Fresh

There is no new content.

» Go to the full list

Recent comments

» 2018.02.03. 18:24:02, Note for Firefox @ Preventing misuses and misapprehensions of FireGloves

» 2017.03.12. 20:02:46, Namrata Nayak @ Predicting anonymity with machine learning in social networks

» 2017.01.13. 20:51:19, anonymous @ Preventing misuses and misapprehensions of FireGloves

» 2016.06.12. 13:52:44, Dany_HackerVille @ Preventing misuses and misapprehensions of FireGloves

» 2014.08.29. 17:16:15, [anonymous] @ Preventing misuses and misapprehensions of FireGloves

Preventing misuses and misapprehensions of FireGloves

| | 2013.08.26. 14:12:37  Gulyás Gábor  

Back

This post is about the story of FireGloves. If you don't have time to read it, the short summary is: FireGloves will not protect your privacy from being fingerprinted. For the details, please continue reading.


The history and background of FireGloves

FireGloves is a demonstrational Firefox extension that was created by a small team of researchers at the Budapest University of Technology and Economics in order to show that it is possible to defeat system fingerprinting (if you are new to the topic, read about fingerprinting here and here). At the time being it was developed (started at the end of 2011), there were no tools, even no proposals how to defeat fingerprinting. We only had a few ideas how fingerprinting techniques could work, and there were a few companies offering fingerprint-based tracking services. So we decided to create a simple tool that can show that fingerprinting can be avoided with a little loss of user experience. That was FireGloves.

(For the sake of completeness, I must mention that the Tor Browser Bundle developer team also proposed a solution in parallel, which was later compiled into their product. It was rather a simple but long standing solution: they introduced some options to limit the number of fonts what a website can load. I also made a suggestion to enhance their proposal.)

In April 2012, we introduced a new fingerprinting test demonstrating the capabilities of these techniques at a press event. FireGloves was also shown, demonstrating that we were looking for a solution, and not interested in exploiting user privacy. (For the curious reader: recent research makes it clear that the fingerprint-based tracking industry went along the direction we suspected. We also have a recently published book chapter including further predictions becoming reality.) FireGloves was successful at that time: after testing it against one of the leading fingerprinting companies, it was able to circumvent tracking.

Recent changes

However, times changed. Our development team dissolved in September 2012, FireGloves was no longer developed. Although we clarified that FG is a plugin of demonstrational purposes, it had almost 2k users constantly, and we also received a few bug reporting and support-requesting emails every month. What really urged writing this post is the wide publicity FG gained in August 2013: many users adopted the plugin in the hope of getting some protection, making a false sense of privacy. However, I must mention that we are grateful for the sites writing about FireGloves, since this publicity also raised the awareness on a very important and unsolved issue. So: thank you! :-) [Links to some of these articles can be found on the Hungarian press coverage page.]

Blowing away the misapprehensions

One of the main things why FireGloves gained visibility, that it is the only known extension of its kind. This is because fighting fingerprinting is not easy, and several aspects of protection need to be considered. Which is perhaps too much for a single extension. Secondly, probably because the achievements of FG on fingerprinting tests can be misleading (both on the Panopticlick and Fingerprinting 2.0 tests). For instance, in this video it is demonstrated that FG decreases traceability greatly. In fact, what is shown is that it is possible to protect ourselves against the vulnerabilities what these tests (and fingerprinting trackers at those times) exploited. However, fingerprinting techniques evolved since these tests were created. Thus to have an up-to-date protection FG would have also needed to be upgraded constantly.

So, what should one do?

In my opinion, it is not pointless to fight fingerprinting. To the contrary: the more users support anti-fingerprinting, the better these solutions will get. But where to look? The greatest tools currently available are the Tor Browser Bundle and the JondoFox anonymous web browsers. These are made by professionals, and include customized portable Firefox browsers. These are even modified at the source level, and include the most important extensions that one would need. (Beware! If you use too much of extensions, you loose privacy. Check out our book chapter for details, and read about the anonymity paradox.)

Closing words

Thank you for reading so far, and I hope you find this writing useful. Meaningful comments are welcome.

