Privacy Possum 的评价
Privacy Possum 作者: cowlicks
Firefox 用户 14211116 的评价
评分 4 / 5
来自 Firefox 用户 14211116,6 年前The add-on is good, accomplishes the essential as privacy.
The only inconvenience that it does not protect me from the fingerprint tracking.
I did two online tests(Am I unique?, Panopticlick EFF) with the extension enabled, and in both of them my test result was positive.
The only inconvenience that it does not protect me from the fingerprint tracking.
I did two online tests(Am I unique?, Panopticlick EFF) with the extension enabled, and in both of them my test result was positive.
开发者回应
发布于 6 年前TL;DR Panopticlick and Am I Unique use a homerolled assortment of tracking code that is impractical for commercial tracking.
I'll go into a little detail about Panopticlick to explain more. Panopticlick uses a deployment of the open source fingerprinting tool Fingerprintjs2, along with their own unique fingerprinting code.
I added some debug code and visited Panopticlick I see Privacy Possum detects the page accessing 12 API's that are marked for watching for fingerprinting. Except this is split over 3 different scripts:
https://panopticlick.eff.org/static/fp2.js
https://panopticlick.eff.org/static/fetch_whorls.js
https://panopticlick.eff.org/static/deployJava.js
Privacy watches for fingerprinting on *per script basis*, this is a reasonable assumption because, normally a websites tracking code is bundled into one place, so that the tracking info can be easily aggregated and used. I'm not aware of a real deployment where tracking is split up like this. It is practical for panopticlick (and Am I Unique) because they want to present information about your tracking independently, and manage the code to do that in a more practical way.
For a demonstration of the fingerprinting detection code, I usually point folks to:
http://valve.github.io/fingerprintjs2/
I think it is worth considering cases like Panopticlick, or Am I Unique, because they can be used to evade PP's novel detection. But I have not seen a case like this in the wild.
I'll go into a little detail about Panopticlick to explain more. Panopticlick uses a deployment of the open source fingerprinting tool Fingerprintjs2, along with their own unique fingerprinting code.
I added some debug code and visited Panopticlick I see Privacy Possum detects the page accessing 12 API's that are marked for watching for fingerprinting. Except this is split over 3 different scripts:
https://panopticlick.eff.org/static/fp2.js
https://panopticlick.eff.org/static/fetch_whorls.js
https://panopticlick.eff.org/static/deployJava.js
Privacy watches for fingerprinting on *per script basis*, this is a reasonable assumption because, normally a websites tracking code is bundled into one place, so that the tracking info can be easily aggregated and used. I'm not aware of a real deployment where tracking is split up like this. It is practical for panopticlick (and Am I Unique) because they want to present information about your tracking independently, and manage the code to do that in a more practical way.
For a demonstration of the fingerprinting detection code, I usually point folks to:
http://valve.github.io/fingerprintjs2/
I think it is worth considering cases like Panopticlick, or Am I Unique, because they can be used to evade PP's novel detection. But I have not seen a case like this in the wild.