Hi, one of the authors here. We discuss this in the last section of the post. uBlock Origin uses lists to determine which requests to block. We tested the two largest, EasyList and EasyPrivacy, and both fail to block…
Gmail's image proxying actually won't help much with this style of tracking. In the paper we found email addresses (or hashes of them) leaking to third parties via a query string parameter in the request URL. So the…
We found that Apple Mail clients typically load remote resources by default, unless the message is spam. That content can't set or retrieve cookies, which is an improvement over other standalone clients. I'd still…
Hello, I'm one of the authors of this work. The code and data for the study is available here: https://github.com/citp/email_tracking (measurement platform here: https://github.com/citp/OpenWPM). We also just released a…
I prototyped this feature last year as an intern at Mozilla. I think the engineering done for containers can be exposed in a lot of cool ways to the user. I'd love for you to send in your ideas on the comment form [1].…
Feel free to email us at the addresses listed on the bottom of the linked site.
Thanks, I've added a clarification.
There have been a couple plugins which try to address this question: Chameleon (https://github.com/ghostwords/chameleon), which is still in early stages, and FireGloves (https://fingerprint.pet-portal.eu/?menu=6), which…
Yes, we'll definitely do an analysis on this and write it up.
The Tor Browser folks have done some excellent work to reduce the fingerprintability of the browser. See "Specific Fingerprinting Defenses in the Tor Browser" here:…
Yes, no sound is recorded. Access to the user's mic isn't possible without a permission. If there are sections of the website or paper that seem to imply that, let me know and we'll clarify.
Other co-author here. Unfortunately there are good performance reasons for allowing WebRTC to access the local IP, see the lengthy discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=959893. One use case is…
Hi, one of the authors here. We discuss this in the last section of the post. uBlock Origin uses lists to determine which requests to block. We tested the two largest, EasyList and EasyPrivacy, and both fail to block…
Gmail's image proxying actually won't help much with this style of tracking. In the paper we found email addresses (or hashes of them) leaking to third parties via a query string parameter in the request URL. So the…
We found that Apple Mail clients typically load remote resources by default, unless the message is spam. That content can't set or retrieve cookies, which is an improvement over other standalone clients. I'd still…
Hello, I'm one of the authors of this work. The code and data for the study is available here: https://github.com/citp/email_tracking (measurement platform here: https://github.com/citp/OpenWPM). We also just released a…
I prototyped this feature last year as an intern at Mozilla. I think the engineering done for containers can be exposed in a lot of cool ways to the user. I'd love for you to send in your ideas on the comment form [1].…
Feel free to email us at the addresses listed on the bottom of the linked site.
Thanks, I've added a clarification.
There have been a couple plugins which try to address this question: Chameleon (https://github.com/ghostwords/chameleon), which is still in early stages, and FireGloves (https://fingerprint.pet-portal.eu/?menu=6), which…
Yes, we'll definitely do an analysis on this and write it up.
The Tor Browser folks have done some excellent work to reduce the fingerprintability of the browser. See "Specific Fingerprinting Defenses in the Tor Browser" here:…
Yes, no sound is recorded. Access to the user's mic isn't possible without a permission. If there are sections of the website or paper that seem to imply that, let me know and we'll clarify.
Other co-author here. Unfortunately there are good performance reasons for allowing WebRTC to access the local IP, see the lengthy discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=959893. One use case is…