Will avast secure browser get protection against scheme flooding fingerprinting?

Most browsers can be uniquely tracked through fingerprinting and this browser-wide.
See for this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084
Demo: https://schemeflood.com/

Will avast secure browser protect against this form of tracking?
To be checked at: https://coveryourtracks.eff.org/

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Read: https://forums.theregister.com/forum/all/2021/05/14/browser_fingerprinting_flaw/

A way to block this is in firefox, waterfox, tor browser is, go to about:config
Accept conditions.

Look for: browser.link.open_newwindow.restriction and set number 2 to 0. then give in Return.
Now Close Tab, mind this alteration is performed at your own risk.

polonus

P.S. This kind of fingerprinting does not function on linux and also on Google Android linux for instance.

pol

Hi Polonus,

I tested the page and you are right that it reports that we have some gaps. To have maximum privacy: I recommend turning on Anti-Fingerprinting feature on Security and Privacy page in our browser + VPN. In Adblock I also recommend setting Strict mode. However the page will still report some gaps.

I reported the findings to development team and hopefully get some detailed answers about our plans.

Kind Regards

Ondrej

I have a better answer for you now.

For anti-fingerprinting you have 2 options:

A) Generalization
B) Randomization

Randomization means you (almost) every time have a new, unique fingerprint. This is not a problem, as it’s new and thus you can’t be identified.
Generalization mean you share your fingerprint with many others.
AFP usually used the randomization approach.

About unique fingerprint - even with Anti-Fingerprint feature the fingerprint will be unique (for example for device id) but it will still be fake each time website will ask for it.
So fingerprint is unique, but our user cannot be recognized by this website on next visit, and this is the purpose.

Anyway, we’ll work on some general improvements in H2 this year.

I hope this answers your question.

Thanks Ondrej, I was also interested in an answer here. :slight_smile:

Hi ondrejz,

Your reaction is well appriciated.
Good the Avast Secure Browser development team has this issue fully covered,
aware of the issue’s importance to the end-user.
Really enjoy to be beta-testing and helping out here in the forums for nearly one and a half decade now.

Loads of success with this avast solution, always like to be part of this forum-community with you personally at the rudder.

polonus a.k.a. Damian