-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not blocking fingerprinting (on Panopticlick.com)? #53
Comments
This is because privacy badger doesn't block first party fingerprinting. Although maybe there is an argument that it should |
What is the reasoning here? |
There is a sort of explanation given here:- |
Basically privacy badger isn't currently concerned about first party fingerprinting. This is something that we could work on, and it would be great if someone else wanted to work on it! But right now my priority is stopping third party fingerprinting and other methods of third party tracking. |
Here is the relevant homepage FAQ entry: What about tracking by the sites I actively visit, like NYTimes.com or Facebook.com?. This question is related to EFForg/privacybadger#1675. Should think about how to make this more clear to users. |
Privacy Badger appearing to not work on EFF-tracking-related microsites like https://panopticlick.eff.org/ looks pretty bad. I think this scenario is likely to be experienced by journalists and privacy-oriented users or developers, the kinds of people who can most help spread the word about Privacy Badger. |
This shows an accurate result. Please re-create issue if a bug is present |
While this isn't a bug, the current fingerprinting protection test makes Privacy Badger look bad and confuses Privacy Badger users. What Panopticlick tests for and what Privacy Badger actually does about fingerprinting are misaligned. This test suggests that the only defense against fingerprinting is to try to blend into the crowd. This is not the case; blocking prevalent fingerprinters outright is a practical and effective defense all by itself. I would like to see Disconnect/Firefox ETP/Privacy Badger-style fingerprinter protection reflected by Panopticlick results. |
Panopticlick is a project that does not have trackers as the sole adversary in mind. This is why we carefully worded the last result: "Does your browser protect from fingerprinting?" rather than mentioning trackers. If Privacy Badger does not protect against fingerprinting, this result is accurate and should be kept. Users should know what the strengths of Privacy Badger are, and what it does not do. If Privacy Badger does protect against fingerprinting and not just trackers, let's fix that. |
Privacy Badger protects against fingerprinting by detecting when it (canvas fingerprinting, specifically) happens, and thereby learning to block fingerprinter domains. So, yes, Privacy Badger protects against fingerprinting, just not in the way Panopticlick measures it. What am I missing? |
Does it only block third parties performing this action? |
Fingerprinting is not something that only occurs on third parties. If a site uses fingerprinting to re-identify a user, even after they have cleared their cookies, this is also a danger to the user. As I said, third-party trackers are not the only adversary we account for in Panopticlick. |
When I pull and build the current extension code (v 2016.5.24), it fails the panopticlick fingerprinting test. Is this a 'priming' issue? Is there a different way to test this from source?
Most of the entropy comes from:
The text was updated successfully, but these errors were encountered: