UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Morph Browser is exellently trackable

    Scheduled Pinned Locked Moved General
    6 Posts 4 Posters 2.4k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • H Offline
        haveaniceday
        last edited by

        Currently, the morph browser is very prone to tracking.
        For example, check out the tracking test of the Electronic Frontier Foundation. It will tell you in detail, how unique your browser installation is, and why. You can run it in Morph private mode - doesn't really help.
        https://panopticlick.eff.org/

        How could be combat this? Should we?

        1 Reply Last reply Reply Quote 3
        • H Offline
          haveaniceday
          last edited by

          This Usenix 2018 paper / talk presents an overview on tracking mechanisms and why anti-tracker plugins might make you more trackable.

          Abstract/talk/slides:
          https://www.usenix.org/conference/usenixsecurity18/presentation/vastel
          Paper pdf:
          https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-vastel.pdf

          1 Reply Last reply Reply Quote 2
          • mariogripM Offline
            mariogrip Administrators
            last edited by

            This is defiantly something we should resolve within the browser (at least have an option to block ads and trackers) But the browser is quite new and still is under heavy development, i do expect something like this to be added in newer versions.

            Right now using https://open-store.io/app/uadblock.mariogrip blocks most ads and trackers.

            D 1 Reply Last reply Reply Quote 2
            • D Offline
              domubpkm @mariogrip
              last edited by domubpkm

              @mariogrip Moreover, why not a cookies gesture option in morph-browser ? And /or a free vpn option integrated in morph ?

              Or security improved through an optimisation of your, obviously, great tool uAdBlock ?

              U H 2 Replies Last reply Reply Quote 0
              • U Offline
                UniSuperBox @domubpkm
                last edited by

                @domubpkm

                If you would like to implement these things, I fully encourage you to.

                1 Reply Last reply Reply Quote 0
                • H Offline
                  haveaniceday @domubpkm
                  last edited by

                  @domubpkm VPN is already integrated on a system-level in Ubuntu Touch. Unfortunately, tracking is not solely about cookies.

                  Cookies are the simplest way of tracking, but not the only one. Cookies behave like a name badge, which you can choose to wear or remove any time. Fingerprinting based on characteristics like canvas hashes or installed fonts are inherent to the environment of the browser and cannot be changed as easily. This is analogue to your physical appearance.
                  A person who has seen you before can recognize you again even if you have removed your name badge.

                  The group of people using UT is quite small already. User Agent combined with geo ip and screen resolution is probably already enough to distinguish you from every one else on earth.
                  In contrast, Apple hardware is very uniform: same hardware, same OS, few configuration options, only one browser engine.
                  The more diverse your browser is, the easier it is to track.

                  There are two countermeasures:

                  1. Camouflage the browser to be part of the largest, indistinguishable group of features. E.g. Behave like a desktop chromium. This rather difficult and a sufficiently motivated fingerprinter will probably circumvent this.
                  2. Detecting and blocking known fingerprinting mechanisms. E.g. @mariogrip uAdBlock can block domains which are known to collect such data. It would be lovely if we had domain-wise JavaScript whitelisting (like NoScript) available on Morph.
                  1 Reply Last reply Reply Quote 4
                  • First post
                    Last post