New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Stealth Mode for Mobile #249
Comments
Haha, I "love" such tests:) @Alex-302, please add these domains to spyware filter:
And also $empty rules to mobile ads filter as this website uses https and third-party won't work in Android:
@Alex-302, don't forget to add a comment pointing to this issue. |
@TPS, what for DNT and fingerprinting, we could do something with that, but not until we have HTTPS filtering capabilities. Yet DNT is not really important, any browser has an option to enable, and, frankly, I don't think it gives you anything. Fingerprinting, on the other hand, is rather interesting. We are working on blocking it in our another project (Adguard for Windows) with a special privacy protection module "Stealth Mode". But we have not yet finished with it, as there's no way to simply "block" creating fingerprinting. Instead you should pretend to be some "common" user agent. |
Re: DNT, as little value as it has now, there seem to be a number of indications that it'll eventually become legally enforceable down the road, & it might be nice to have an option at the VPN/proxy level for those apps that don't give the option. I'm actually of mixed feelings about your approach re: blocking those test domains ( I think your fingerprinting approach will be awesome once implemented, especially in mobile OSes, & I look forward to testing it out. Wouldn't it be better not to block these actually safe domains directly & leave them open to be dealt with via the Stealth Mode module, when implemented? I figure that's truer to the spirit Panopticlick's been implemented in. |
That's totally ok and in fact this is what they want us to do. From https://panopticlick.eff.org/about:
Now let's return to trackers and fingerprinting:)
In fact their approach is also to block trackers. But instead of creating and managing lists of known trackers, they are trying to use some heuristics to detect if domain is tracker or not. Frankly, I don't believe in this approach. It often leads to false positives. Stealth mode is a bit different. We still block known trackers, but we also clean up third party requests, blocking things which may be used by trackers (like cookies, etags and such). Now let me tell you what's the main issue with this fingerprinting. All these things (cookies/etags/authorization data and such) are bound to the tracker domain on the browser level. It simply cannot be used if request to the tracker is blocked. Fingerprint is the property that is not bound to any domain. So, for instance, the fingerprint may be calculated by the website you visit and then processed without any third-party request. You even won't be able to detect such things as it is processed somewhere on the server side of that website. Fortunately this is not a common case now, but I see here really great capabilities for the trackers/ad networks business and if I were them I would be working on this right now. |
What I'm concerned about when blocking those test-tracking domains is then I cannot use the tool to determine how the fingerprint-"washing" does, once it's implemented. Else, I'm with you all 💯%! ☺ Do you want to change this to be tracking issue, titled something like "Implement Stealth Mode for Android/iOS AdGuard"? |
These test domains aren't used for fingerprint testing, they are for trackers/ad blocking tests.
Yep, I think it would be better:) |
I do think this should be toggled explicitly, & perhaps also in relation to Browsing Security &/Or Spyware filter settings. |
That's how it's done in desktop AG. Stealth mode is a separate module there with it's own ON/OFF button. |
The above tickled something in my memory 10 days ago when I read it, & it finally surfaced now: Can/does the AG Stealth Mode implementation have any abilities like CanvasBlocker &/or Pale Moon's |
This may be helpful. Yet they don't always use a canvas only for fingerprinting. We should find some real-life fingerprinting examples. All those leak tests are not very representative. |
Well, here's around 100 PDF scholarly articles detailing such.… Happy reading! 😜 |
I'll assign it to v4.0 for now. This is a huge feature, would be hard along with redesign and all firewall improvements planned for v3.0 |
For future reference: Here's an issue that'd be solved by this that hits quite close to home: isaacs/github#657 |
Close as dup. |
@zebrum Nope, just as long as points raised here aren't forgotten. 🙇 |
The new 2.0 version @ https://panopticlick.eff.org/ complete fails ( all ❌s) a standard web browser through AG with browsing security & all (including spyware) filters enabled. Ghostery browser does much better, with only unblocking DNT unsupported, & I think AG could fix that via the Useful Ads filter.… Comments?
The text was updated successfully, but these errors were encountered: