https://github.com/abrahamjuliot/ublock-origin-abf
Abort Browser Fingerprinting Scripts via uBlock Origin
https://github.com/abrahamjuliot/ublock-origin-abf
adblock browser-fingerprinting device-fingerprint ublock-origin
Last synced: 3 months ago
JSON representation
Abort Browser Fingerprinting Scripts via uBlock Origin
- Host: GitHub
- URL: https://github.com/abrahamjuliot/ublock-origin-abf
- Owner: abrahamjuliot
- License: mit
- Created: 2020-05-01T19:02:39.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-10-27T16:09:44.000Z (almost 4 years ago)
- Last Synced: 2025-04-13T18:44:39.723Z (6 months ago)
- Topics: adblock, browser-fingerprinting, device-fingerprint, ublock-origin
- Language: JavaScript
- Homepage:
- Size: 475 KB
- Stars: 36
- Watchers: 4
- Forks: 16
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# uBlock Origin Abort Browser Fingerprinting (ABF)
[](https://fingerprintjs.com/demo)
## Abort Browser Fingerprinting Scripts via uBlock Origin
### Features:
1. **[API protection](https://user-images.githubusercontent.com/6946045/87235868-ff5c3d80-c395-11ea-87b1-56f759419043.png)**: canvas, audio, webgl, and clientRects
2. **Session Based**: randomization is stored in site session and resets only on a new session
3. **Detection**: fingerprinting behavior is detected in real time
4. **Permission**: script execution is paused and your permission is required to allow fingerprinting (per session)1
5. **Defensive**: api tampering is protected with a [proxy](https://adtechmadness.wordpress.com/2019/03/23/javascript-tampering-detection-and-stealth/) to prevent detection
6. **Genuine**: random output does not contain gibberish
7. **Minimal**: to avoid site breakage, APIs are not blocked and only a few are altered
1 If cancel (abort) is selected, a random error will be thrown 1 or more times at the script as it attempts to finish fingerprinting. This may or may not abort the script. During the session, if the script URL was identified and later resurfaces, an error will be thrown at the script on every attempt it tries to read a high entropy property. This final blow should abort the script and render it useless. To avoid detection, the error randomization is reset only after a 30 second delay. Since scripts may yield different results, use this option with caution: [1] the error is intended to [break the script](https://www.nothingprivate.ml), [2] in the case of muliple sessions (cross site fingerprinting), the error may be [computed as random output](https://panopticlick.eff.org), [3] the error may be [properly handled](https://arkenfox.github.io/TZP/index.html), or [4] the collection of random errors may be traced per session and then used to fingerprint your browser and link your sessions.
[](https://www.nothingprivate.ml)
### uBlock Origin Setup:
1. **Inject**: Select the advanced user icon in Settings and add the `.../abf.js` scriplet url to `userResourcesLocation`. Host the file in your own repo for full control and security.
2. **Apply**: add the script to My Filters and disable on your preferred domains
```
! apply globally
*##+js(abf)
! except on these domains
youtube.com#@#+js(abf)
google.com#@#+js(abf)
```
### uBlock Origin Guides:
- Scriplet injection: https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#scriptlet-injection
- Adding resources: https://github.com/gorhill/uBlock/wiki/Advanced-settings#userresourceslocation
- uBlock Origin's Resource Library: https://github.com/gorhill/uBlock/wiki/Resources-Library
- If you use scripts in this repo, I recommend self-hosting (via github) to ensure you have full control
- Feel free to copy, rewrite, make this your own, do as you wish, etc.
### Browser support
- [X] Chromium
- [X] Firefox
- [ ] Chromium Android
- [X] Firefox Android
### Test site
[https://abrahamjuliot.github.io/creepjs](https://abrahamjuliot.github.io/creepjs)