Author Topic: Will avast secure browser get protection against scheme flooding fingerprinting?  (Read 605 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Most browsers can be uniquely tracked through fingerprinting and this browser-wide.
See for this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084
Demo: https://schemeflood.com/

Will avast secure browser protect against this form of tracking?
To be checked at: https://coveryourtracks.eff.org/

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Read: https://forums.theregister.com/forum/all/2021/05/14/browser_fingerprinting_flaw/

A way to block this is in firefox, waterfox, tor browser is, go to about:config
Accept conditions.

Look for: browser.link.open_newwindow.restriction and set number 2 to  0. then give in Return.
Now Close Tab, mind this alteration is performed at your own risk.

polonus

P.S. This kind of fingerprinting does not function on linux and also on Google Android linux for instance.

pol
« Last Edit: May 17, 2021, 10:23:20 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ondrejz

  • Browser QA Team
  • Avast team
  • Sr. Member
  • *
  • Posts: 326
    • Avast Secure Browser
Hi Polonus,

I tested the page and you are right that it reports that we have some gaps. To have maximum privacy: I recommend turning on Anti-Fingerprinting feature on Security and Privacy page in our browser + VPN. In Adblock I also recommend setting Strict mode. However the page will still report some gaps.

I reported the findings to development team and hopefully get some detailed answers about our plans.

Kind Regards

Ondrej

Offline ondrejz

  • Browser QA Team
  • Avast team
  • Sr. Member
  • *
  • Posts: 326
    • Avast Secure Browser
I have a better answer for you now.

For anti-fingerprinting you have 2 options:

A) Generalization
B) Randomization

Randomization means you (almost) every time have a new, unique fingerprint.  This is not a problem, as it's new and thus you can't be identified.
Generalization mean you share your fingerprint with many others.
AFP usually used the randomization approach.

About unique fingerprint - even with Anti-Fingerprint feature the fingerprint will be unique (for example for device id) but it will still be fake each time website will ask for it.
So fingerprint is unique, but our user cannot be recognized by this website on next visit, and this is the purpose.


Anyway, we'll work on some general improvements in H2 this year.

I hope this answers your question.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70578
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Thanks Ondrej, I was also interested in an answer here. :)
Win 8.1 [x64] - Avast PremSec 21.5.6346.B5i [UI.645] - EEK - Firefox ESR 78.11 [NS/uBO/PB] - TB 78.11
Avast-Tools: Secure Browser 91.0 - Cleanup 21.1 - SecureLine 5.12 - Driver Updater 21.1 - CCleaner 5.81
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Hi ondrejz,

Your reaction is well appriciated.
Good the Avast Secure Browser development team has this issue fully covered,
aware of the issue's importance to the end-user.
Really enjoy to be beta-testing and helping out here in the forums for nearly one and a half decade now.

Loads of success with this avast solution, always like to be part of this forum-community with you personally at the rudder.

polonus a.k.a. Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!