Oh, and if you are motivated to continue developing FireGloves, you'll find the source code on GitHub! Please let us know if you have any modifications done! I’m sure it is worth the effort.

Tags: firefox, fingerprint, user tracking, firegloves

Permalink: https://pet-portal.eu/blog/read/533/2013-08-26-Preventing-misuses-and-misapprehensions-of-FireGloves...

Back


Comments

7 comments.

2018.02.03.

Note for Firefox [ piubwfvd@yomail.info | Russia ] 2018.02.03. 18:24:02
1) about:config
2) xpinstall.signatures.required - false
3) install FireGloves
4) reboot Firefox.

2017.01.13.

anonymous [ https://amiunique.org/ ] 2017.01.13. 20:51:19
New computer fingerprinting white paper / website research. Link to their browser uniqueness check site is above.

From The Register in the UK:
"The group – Yinzhi Cao and Song Li of from Lehigh University in Pennsylvania, and Erik Wijmans from Washington University in St. Louis – have worked out how to access various operating system and hardware-level features that can fingerprint an individual machine, regardless of browser."

The Firegloves plug-in I´ve installed on the last version of Firefox that I could get to work on (46.01 on OSX) would not complete their trial, but the group demonstrates how extremely difficult it is to not become a unique ID when common identifiers are stacked together.

This is such a challenge, it appears most people have simply given up.

Welcome to the panopticon.

2016.06.12.

Dany_HackerVille [ Dany_HackerVille@gmail.com ] 2016.06.12. 13:52:44
Guys, if you want total privacy, no tracking from website, just use as addons the following: Random Agent Spoofer, Geolocater, Ip to Geolocation. the Random Agent Spoofer erase your buildID from Mozilla browser, without the buildID number you cannot be tracked, and of course use a proxy, in my opininion with the settings being made in order you have 100% privacy!!!
Good Luck!

2014.08.29.

anonymous 2014.08.29. 17:16:15
Hallo,

leider funktioniert FireGloves nicht mehr bei den aktuellen Firefox-Versionen. Ich habe die unterschiedlichen Versionen einfachen Tests mit
https://panopticlick.eff.org/
unterzogen. Danach sind die letzten voll funktionierenden Versionen von Firefox 24.0b10 bzw. 24.7.0esr. Sie können unter
https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/
geladen werden. Bookmarks und Addons blieben bei mir erhalten.

Short in English:

FireGloves works until Firefox 24.0b10 or 24.7.0esr

2013.10.19.

anonymous 2013.10.19. 12:05:04
Like Trails?

2013.10.19. 03:09:40, N Cudmore:
...
N Cudmore [ ncudmore@newashgreen.net | www.newashgreen.net ] 2013.10.19. 03:09:40
I’m wondering about a fixed configuration in a virtual machine might not be the best way to go here. By running a tiny Linux configuration with Tor, which can then run under Oracle’s virtual box, VMWare or other VM technology might this be the way forward. Since then everyone who runs the vm would then have the same fingerprint of the same ‘fixed’ configuration…..

2013.09.01.

Pete [ pete@may.com | one ] 2013.09.01. 21:42:15
What the hell is it still being pushed by Firefox if it is not working????

Post new comment

Anyone can comment, in case of unregistered senders all fields are optional. Comment can be anonymous.

Name:
E-mail:
Blog:
Confirmation code. (Generate new confirmation code.)

BBCode is a simple markup language used for formatting comments. Valid codes are:

bold: [b]Maecenas at nisl.[/b]
italics: [i]Maecenas at nisl.[/i]
underline: [u]Maecenas at nisl.[/u]
url: [url]http://www.mysite.com[/url], [url=http://www.mysite.com]Maecenas at nisl.[/url]
image: [img]http://www.mysite.com/mypic.png[/img]
quote: [quote]Maecenas at nisl.[/quote]
code: [code]Maecenas at nisl.[/code]
size: [size=12]Maecenas at nisl.[/size]
color: [color=#FF0000]Maecenas at nisl.[/color]

Send





© International PET Portal, 2010 | Imprint | Terms of Use | Privacy Policy