuration if it is possible.

http://jcarlosnorte.com/security/2016/0 ... nting.html

1) if u visit the above link and visit http://jcarlosnorte.com/assets/ubercookie/ , you will see the amazing result of system input hardware, computing power of your computer & memory speed of your computer.
2) It also reveals mouse wheel movements and speed fingerprinting if u visit test page at - http://jcarlosnorte.com/assets/fingerprint/

I am afraid if noscript is having securities against all above things. I have found noscript working for ABE, XSS, Clearclick & many other things, but don't know if it protects against all above methods.
Last edited by barbaz on Thu Mar 08, 2018 3:05 pm, edited 1 time in total.
Reason: Made links clickable
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: ClientRects & Font Fingerprinting

Post by therube »

What version of NoScript are you using?
Is there any change If you use NoScript 2 (which I guess works in FF 52?) ?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.2
nishantguru007
Posts: 3
Joined: Tue Feb 06, 2018 12:51 pm

Re: ClientRects & Font Fingerprinting

Post by nishantguru007 »

Hi therube,
Thanks for quick response. I use tor browser. Means I use tor browser without tor network ( with my real ip) to get all the possible securities against gebgl, webrtc, canvas and many others.
But, I think this doesn't work in firefox latest version of quantaum I checked. I dont know the version but I have upgraded browser + plugins and sure noscript has the latest version.

Let me know if I am wrong. sorry I am new to this forum & I am not super expert to all of the things. Still, let me know what exact full info u need?

Nishant
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
nishantguru007
Posts: 3
Joined: Tue Feb 06, 2018 12:51 pm

Re: ClientRects & Font Fingerprinting

Post by nishantguru007 »

Hi All Members,
Can anyone really help into this?

Regards,
Nishant
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ClientRects & Font Fingerprinting

Post by barbaz »

If you block active content, site can't do this sort of fingerprinting.
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: ClientRects & Font Fingerprinting

Post by Giorgio Maone »

Furthermore, the Tor Browser has its own additional countermeasures against fingerprinting, some of which rely on the built-in NoScript and some, like in this case, are independent.
That's because NoScript's focus main focus is not anonymity, but Tor's is.
So just keep using the Tor Browser if you want to stay as anonymous as possible, and be assured that the next Tor Browser version based on Firefox 60 and bundling NoScript Quantum will be as safe and anonymous as the current one.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
white angus

Re: ClientRects & Font Fingerprinting

Post by white angus »

Hi,

Tor doesn't block clientrects fingerprinting and it's a serious problem. Same thing for domrects fingerprinting.
The only solution I found is CanvasBlocker addon for firefox.
This addon can send fake clientrects and domrects value, audio fingerprinting, canvas can be faked too.

modify settings for send fake value, with persistence for a 1 hour so if each page of a website ask these values, canvasblocker send the same so the addon is not detected !

have a nice day and fight for privacy !
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
musonius
Master Bug Buster
Posts: 203
Joined: Sun Jul 08, 2018 5:38 pm

Re: ClientRects & Font Fingerprinting

Post by musonius »

According to my understanding, disabling JavaScript would protect against those threats as well. This seems to be part of Tor Browser's protection against fingerprint which relies on NoScript. However, as soon as one absolutely has to enable JavaScript, this may be a problem indeed.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Post Reply