[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hi folks: Master thesis in evaluating anti-fingerprinting browser ex
From: |
Libor Polčák |
Subject: |
Re: Hi folks: Master thesis in evaluating anti-fingerprinting browser extensions for ff |
Date: |
Wed, 28 Feb 2024 12:23:13 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 SeaMonkey/2.53.18.1 |
Hello Tomer,
Thank you for your introduction. Please see my comments inline.
Hi folks,
Hope you all well.
This mail has the purpose to present myself and describe what and why I want to
contribute.
I don't want to annoy anyone of this mailing list, so if you are not
interested, feel free to skip this mail :)
My name is Tomer, currently doing my masters in Cyber Security at
Hasso-Plattner Institute in Potsdam, Germany. My supervisor is Dr. Anne Kayem
of Hasso-Plattner Institute.
My thesis is not totally fixed yet (will be registered in march), but I am
strongly aiming to make a new version of evaluating Anti-Fingerprinting browser
extensions, like in https://dl.acm.org/doi/pdf/10.1145/3308558.3313703 with
up-to-date extensions (like JShelter) and focused on Firefox browser.
That's great. I am also looking at that paper. My CCed student is currently
working on making an environment similar to PETInspector that will be able to
(a) test JShelter with the plan to replace integration and system tests and (b)
evaluate other extensions or JShelter and other extensions in combination. It
would be great if our work was useful to you. Can I instruct my student to
introduce her project to you? Maybe we can arrange a presentation for one of
the future JShelter meetings.
Our plan is to integrate Selenium manager so that multiple browsers and
multiple versions can be tested.
If you go in this direction, I can also give you some opinions about what such
research should consider. Like maybe one should not expect that a single
webextension can handle all issues, like active, passive fingerprinting,
adblocking etc. There is also a problem that browser extensions are limited by
the APIs that are available to them. So PET browsers like Brave or Tor Browser
have advantage in this area. I think that researchers should distinguish them
and maybe also consider questions like do webextensions make sense or do users
need a privacy preserving browser to be protected?
There is also the question about different strategies to anti-browser
fingerprinting and how to evaluate them. AFAIR PETInspector only considered
masked/true values. But an API that is not masked might reveal only a few bits
of entropy. I think it is more useful to have a working strategy than beating
other extensions in number of masked APIs.
Additionally, I want to add to the evaluation aspects like visibility of
enabled privacy extensions which might lead to user discrimination.
Do I understand correctly that you mean fingeprinting side-effects of
extensions? Like APIs missing, additional JavaScript properties,
inconsistencies etc.? Yes, that is also a problem. Consequent research question
is if fingerprinting scripts in the wild gather such information.
Do you also plan to elaborate on the exact effects of user discrimination?
Further, I would like to develop some features to JShelter and that's why I am
writing you. I would love to hear your opinions (or ideas) about the features I
thought might be interesting to add.
Two features I thought might be worth to add/ adjust:
* More precises Web Worker blocking. Since it leads to a lot of breakage (I
tested the 50 most visited websites according to Wikipedia, excluding porn
sites, and it broke 9 of them like WhatsAppWeb, ChatGPT, Linkedin, Spotify,
etc.). You also have an issue tracking that already
https://pagure.io/JShelter/webextension/issue/130.
We had several discussions on this topic, although so far we did not see exact
numbers on this topic. Honestly, I can imagine a thesis just on this topic. I
guess, you saw https://pagure.io/JShelter/webextension/issue/80. Briefly,
current status is that:
* We need to inject code in Firefox through privileged APIs where running
arbitrary page code is dangerous. Giorgio has more details but see
https://jshelter.org/fixing-mv3/,
https://github.com/w3c/webextensions/issues/536,
https://github.com/w3c/webextensions/issues/538,
https://github.com/w3c/webextensions/issues/539, and
https://bugzilla.mozilla.org/show_bug.cgi?id=1736575 for new webextension APIs
that would allow webextensions to inject their code into JS environment before
page scripts start running in each context. Given your experience with Firefox,
it would be great if you considered developing these APIs either directly to
Firefox or as an experimental feature that could later be integrated to Firefox.
* Without the APIs, developing cross-browser reliable and safe Worker
replacement is to hard (is it even possbible?) and time consuming for our team.
* Trim referrer info in HTTP header (small feature) if request is cross
site, to reduce traceability
I supervised a diploma thesis on (similar) topic, see
https://www.vut.cz/www_base/zav_prace_soubor_verejne.php?file_id=252692. In
brief, there are other extensions that can control referrer header. So my
personal view is that adding just this functionality might be seen by the users
as JShelter is enough to combat passive fingerprinting. Also my experience is
that simple removal of Referer means broken sites. So if you want to go this
way, consider something more advanced. We have an issue for this topic
https://pagure.io/JShelter/webextension/issue/44.
If you have any ideas or concerns I would be glad to hear them.
* https://pagure.io/JShelter/webextension/issue/69 I feel like the current
behaviour in spoofing WebGL constants generates bad publicity.
* https://pagure.io/JShelter/webextension/issue/66 I would like to see a
possibility to control events in JShelter.
* https://pagure.io/JShelter/webextension/issue/34 The interaction of RfP with
JShelter (and other extensions) is an unexplored territory.
* https://pagure.io/JShelter/webextension/issue/33 JShelter needs to solve how
to replace wrappers injecting Proxy objects in Firefox. I just got an idea,
given your experience in Firefox, there is an option to make Firefox compatible
with Chrome and allow Proxies instead of the proxied objects in the affexted
APIs.
* https://pagure.io/JShelter/webextension/issue/20 There is an idea to let the
community tweak behaviour on some pages (like changing the configuration of
Workers on specific pages).
Maybe relevant points about me (and browser security in my vita):
* Worked in the past for Firefox Security Infrastructure team as a working
student (2 years)
o Was involved in HTTPS-Only Mode of FF, HTTPS-First or Mixed-content
upgrading
JShelter seems to me like a very interesting project and I would love to
contribute. Also was very positively surprise how fast you folks response on
the repo!
I work at Brno University of Technology and I have experience with many
students that worked on JShelter. We would be grateful if you can contribute to
JShelter or privacy webextensions in general.
Actually, I would not ask for much support but would be glad to get ideas and
(if there is the possibility on some point) anonymous insight how much affect a
feature I implement have had on users usage.
I can give you active user numbers, like those that were used to generate
Figure 6 in https://arxiv.org/pdf/2204.01392.pdf. There are also some more
stats in AMO.
My thesis will be free and open for anyone, and I am planning to cite your
papers.
If you have any questions, don't hesitate to ask me, you can reach out to me
also in private. I would be glad to answer or to discuss ideas :)
Great.
Have fun with your thesis and let us know how it develops.
Libor