Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Firefox 29 Beta Pulls In Many Features

  1. #21
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,877

    Default

    Quote Originally Posted by JX8p View Post
    It's the fact that it breaks nearly every theme and customisation available, and many of them won't be getting the necessary rewrite.
    I know it doesn't break EVERY customisation available, because I used it the Australis Nightly with addons. But in regards to the theme... and? Anytime ANY piece of software that allows themes makes ANY changes it has the possibility to break existing themes. That's been known since forever, and Firefox is no different.

    If the theme is unmaintained then you had to know that eventually it would stop working, well now's that time.
    If the theme IS maintained then shame on the developer of that theme for not making an Australis version. This wasn't a big 'shock' change, this has been known about MONTHS and has been able to be played around with since last year. Hell, they even made special versions of the nightlies available last year that were current-nightly + australis so that those who were interested, and developers, could start playing around with it and figuring it out.

  2. #22
    Join Date
    May 2013
    Posts
    514

    Default Blocking plugin enumeration is major plus

    Preventing websites from being able to enumerate plugins denies malicious "browser fingerprinters" a key piece of information used to track you even after you toss your cookies and your Flash cookies. I've taken to keeping all plugins disabled and turning them on only to actually use them to limit fingerprintablity. I will test this against Panoptickick when Firefox 29 has been out long enough to prevent the useragent from coming up as rare.

  3. #23
    Join Date
    Nov 2013
    Posts
    144

    Default

    Quote Originally Posted by Luke View Post
    Preventing websites from being able to enumerate plugins denies malicious "browser fingerprinters" a key piece of information used to track you even after you toss your cookies and your Flash cookies. I've taken to keeping all plugins disabled and turning them on only to actually use them to limit fingerprintablity. I will test this against Panoptickick when Firefox 29 has been out long enough to prevent the useragent from coming up as rare.
    Note that now sites can't enumerate (ie list) every plugin installed, but they still can query for specific plugins and their version. So this would help with fingerprinting only if you have some non-common plugin installed.
    I'd expect sites like panopticlick to just get an huge list of existing plugins. In fact, they probably have one already, since they can just get it from browsers that allow fingerprinting.

    https://bugzilla.mozilla.org/show_bug.cgi?id=757726

  4. #24
    Join Date
    May 2013
    Posts
    514

    Default This means plugins should still be disabled except when actually used

    Quote Originally Posted by Spittie View Post
    Note that now sites can't enumerate (ie list) every plugin installed, but they still can query for specific plugins and their version. So this would help with fingerprinting only if you have some non-common plugin installed.
    I'd expect sites like panopticlick to just get an huge list of existing plugins. In fact, they probably have one already, since they can just get it from browsers that allow fingerprinting.

    https://bugzilla.mozilla.org/show_bug.cgi?id=757726
    Thanks for the update. There are certain other considerations in masking a browser: First of all, if you use the common tactic of having a browser report it is running under Windows, be sure not to allow ANY plugins and not to use Gstreamer for HTML5 video playback unless Firefox does not report how it plays back HTML5. I do not know if Firefox will identify the backend used for HTML5 playback right now, so I let it report that it is running under Linux. Torbrowser reports itself as Windows, the useragent comes up as matching that of one in 155 browsers. Firefox on Ubuntu by default comes up with a useragent string matching one in 885, still not very unique by itself, but there's a lot more information to worry about. Plugins, fonts, and HTTP accept headers are the worst culprits.

    Fonts are greatly reduced as a fingerprintable item when Java is not installed and Flash is kept disabled until it has to be used.

    The big problem right now is HTTP_ACCEPT Headers when Javascript is enabled. That alone can report 21 bits of identifying data out of about 30 needed to ID a browser as unique when Javascript is enabled! With NoScript blocking Javascript except when deliberately enabled, a random site for which it has not been enabled only gets 5-6 bits of identifying information.

    When I have direct reason to suspect fingerprinting (need to follow a link to Google, Youtube or Facebook), I use Torbrowser. After all, Google for years used IP addresses as their main cookieless tracking system to build unwanted Google search histories. A dynamic IP address will block that, but surely Google expects that in today's world of so many mobile devices, thus their controversial 2012 privacy policy that explicitly allows collecting "device information." Torbrowser is built to make fingerprinting sufficiently difficult that no nations's courts can admit it and nobody's "security" services effectively track users by browser fingerprint.

    Currently Torbrowser with javascript ON is coming up as one in 10,446, barely more unique that regular Firefox with Javascript OFF (one in 9,702).

  5. #25
    Join Date
    Nov 2013
    Posts
    144

    Default

    Quote Originally Posted by Luke View Post
    [...]
    Thanks for the explanation, but you don't really have to explain all of this to me - I'm pretty much a tinfoiler too

    I was merely stating that it won't help much. Anyway, after reading the full bug report, it seems that plugins are still enumerable, just not all of them. navigator.plugins will just return common plugin (flash, java and quicktime, If I'm reading it right) instead of everything.

  6. #26
    Join Date
    Oct 2008
    Posts
    3,099

    Default

    Quote Originally Posted by Ferdinand View Post
    https://areweslimyet.com/

    Where? I don't see it.
    I take it back.

    I am running a ton of tabs (multiple hundreds) and the memory use generally tends to hover around the same amount.

    However, i noticed that closing a few tabs i have brought the total back down to only about +5-10%, which is probably within the margin of error.

    So i think i just happened to have a few extra busy tabs open causing most of what i saw.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •