Threaded Mode | Linear Mode

***JJoe*** · Dec. 10, 2010, 02:01 AM

I moved the Proxomitron to an XP Pro 32bit SP3 machine, IE7, Firefox, and Opera. On that machine the fonts displayed in all browsers.

On Windows 7 64bit, IE8, Firefox, Opera, Chrome, only IE8 does not display the fonts.

I'm guessing that something, other than the Proxomitron, in the Win7 machine stops the font display for IE8 at BrowserSpy.

The filter is removing the code as expected.

The "Flash" cyan rectangle is created by the "<object>...: Toggle Flash" web page filter. I think, it may not be displayed until the page finishes loading. The changes that the "Blocking System Fonts info" filter makes could make the page 'hang'.

OZO · Dec. 10, 2010, 05:50 AM

I'm using:
1. WXP Pro SP2 with IE7, FF.3.6.10 and Iron.7.0.520.
2. WXP Home SP3 with IE6.
And result is always consistent. No system fonts are displayed.

Here is initial code ( http://browserspy.dk/fonts-flash.php ):

Code:

$(document).oneTime(4000, function() {

            if (!fontsok) {

                var fonts = false;

                var obj = document.getElementById("fontshelper");

                if (typeof(obj.GetVariable) != "undefined") {

                    fonts = obj.GetVariable("/:user_fonts");

                }

                fontList(fonts);

            }

        });

When filter applied the resulting code is this one:

Code:

        $(document).oneTime(4000,

<Match: Blocking System Fonts info     10.12.06 [jjoe ozo] ADD >

function() {

            if (!fontsok) {

                var fonts = false;

                var obj = document.getElementById("fontshelper");

                if (typeof(obj.GetVariable) != "undefined") {

                    fonts = obj.GetVariable("/:user_fonts");

                }

                fontList(fonts);

            }

        }

</Match>

function() { return; });

Which, after removing comments, translates to this code:

Code:

$(document).oneTime(4000, function() { return; });

The resulting code is looking correct to me and it is as expected. In that timer function (running after 4 sec delay) we have just removed the call of Flash object (obj.GetVariable("/:user_fonts")) and that's it.

When you see that in W7 all fonts are displayed - have you checked the result of running filter? Does it create debug log similar to published above?

Fonts should not be displayed unless your browsers call "obj.GetVariable("/:user_fonts")" function. And if the filter works in your environment - there should be no such call...

As I've mentioned there is no cyan rectangle for Flash object in FF and Iron. Downloading of the page is complete. There is "timer" button and I may click on that allowing timer to run. There is no any difference (as expected - we have removed its content, see above).

And finally, between tests don't forget to clean the browser cache (as I did in the beginning of this thread) Wink

***JJoe*** · Dec. 10, 2010, 09:57 PM

The filter is changing the code as expected. Wink

Thing is, I'm not suprised to see the fonts displayed (again no js or flash expert here).

The complete unfiltered script is

Code:

<script type="text/javascript">

//<![CDATA[

        var fontsok = false;

        function fontList(aFonts) {

            var fontdetail = 0;

            if (typeof(aFonts) == "string") {

                var fonts = aFonts.split(",");

                $("#fontsnum").text(fonts.length);

                $("#fontslist").text("Please wait while list of font are bing generated...");

                if (fontdetail) {

                    var rows = getFontRows(fonts);

                    $("#fontslistrow").hide();

                    $("#fontsbody").append(rows);

                } else {

                    $("#fontslist").text("");

                    for (var i = 0; i < fonts.length; i++) {

                        $("#fontslist").append(fonts[i] + "<br/>");

                    }

                }

                fontsok = true;

            } else {

                $("#fontsnum").html("Flash doesn't seems to be installed or working! <a href=\"flash.php\">Check Flash

</a>.");

                $("#fontslist").html("Flash doesn't seems to be installed or working! <a href=\"flash.php\">Check Flash

</a>.");

            }

        };

        $("#flashcontent").flash(

            {

                "src": "flash/fonts.swf",

                "width": "1",

                "height": "1",

                "swliveconnect": "true",

                "id": "fontshelper",

                "name": "fontshelper"

            }

        );

        $(document).oneTime(4000, function() {

            if (!fontsok) {

                var fonts = false;

                var obj = document.getElementById("fontshelper");

                if (typeof(obj.GetVariable) != "undefined") {

                    fonts = obj.GetVariable("/:user_fonts");

                }

                fontList(fonts);

            }

        });

    //]]>

</script>

I think there are two mechanisms to gather the fonts. The second, activated by "if (!fontsok)", is removed by the filter.

Took some time to find a free decompiler but the BrowserSpy flash file decompiles to

Code:

//----------------------------------------------------------------------

//Frame 1

//----------------------------------------------------------------------

var user_fonts = textfield.getfontlist();

user_fonts.sort();

geturl (("javascript:fontList(\"" + escape(user_fonts)) + "\")", "_self");

I think the flash uses "geturl" to call the function "fontList" and pass the escaped contents of "user_fonts". The "geturl" method appears to fail or be blocked on my Win7 64bit machine when using IE8. I thought it might be IE8's "protected mode" but it wasn't.

Some web searching seems to indicate that "geturl" has not always 'worked' and is being deprecated.

The panopticlick swf decompiles to

Code:

//----------------------------------------------------------------------

//Frame 1

//----------------------------------------------------------------------

var user_fonts = textfield.getfontlist();

geturl (("javascript:fontList(\"" + escape(user_fonts)) + "\")", "_self");

They have "geturl" call for "fontList" but they don't seem to use or need it.
The "fontList" function is only found in the swf file for panopticlick.

too curious

OZO · Dec. 10, 2010, 11:13 PM

Interesting. Is it my Flash (v.10,1,82,76) or is it my security settings for the Flash are responsible for what I experience? As I mentioned above - I see prompt from the Flash to run only on IE7 (not on FF and Iron) and even then when I ask it to run - it simply disappears... I have pretty strict restrictions on what Flash can do on my computers.

Good find on "TextField.getFontList();" Flash method within encoded files! It's looks like it's hard to block it. I guess even providing a dummy with the same name in JS will not work...

BTW, I think the "panopticlick swf " is more targeted on tracking users then the BrowserSpy flash file. Why? It preserves the order of fonts, which bears an additional ID info... Wink

***ProxRocks*** · Dec. 11, 2010, 12:22 AM

Firefox, Pale Moon, Iron, Chrome, Chromium, Safari, Sea Monkey, etc, yawn, all need their own Flash plugin installed that, IIRC, are NOT installed by default...

***JJoe*** · (This post was last modified: Dec. 11, 2010 02:15 AM by JJoe.)

Assuming that BrowserSpy works when the Proxomitron is bypassed, I don't know. A security app, ms security patch, or forgotten setting?

The set's toggle should be displayed whenever the filter matches and the page finishes loading, flash or no.

I have Flash Player 10.1.102.64 for all browsers.
http://filehippo.com/download_flashplayer/

The sure way to stop things like flash and java is to stop using them. This doesn't mean that filters to control them are worthless, however.

notg · Jun. 06, 2011, 01:48 AM

Hi,
I'm new to Prox but I find it very powerfull so I decided it's the way to go.
I'm trying to make a filter that would replace the output of the fonts functions used by Java. I'm not concerned about the Flash ones at the moment as I only allow flash on websites I need.
Please just give me an ideea how to start, I'll find my way to the end and keep this thread updated.
As soon as I complete this as a proof of concept I plan to make filters for most used functions threating privacy rather than blocking specific URL's and cases.
Any help appreciated!

***JJoe*** · Jun. 12, 2011, 01:12 AM

Sorry. We somehow missed your post.

(Jun. 06, 2011 01:48 AM)notg Wrote: I'm trying to make a filter that would replace the output of the fonts functions used by Java.

Wouldn't the applets need to be decompiled, filtered, and recompiled?