Morph Browser is exellently trackable

  • Currently, the morph browser is very prone to tracking.
    For example, check out the tracking test of the Electronic Frontier Foundation. It will tell you in detail, how unique your browser installation is, and why. You can run it in Morph private mode - doesn't really help.

    How could be combat this? Should we?

  • This Usenix 2018 paper / talk presents an overview on tracking mechanisms and why anti-tracker plugins might make you more trackable.

    Paper pdf:

  • Administrators

    This is defiantly something we should resolve within the browser (at least have an option to block ads and trackers) But the browser is quite new and still is under heavy development, i do expect something like this to be added in newer versions.

    Right now using blocks most ads and trackers.

  • @mariogrip Moreover, why not a cookies gesture option in morph-browser ? And /or a free vpn option integrated in morph ?

    Or security improved through an optimisation of your, obviously, great tool uAdBlock ?

  • @domubpkm

    If you would like to implement these things, I fully encourage you to.

  • @domubpkm VPN is already integrated on a system-level in Ubuntu Touch. Unfortunately, tracking is not solely about cookies.

    Cookies are the simplest way of tracking, but not the only one. Cookies behave like a name badge, which you can choose to wear or remove any time. Fingerprinting based on characteristics like canvas hashes or installed fonts are inherent to the environment of the browser and cannot be changed as easily. This is analogue to your physical appearance.
    A person who has seen you before can recognize you again even if you have removed your name badge.

    The group of people using UT is quite small already. User Agent combined with geo ip and screen resolution is probably already enough to distinguish you from every one else on earth.
    In contrast, Apple hardware is very uniform: same hardware, same OS, few configuration options, only one browser engine.
    The more diverse your browser is, the easier it is to track.

    There are two countermeasures:

    1. Camouflage the browser to be part of the largest, indistinguishable group of features. E.g. Behave like a desktop chromium. This rather difficult and a sufficiently motivated fingerprinter will probably circumvent this.
    2. Detecting and blocking known fingerprinting mechanisms. E.g. @mariogrip uAdBlock can block domains which are known to collect such data. It would be lovely if we had domain-wise JavaScript whitelisting (like NoScript) available on Morph.

Log in to reply