InformAction Forums

Can anyone help if noscript can block clientRects and Font fingerprinting in Firefox browser? If its possible, then please explain how to do it from noscript dashboard with custom rules.

Let me explain in detail for more information.

when u visit https://browserleaks.com/rects & https://browserleaks.com/fonts, you will see the signature firefox browser revealing. It is unchanged if you use proxy service or vpn. I am more worried because its related to the privacy when browsing over the internet.

For clientrects & other fingerprints, I found noscript is not working or I don't know the configuration if it is possible.

http://jcarlosnorte.com/security/2016/0 ... nting.html

1) if u visit the above link and visit http://jcarlosnorte.com/assets/ubercookie/ , you will see the amazing result of system input hardware, computing power of your computer & memory speed of your computer.
2) It also reveals mouse wheel movements and speed fingerprinting if u visit test page at - http://jcarlosnorte.com/assets/fingerprint/

I am afraid if noscript is having securities against all above things. I have found noscript working for ABE, XSS, Clearclick & many other things, but don't know if it protects against all above methods.

What version of NoScript are you using?
Is there any change If you use NoScript 2 (which I guess works in FF 52?) ?

Hi therube,
Thanks for quick response. I use tor browser. Means I use tor browser without tor network ( with my real ip) to get all the possible securities against gebgl, webrtc, canvas and many others.
But, I think this doesn't work in firefox latest version of quantaum I checked. I dont know the version but I have upgraded browser + plugins and sure noscript has the latest version.

Let me know if I am wrong. sorry I am new to this forum & I am not super expert to all of the things. Still, let me know what exact full info u need?

Nishant

Hi All Members,
Can anyone really help into this?

Regards,
Nishant

If you block active content, site can't do this sort of fingerprinting.

Furthermore, the Tor Browser has its own additional countermeasures against fingerprinting, some of which rely on the built-in NoScript and some, like in this case, are independent.
That's because NoScript's focus main focus is not anonymity, but Tor's is.
So just keep using the Tor Browser if you want to stay as anonymous as possible, and be assured that the next Tor Browser version based on Firefox 60 and bundling NoScript Quantum will be as safe and anonymous as the current one.

Hi,

Tor doesn't block clientrects fingerprinting and it's a serious problem. Same thing for domrects fingerprinting.
The only solution I found is CanvasBlocker addon for firefox.
This addon can send fake clientrects and domrects value, audio fingerprinting, canvas can be faked too.

modify settings for send fake value, with persistence for a 1 hour so if each page of a website ask these values, canvasblocker send the same so the addon is not detected !

have a nice day and fight for privacy !

According to my understanding, disabling JavaScript would protect against those threats as well. This seems to be part of Tor Browser's protection against fingerprint which relies on NoScript. However, as soon as one absolutely has to enable JavaScript, this may be a problem indeed.