Cross-browser fingerprinting test 2.0

A partial 'fingerprint' will suffice...
Fingerprint test Publications FAQ Partners Contact FireGloves
englishmagyar

FireGloves

A Firefox plugin to impede fingerprinting-based tracking while maintaining browsing experience.

You may download and install the demo version of the extension by clicking the link below. This is not the final version; it is recommended to check this page regularly for updates. We welcome your remarks and suggestions - you may contact us using the Contact page.

Download and install FireGloves

Mozilla has removed our addon from the repository (due to versioning issues). The download is still available here: FireGloves 1.2.3

Before using it please this blog post about using FireGloves: Preventing misuses and misapprehensions of FireGloves

Dear FireGloves users and visitors!

The current version of FireGloves is a proof-of-concept application, which we have created for research purposes (see fingerprint.pet-portal.eu for details). Unfortunately, we can not continue the development of FireGloves due to changes in our team; however, we hope that similar privacy-protecting functionality will be available in mainstream browser in the near future.

With kind regards,
The FireGloves team

Changelog

What’s new in v1.2.1

  • Patched window-based unhooking vulnerabilities that were found during our tests.
  • Fixed IFrame error.

What’s new in v1.2

  • Reworked the algorithm that forges offsetWidth and offsetHeight (values that are used for font detection): after N requests, it returns random values for T milliseconds; a new request before the expiration of the timer resets it to T. N and T can be configured on the settings panel.
  • Restriction lists for the CSS Font family attribute: a list of length M is associated with each tab; the list is populated with fonts (or font enumerations) in the order of their use on the web page. If the list is full, further fonts are discarded, and any of the previously admitted fonts can be applied in lieu. M can be configured on the settings panel.
  • User interface:
    • Button on the browsing toolbar (on/off switch, drop-down menu)
    • Setting to automatically enable FireGloves when the browser is started
    • Display of tab statistics
    • Functions accessible from the drop-down menu: tab statistics, wipe cookies, clear tab-specific font list, open settings panel
    • The settings panel has been divided into three parts: General settings, Cloak settings, Firefox privacy settings
  • Patched the window.open()-based unhooking vulnerability, discovered by Georg Koppen. We thank him for notifying us about it!
  • Many smaller, miscellaneous fixes that make FG break less popular web pages, further improving user experience.

What’s new in v1.1

  • Enabling-related settings: auto-enable in private mode can be switched off; alert box can be switched off.
  • Font settings have got a separate box; the use of fonts within the document can be controlled directly.
  • Received a notification from Georg Koppen, developer of JonDoFox, about a technique that could circumvent our defences. This is ineffective against newer versions.

Some useful info

  1. Download and install in Firefox. After installation, the browser must be restarted.
  2. The software is designed to efficiently cooperate with private browsing mode, and therefore FG starts automatically when private browsing is initiated via Ctrl+Shift+P or by selecting it from the main menu. FireGloves can be toggled by clicking its icon on the browsing toolbar.
  3. Settings: the simplest way to access the settings panel is to select Open preferences from the drop-down menu next to the FireGloves icon.
  4. The configurable fields have been set to match the largest anonymity set; querying lists (Collections) is disabled. General attributes can be configured to take a random value after each reload, in order to deceive trackers.
  5. Disabling plugins and mimeType lists makes these lists inaccessible to scripts, but all plugins can still be used. Enabling these lists makes both of them accessible and detectable.
  6. By disabling font detection (Limit fonts per tab and Limit offset value queries), JavaScript-based font detection algorithms will be able to detect the configured number of fonts (Number of allowed fonts per tab), but this small amount is insufficient for creating a unique fingerprint.
  7. The new countermeasure against font detection makes general font detection algorithms observe further fonts as installed, regardless of their absence or presence.