Unique fingerprint due to 3-year-old bug in Firefox

[Batu69]

You have a unique fingerprint due to 3+ year Firefox bug [privacy/security issue]

 

Quote

Check your browser fingerprint here.

 

Essentially, any website you go to can have access to your Firefox settings (any settings you've changed from the default settings), list of addons, etc. If you have configured your browser to make yourself less uniquely identifiable for privacy reasons such as changing your user-agent string, then your attempts have been futile due to this vulnerability. At the moment, simply retrieving this list of addons is easy to do and that alone is problematic.

 

TL;DR: You are essentially guaranteed uniquely identifiable due to this vulnerability.

 

The bug was reported over 3 years ago and there has been no progress on the vulnerability (yet alone even attention--just look at the comments). One of the posts linked the No Resource URI Leak addon as a temporary fix that prevents the attributes tested by this test. Simply install the addon and run the test again--you will see that no information (that the test tests, there are still likely vulnerable information that the test did not test) is revealed when called by the webpage. As you can see, as of this time only 337 users have the addon installed, yet hundreds of thousands seem to care enough about switching user-agent strings by using tools such as User Agent Switcher or the like, mostly to make your browser fingerprint less uniquely identifiable.

 

I'm disappointed I realized this vulnerability so late. I spent a month looking into ways to improve my privacy and sifting out which ones actually do and are worthwhile to implement, yet came across such a vulnerability that reveals information about the user that reveals a ton of information and makes you uniquely identifiable. The fact that I came across it so late and that the addon has so few users surprises me that so few people seem to be aware of such a critical issue.

 

P.S. Another serious vulnerability is HSTS tracking issue that was also reported years ago but there isn't a fix, detailed here.

 

Article source

 

Another review / article : Fix Firefox resource URI leak

[knowledge-Spammer]

i have × 000-tor-browser.js  what this mean ?

seems they use https://www.browserleaks.com/

[Batu69]

16 minutes ago, knowledge said:

i have × 000-tor-browser.js  what this mean ?

seems they use https://www.browserleaks.com/

 

If you want to play / investigate more about your privacy / security, can see this extension

[knowledge-Spammer]

6 minutes ago, Batu69 said:

 

If you want to play / investigate more about your privacy / security, see this extension

its my 1st time use this can i ask something

if i change my  user agent from 5 to 1 is this better or no ?

 

 

[Batu69]

4 minutes ago, knowledge said:

its my 1st time use this can i ask something

if i change my  user agent from 5 to 1 is this better or no ?

 

 You can follow this guides.

[steven36]

Mozilla uses this kind of fingerprinting too if you go download a addon  at there  and allow Mozilla cdn in java script it knows what version Firefox and OS you have even tough you're user agent  and O/S  ha been changed. 

[straycat19]

I tried the browserleaks link with Firefox and all I get is this.

[BEngEE]

4 hours ago, straycat19 said:

I tried the browserleaks link with Firefox and all I get is this.

 

[Image removed]

 

 

Enable JavaScript