-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fingerprinting Firefox users with cached intermediate CA certificates #219
Comments
No. The problem is that there are so many sites that don't have properly configured certificate chain and it pretty much breaks the internetz if the browsers don't cache 'em |
Very nice post + PoC on the topic though. Here are the direct links to Mozilla bug tracker: |
This can be mitigated by using an addon that blocks cross-site requests such as uBlock Origin configured in Hard mode - tested working, no cached indermediate CAs are detected. This can be recommended as part of a refactored |
Recommendation to use cross-site requests blocking added in PR #255 |
The test for intermediate CA leaks is listed in https://github.com/pyllyukko/user.js/#fingerprinting-tests, and there is a workaround described in https://github.com/pyllyukko/user.js/#add-ons (block cross-site requests with uBlock Hard Mode - RequestPolicyContinued also works, but it's harder to manage 2 overlapping addons). I think this can be closed. |
Does it software implement something related to this?
https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/
Cheers
The text was updated successfully, but these errors were encountered: