Firefox finally adding resistFingerprinting outside of about:config?

UniqueName · November 2, 2023, 8:39pm

I was looking at the release notes for Firefox 120 (in beta right now), and I noticed that they’re adding Canvas API protections to private windows and when Strict mode is enabled.

Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection, thereby continuing to protect our users’ online privacy.

from: Firefox Beta 120.0beta, See All New Features, Updates and Fixes

Is this the start of resistFingerprinting finally getting actual UI implementation? I know that canvas protection is just one part of it, but could this be signalling a full implementation of fingerprinting protection in the GUI by Mozilla?

SkewedZeppelin · November 2, 2023, 9:09pm

FFP is a less aggressive version of RFP.

xe3 · November 2, 2023, 9:56pm

Have you (or anyone else reading this) come across any good explainers/high level comparisons between RFP (‘Resist Fingerprinting’) and FPP (‘Fingerprinting Protection’?

Bonus points for a comparison between RFP, FPP, Canvas Blocker, as well as Brave’s randomization based approach.

UniqueName · November 3, 2023, 2:03am

Oh, so would it be using a lesser implementation of canvas randomization, maybe like Brave Shields set to standard for example?

AlphaElwedritsch · November 3, 2023, 5:23am

Why only in private windows?

sha123 · November 3, 2023, 7:32am

github.com/arkenfox/user.js

ToDo: diffs FF111-FF112

opened 11:55AM - 22 Apr 23 UTC

closed 03:01PM - 03 May 23 UTC

earthlng

enhancement task diffs

FF112 is [scheduled](https://wiki.mozilla.org/Release_Management/Calendar) for r…elease Apr. 11th [FF112 release notes](https://www.mozilla.org/firefox/112.0/releasenotes/) [FF112 for developers](https://developer.mozilla.org/docs/Mozilla/Firefox/Releases/112) [FF112 security advisories](https://www.mozilla.org/security/advisories/mfsa2023-13/) --- 61 diffs ( 31 new, 15 gone, 15 different ) ### new in v112.0: - FYI: **_these are not RFP, they are FPP which is different_** (see below) and these are WiP - pref("privacy.resistFingerprinting.randomization.daily_reset.enabled", false); - pref("privacy.resistFingerprinting.randomization.daily_reset.private.enabled", false); - pref("privacy.resistFingerprinting.randomization.enabled", false); - e.g. to be removed in [1829643](https://bugzilla.mozilla.org/show_bug.cgi?id=1829643) --- **_FYI: FPP:_** Mozilla are going to very slowly roll out a thing called FPP (FingerPrint Protection) into PB windows. This is a WiP. It will be ready when they announce it. Phase 1 includes fonts at vis level 2 (i.e only allow os system fonts), subtle canvas randomizing (excluding IsPoinInPath and isPointInStroke), and _I think_ window positions = 0. Last but not least, removing _math entropy_ in audio for all FF users - note this does not remove all entropy, and RFP has additional protections which should then make all RFP users the same per platform (because Hrtz etc affect results but RFP sets those). There will be a combination of 4 prefs: 2 x RFP, 2 x FPP, for all and pb modes. And not all combinations will be engineered. And RFP should always take precedence over FPP. ~~One thing I do know is that down the road we can use RFP in normal mode, and FPP in PB mode - which might be a great way to reduce breakage for some users frequent sites. I do know we cannot have the reverse (RFP in pb mode and FPP in normal mode)~~ edit: RFP always overrides FPP, so any split would be FPP in normal mode, and RFP in PB mode. In the future, FPP can be a choice for those who don't like or can't use RFP but do want some randomizing. FPP is going to very compat, to the point where webcompat will be able to override individual protections on troublesome sites. So if FB breaks webcompat silently disables the problematic protection for FB when they add that site compat rule - so clearly this is a very different threat model, but may suit some people. Over time more protections will be added to FPP. I see this as replacing the need for Canvas Blocker In order to enable/disable parts of FPP in testing, the two toms (ritter, schuster) and tim, and I'm sure there some more on the team, as a WiP, have engineered each protection as a `target`. So each target can globally be flipped on and off. This same targeting is somewhat related to the per site compat thing - but the pref itself is global. This same mechanism will also be able to be used for RFP (but super not recommended). In TB for example it would be locked off. Oh, and FPP will be tied to ETP. So this answers all the people's questions about .. can I use RFP but turn off timezone and prefers-light. While I don't really recommend it, I need to think thru the ramifications a bit more. RFP is certainly more robust than an extension, and we're only confident of fooling naive scripts (don't get me wrong, advanced scripts have different levels of advanced, so full RFP most certainly does have an effect), so my gut feeling is that `this is fine` too. That's all I'm going to say. All this is available in public bugzillas, and I know as much as that. I just spent a week in costa rica with the tor project (and tom ritter was there too, and we had a session on FPP as to what it is and how it relates to, or could enhance, RFP). Other than that (public info), it's all inhouse and tightly kept a secret (fair enough) So that's about all I know (there is more: like exceptions and cascading iframes, i.e cross domain, but let's not go down the rabbit hole just yet), and it's fairly complicated and a WiP, so please don't ask questions. Let's just wait and see what happens when it lands and is announced by Firefox (because by then it should be robust and working as planned) -thorin --- ### changed in v112.0: FYI - pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM"); - prev: `tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM` - diff: `emailTP, emailTPPrivate` added --- ### ignore <details><summary>click me for details</summary><p> ==NEW ```js pref("browser.history_swipe_animation.disabled", false); pref("browser.newtabpage.activity-stream.discoverystream.spoc-topsites-positions", "1"); pref("browser.promo.cookiebanners.enabled", false); pref("browser.translations.useHTML", false); pref("browser.urlbar.resultMenu.keyboardAccessible", true); pref("dom.checkedUnsafePtr.dumpStacks.enabled", false); pref("dom.element.popover.enabled", false); pref("dom.memory.foreground_content_processes_have_larger_page_cache", true); pref("dom.window_position_size_properties_replaceable.enabled", true); pref("gfx.webgpu.ignore-blocklist", false); pref("gfx.webrender.dcomp-video-check-slow-present", true); pref("gfx.webrender.max-shared-surface-size", 2048); pref("gfx.webrender.scissored-cache-clears.enabled", true); pref("gfx.webrender.scissored-cache-clears.force-enabled", false); pref("javascript.options.wasm_extended_const", true); pref("layout.css.exp.enabled", false); pref("layout.css.forced-color-adjust.enabled", false); pref("layout.css.motion-path-offset-position.enabled", false); pref("network.auth.supress_auth_prompt_for_XFO_failures", true); pref("network.trr.ohttp.config_uri", ""); pref("network.trr.ohttp.relay_uri", ""); pref("network.trr.ohttp.uri", ""); pref("network.trr.use_ohttp", false); pref("print.save_as_pdf.use_page_rule_size_as_paper_size.enabled", false); pref("privacy.query_stripping.listService.logLevel", "Error"); pref("privacy.trackingprotection.emailtracking.pbmode.enabled", true); pref("security.sandbox.utility-wmf-cdm.lpac.enabled", false); pref("security.tls.ech.grease_http3", false); ``` ==REMOVED, RENAMED or HIDDEN ```js pref("browser.display.normal_lineheight_calc_control", 2); pref("browser.display.show_loading_image_placeholder", false); pref("browser.urlbar.weather.zeroPrefix", true); pref("dom.fileHandle.enabled", false); pref("editor.css.default_length_unit", "px"); pref("editor.hr_element.allow_to_delete_from_following_line", true); pref("editor.initialize_element_before_connect", true); pref("editor.positioning.offset", 0); pref("editor.resizing.preserve_ratio", true); pref("editor.use_div_for_default_newlines", true); pref("gfx.webgpu.force-enabled", false); pref("layout.css.moz-box-flexbox-emulation.enabled", false); pref("security.sandbox.content.tempDirSuffix", ""); pref("security.sandbox.plugin.tempDirSuffix", ""); pref("widget.pause-compositor-when-minimized", true); ``` ==CHANGED ```js pref("browser.newtabpage.activity-stream.discoverystream.saveToPocketCard.enabled", true); // prev: false pref("browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled", true); // prev: false pref("dom.media.autoplay-policy-detection.enabled", true); // prev: false pref("dom.mozTextStyle.enabled", false); // prev: true pref("dom.quotaManager.backgroundTask.enabled", true); // prev: false pref("dom.sitepermsaddon-provider.separatedBlocklistedDomains", "shopee.co.th,shopee.tw,shopee.co.id,shopee.com.my,shopee.vn,shopee.ph,shopee.sg,shopee.com.br,shopee.com,shopee.cn,shopee.io,shopee.pl,shopee.com.mx,shopee.com.co,shopee.cl,shopee.kr,shopee.es,shopee.in,alipay.com,miravia.es"); // prev: "shopee.co.th,alipay.com,miravia.es" pref("dom.workers.pFetch.enabled", true); // prev: false pref("gfx.max-alloc-size", 2147483647); // prev: 500000000 pref("gfx.webrender.dcomp-video-sw-overlay-win", true); // prev: false pref("html5.inert.enabled", true); // prev: false pref("layout.css.linear-easing-function.enabled", true); // prev: false pref("layout.css.overflow-overlay.enabled", true); // prev: false pref("layout.forms.reveal-password-context-menu.enabled", true); // prev: false pref("security.webauth.u2f", false); // prev: true ``` </p></details>

UniqueName · November 3, 2023, 2:05pm

looks like Thorin has already answered that here:

github.com/arkenfox/user.js

FYI: future fingerprinting options

opened 03:05AM - 02 Sep 23 UTC

Thorin-Oakenpants

discussion fingerprinting FYI

oh, I should also mention that in the future we will be able to have two differe…nt mode of FP protection, and RFP will be able to have some protections disabled So the first is we will be able to use RFP in normal windows, and FPP in private windows. FPP is a work in progress (and almost ready). Initially (more will be added) will subtly randomize canvas, audio has been normalized for all users in FF118+, it returns 0 for window/screen positions (I think) and it will use font vis level 2. ~~So in effect, if something is totally fucked in normal mode, you can just flick it open in a PB window. FPP will also have compat rules - so they can ship an unbreak per site (i.e not apply e.g. canvas on site A) - but these are very basic protections so far and shouldn't break anything~~ ~~No, we cannot have FPP in normal windows and RFP in PB mode - it's not engineered to do that~~ we can only have a mix of these in this config: normal windows FPP, pbmode RFP --- For RFP itself, we can create our own set of what to apply globally - using RFPTargets. Since the main emphasis of RFP for us is fooling naive scripts, then relaxing some of the others is not as much of a concern. Personally I think it's a bit silly - RFP is an all-in or nothing approach, at best it could have three levels (like brave's FPing shield levels - off, standard, aggressive) and per site. But I get the engineering side of it, where all those RFPTargets allow crafting compat rules, and these FPing protections will slowly start to creep into FPP - **_edit_** just to be clear, compat rules are only for FPP So AF moving forward has some options with defaults and override recipes - `a` we could use FPP mode in all windows - `b` we could use FPP in normal windows and RFP in PB windows - `c` we could relax some RFP protections So for example, for RFP, if you have a monitor where the FPS !== 60 and it causes videos/animations etc dropping frames, you could modify the pref to apply all _but_ timing protections. https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc I _think_ I will go with option `a` down the track. While I do think RFP (no exceptions to targets) is best (the more metrics protected, the better the chances, plus it has timing mitigations), this really is best suited for a crowd and a different threat model - use Mullvad Browser, Tor Browser _Originally posted by @Thorin-Oakenpants in https://github.com/arkenfox/user.js/issues/1711#issuecomment-1698488246_

this entire github issue pretty much solves my question so I’ll mark this as the solution. thanks @sha123 for linking to an older discussion where Thorin first explained the difference between FPP and RFP.

Regime6045 · November 3, 2023, 2:53pm

So does that mean with Firefox 120 we don’t need the CanvasBlocker addon if we have Enhancing Tracking Protection set to Strict?

UniqueName · November 3, 2023, 4:16pm

Yes based on what what was said in the github discussions, it does seem like FPP will entirely replace the need for CanvasBlocker. Right now it’s only getting canvas randomization but, based on the first github page linked, there should also be audio protections coming as well.

Phase 1 includes fonts at vis level 2 (i.e only allow os system fonts), subtle canvas randomizing (excluding IsPoinInPath and isPointInStroke), and I think window positions = 0. Last but not least, removing math entropy in audio for all FF users - note this does not remove all entropy, and RFP has additional protections which should then make all RFP users the same per platform (because Hrtz etc affect results but RFP sets those).

Having those built into the browser would make CanvasBlocker redundant and would likely make you stand out a lot more (since the pool of FF users with Strict mode on is going to be significantly larger than the pool of CanvasBlocker users).

Topic		Replies	Views
Global Privacy Control now exposed in Firefox Site Development	2	496	November 21, 2023
Firefox prefs: privacy.resistFingerprinting VS privacy.fingerprintingProtection? Questions browsers	12	3214	November 26, 2023
CanvasBlocker (Firefox Extension) Tool Suggestions rejected	22	2332	March 11, 2024
CanvasBlocker extension Questions	9	605	December 16, 2023
Is it Possible that Brave has Stronger Fingerprinting Protection than Firefox? Questions browsers	23	1508	March 12, 2024

Firefox finally adding resistFingerprinting outside of about:config?

Related Topics