Librem 5 - Browser/App Fingerprinting


#1

Hey team. I’m not as technical as some of you. But my understanding is that many “apps” on the librem 5 will actually not be native apps at all. Rather they will just be buttons that link to a HTML sight. So for example the “facebook app” might just be a link to the Facebook website, and hopefully it will remember my username and password, and hopefully it will be completely separated from other similar HTML based “apps/links” (so they can’t share cookies etc).

But my question is this - what about browser fingerprinting??

If I have a link/app to facebook and a different link/app to twitter, will both those sights see exactly the same browser fingerprint? And then what if I visit a sight using my actual browser, will that be the same finger-print again? If they see the same finger-print, this is a threat to my privacy even if the two sights can’t share cookies!

Browser fingerprinting is one privacy threat that I never have figured out how to avoid short of the tor browser, so I’m really excited to hear what people have to say about this.

I would never sign into facebook on my current phone and I especially would never put a native facebook app on any phone, but if the librem 5 has put appropriate protections in place I might finally be able to see facebook on my phone, right?


#2

Android has actually a number of ‘isolated’ webbrowsers for facebooking. Eg. https://github.com/tobykurien/WebApps/blob/HEAD/README.md

(I don’t use it).
Accessing Facebook from the same browser and regular websites will probably always be prone to browser fingerprinting attacks. Using a different ‘profile’ could help but will still expose the same browser characteristics, e.g. llanguage, screen resolution, accept headers and other things…


#3

Dancing with the devil. Wanting all the “good”, avoiding the bad.

Logging in, presenting them your name plus public IP in a convenient package.
Why would they need cookies or fingerprinting if you tell them directly who you are and what your current IP is?

Tor or VPN could help a bit if used carefully but it seems a bit futile. I’d rather block all Facebook and advertising domains than trying to outsmart them and never be sure how successful I am.


#4

Not only the browser, but YOU.

Much the same way they can finger print you by the way you move your mouse, your typing habits, and how you swerve your cursor to click on something. They can track you down simply by the way you swipe your finger. What browser you use is only another factor.

Snidely Whiplash says: “Nyah, ah aahhh.”


#5

Firefox has a “resist fingerprinting” option. It remains to be seen whether that or similar will be available.

As others have said, fingerprinting is used for anonymous web sites, sites that you use without explicitly identifying yourself.

If you are interested in browser fingerprinting you can get tested here: https://panopticlick.eff.org/ (assuming that you trust the EFF).

It looks to me though that if you have already enabled “resist fingerprinting” then in some aspects that confuses the above test and gives you more information bits than is strictly correct.