GULYÁS, Gábor György, Ph.D.
2013-08-26 | Gabor
This post is about the story of FireGloves. If you don't have time to read it, the short summary is: FireGloves will not protect your privacy from being fingerprinted. For the details, please continue reading.
FireGloves is a demonstrational Firefox extension that was created by a small team of researchers at the Budapest University of Technology and Economics in order to show that it is possible to defeat system fingerprinting (if you are new to the topic, read about fingerprinting here and here). At the time being it was developed (started at the end of 2011), there were no tools, even no proposals how to defeat fingerprinting. We only had a few ideas how fingerprinting techniques could work, and there were a few companies offering fingerprint-based tracking services. So we decided to create a simple tool that can show that fingerprinting can be avoided with a little loss of user experience. That was FireGloves.
(For the sake of completeness, I must mention that the Tor Browser Bundle developer team also proposed a solution in parallel, which was later compiled into their product. It was rather a simple but long standing solution: they introduced some options to limit the number of fonts what a website can load. I also made a suggestion to enhance their proposal.)
In April 2012, we introduced a new fingerprinting test demonstrating the capabilities of these techniques at a press event. FireGloves was also shown, demonstrating that we were looking for a solution, and not interested in exploiting user privacy. (For the curious reader: recent research makes it clear that the fingerprint-based tracking industry went along the direction we suspected. We also have a recently published book chapter including further predictions becoming reality.) FireGloves was successful at that time: after testing it against one of the leading fingerprinting companies, it was able to circumvent tracking.
However, times changed. Our development team dissolved in September 2012, FireGloves was no longer developed. Although we clarified that FG is a plugin of demonstrational purposes, it had almost 2k users constantly, and we also received a few bug reporting and support-requesting emails every month. What really urged writing this post is the wide publicity FG gained in August 2013: many users adopted the plugin in the hope of getting some protection, making a false sense of privacy. However, I must mention that we are grateful for the sites writing about FireGloves, since this publicity also raised the awareness on a very important and unsolved issue. So: thank you! :-) [Links to some of these articles can be found on the Hungarian press coverage page.]
One of the main things why FireGloves gained visibility, that it is the only known extension of its kind. This is because fighting fingerprinting is not easy, and several aspects of protection need to be considered. Which is perhaps too much for a single extension. Secondly, probably because the achievements of FG on fingerprinting tests can be misleading (both on the Panopticlick and Fingerprinting 2.0 tests). For instance, in this video it is demonstrated that FG decreases traceability greatly. In fact, what is shown is that it is possible to protect ourselves against the vulnerabilities what these tests (and fingerprinting trackers at those times) exploited. However, fingerprinting techniques evolved since these tests were created. Thus to have an up-to-date protection FG would have also needed to be upgraded constantly.
In my opinion, it is not pointless to fight fingerprinting. To the contrary: the more users support anti-fingerprinting, the better these solutions will get. But where to look? The greatest tools currently available are the Tor Browser Bundle and the JondoFox anonymous web browsers. These are made by professionals, and include customized portable Firefox browsers. These are even modified at the source level, and include the most important extensions that one would need. (Beware! If you use too much of extensions, you loose privacy. Check out our book chapter for details, and read about the anonymity paradox.)
Thank you for reading so far, and I hope you find this writing useful. Meaningful comments are welcome.
Oh, and if you are motivated to continue developing FireGloves, you'll find the source code on GitHub! Please let us know if you have any modifications done! I’m sure it is worth the effort.
CSP (1), Content-Security-Policy (1), ad industry (1), adblock (1), ads (1), advertising wars (1), amazon (1), announcement (1), anonymity (9), anonymity measure (2), anonymity paradox (3), anonymity set (1), boundary (1), bug (2), code (1), control (1), crawling (1), data privacy (1), data retention (1), data surveillance (1), de-anonymization (2), definition (1), demo (1), device fingerprint (2), device identifier (1), disposable email (1), ebook (1), el capitan (1), email privacy (1), encryption (1), end (1), extensions (1), fairness (1), false-beliefs (1), fingerprint (3), fingerprint blocking (1), fingerprinting (3), firefox (1), firegloves (1), font (1), future of privacy (2), google (1), google glass (1), home (1), hungarian keyboard layout (1), inkscape (1), interesting paper (1), internet measurement (1), keys (1), kmap (1), latex (1), location guard (1), location privacy (1), logins (1), mac (1), machine learning (3), neural networks (1), nsa (2), osx (2), paper (2), pet symposium (2), plot (1), price of privacy (1), prism (1), privacy (8), privacy enhancing technology (1), privacy-enhancing technologies (2), privacy-enhancing technology (1), profiling (2), projects (1), raising awareness (1), rationality (1), re-identification (1), simulation (1), social network (2), surveillance (2), tbb (1), thesis contest (1), tor (1), tracemail (1), tracking (12), tracking cookie (1), transparency (1), tresorit blog (4), uniqueness (3), visualization (1), web bug (3), web privacy (3), web security (1), web tracking (3), win (1), you are the product (1)