Protecting identity - blocking System Fonts info

[OZO]

Thank you for clarification regarding to Name sting. I agree with the change. Let's keep that code:

Code:

[Patterns]
Name = "Blocking System Fonts info     10.12.04 [jjoe ozo] ADD"
Active = TRUE
URL = "$TYPE(htm)|$TYPE(js)"
Bounds = "function\s\w \{$INEST(\{,\})\}"
Limit = 1024
Match = "(\0\{)+{1}*"
        "(flashfontshelper|user_fonts"
        "|javafontshelper|getFontList|getAvailableFontFamilyNames)"
        "*"
Replace = "\0{ return; }"

Just want to double check, the line 'URL = "$TYPE(htm)|$TYPE(js)"' includes HTML files as well. Right?

(Dec. 05, 2010 08:22 PM)JJoe Wrote:  

(Dec. 04, 2010 06:03 AM)OZO Wrote:  2. instead of returning the string "No Flash or Java fonts detected" (which could be used to ID browser), just to return nothing.

I don't understand. Wouldn't returning an expected string be better?
My guess is that more browsers get "No Flash or Java fonts detected" than those that get nothing or "undefined". When my browser got "undefined", panopticlick reported one in 257253. However, a more sophisticated filter would be needed to try to always return the 'expected' string.

Right. The purpose of the filter is to prevent some nosey sites from getting system fonts info, not to display a well formatted and meaningful message on "panopticlick.eff.org" site (or even try to get the best score there ).

Nosey sites will not let us know about what this function returns. They just send collected info silently to a remote server without anyone's permission. Thus, there is no any need to return a meaningfull string. I'm sure that even if we throw an exception there, properly developed tracking script will react accordingly (silently)

(Dec. 05, 2010 08:22 PM)JJoe Wrote:  While I'd rather not be watched and if I cared, I'd like to know which sites are watching for some of these things, stop them, and then decide what to do about it.

I've added the following code to the bottom of AdKeys-J

Good idea. But I'd rather not count on names of functions and variables that one particular site is using, but rather watch for function names (and variables) that come from libraries, known plugins, ActiveX controls, Flash and Java toolkits...

From this point of view I don't see a value in adding these names to watch / remove (in AdKeys-J):
get_fonts - local function name, it could vary easily
oAcro - local variable, I'd rather watch for the name "PDF.PdfCtrl" instead. They can't change that name easily
oPersistDiv - I don't know where the name of the variable comes from, but I assume it's local (thus could vary greatly)
plugins - a local name
...

Again, the goal is not to make protection from this particular test site (or other similar test sites), but rather to find out what could be used for that purpose and block common ways of getting tracking info by nosey sites.

BTW, how do you manage the content in "Log-Rare.log" file. To remove extra lines you have to kill Proxo, edit the log file and then restart Proxo again. Right? Is it the only way? (I assume, it is)