UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Morph Browser is exellently trackable

    Scheduled Pinned Locked Moved
    General
    4
    6
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      haveaniceday
      last edited by

      Currently, the morph browser is very prone to tracking.
      For example, check out the tracking test of the Electronic Frontier Foundation. It will tell you in detail, how unique your browser installation is, and why. You can run it in Morph private mode - doesn't really help.
      https://panopticlick.eff.org/

      How could be combat this? Should we?

      1 Reply Last reply Reply Quote 3
      • H
        haveaniceday
        last edited by

        This Usenix 2018 paper / talk presents an overview on tracking mechanisms and why anti-tracker plugins might make you more trackable.

        Abstract/talk/slides:
        https://www.usenix.org/conference/usenixsecurity18/presentation/vastel
        Paper pdf:
        https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-vastel.pdf

        1 Reply Last reply Reply Quote 2
        • mariogripM
          mariogrip Administrators
          last edited by

          This is defiantly something we should resolve within the browser (at least have an option to block ads and trackers) But the browser is quite new and still is under heavy development, i do expect something like this to be added in newer versions.

          Right now using https://open-store.io/app/uadblock.mariogrip blocks most ads and trackers.

          D 1 Reply Last reply Reply Quote 2
          • D
            domubpkm @mariogrip
            last edited by domubpkm

            @mariogrip Moreover, why not a cookies gesture option in morph-browser ? And /or a free vpn option integrated in morph ?

            Or security improved through an optimisation of your, obviously, great tool uAdBlock ?

            U H 2 Replies Last reply Reply Quote 0
            • U
              UniSuperBox @domubpkm
              last edited by

              @domubpkm

              If you would like to implement these things, I fully encourage you to.

              1 Reply Last reply Reply Quote 0
              • H
                haveaniceday @domubpkm
                last edited by

                @domubpkm VPN is already integrated on a system-level in Ubuntu Touch. Unfortunately, tracking is not solely about cookies.

                Cookies are the simplest way of tracking, but not the only one. Cookies behave like a name badge, which you can choose to wear or remove any time. Fingerprinting based on characteristics like canvas hashes or installed fonts are inherent to the environment of the browser and cannot be changed as easily. This is analogue to your physical appearance.
                A person who has seen you before can recognize you again even if you have removed your name badge.

                The group of people using UT is quite small already. User Agent combined with geo ip and screen resolution is probably already enough to distinguish you from every one else on earth.
                In contrast, Apple hardware is very uniform: same hardware, same OS, few configuration options, only one browser engine.
                The more diverse your browser is, the easier it is to track.

                There are two countermeasures:

                1. Camouflage the browser to be part of the largest, indistinguishable group of features. E.g. Behave like a desktop chromium. This rather difficult and a sufficiently motivated fingerprinter will probably circumvent this.
                2. Detecting and blocking known fingerprinting mechanisms. E.g. @mariogrip uAdBlock can block domains which are known to collect such data. It would be lovely if we had domain-wise JavaScript whitelisting (like NoScript) available on Morph.
                1 Reply Last reply Reply Quote 4
                • First post
                  Last post