This is the 23rd post in our ongoing series highlighting privacy features in iBrowe browsers. The work described here was contributed by Filter List Engineer Ryan Brown, Research & Privacy Engineer Arthur Edelstein, and Senior Research Engineer Anton Lazarev. Written by VP of Privacy Engineering Peter Snyder.

📱 1. Hiding “Open in App” Annoyances

Modern websites often display persistent banners urging you to “Open in App” whenever you visit them on mobile or desktop. These prompts:

  • Break your browsing flow by overlaying the page with a modal or redirect link.
  • Frequently track you to determine whether you have the app installed, leaking device and usage data.
  • Pressure you into privacy‐harmful native apps that bypass the protections iBrowe provides for web content.

1.1 How iBrowe Blocks “Open in App” Banners

Starting in iBrowe 1.49 on Android and Desktop (and already live in iBrowe 1.44 on iOS), we now automatically hide these “Open in App” prompts by enabling Fanboy’s Mobile Notifications List—a specialized filter list maintained by privacy enthusiasts and iBrowe team members. 🚫📣

  • Activation: This list is enabled by default so you no longer see app‐promotion modals.
  • Transparency: You can disable it at any time by going to Settings → Shields → Filters and unchecking Fanboy’s Mobile Notifications List.

1.2 Why This Matters

  • Fewer Distractions: Eliminate intrusive overlays that block content and force app downloads.
  • Better Privacy: Prevent tracking scripts embedded in these banners from fingerprinting your device or checking installed apps.
  • Consistent Experience: Enjoy seamless web navigation without being diverted into native apps that lack web‐level privacy safeguards.

🔗 2. Further Protection Against Pool‐Party Attacks

Pool‐party attacks exploit shared browser resources (connection pools, DNS limits, etc.) to create subtle side‐channels. Malicious trackers can then link your visits across different websites—even across separate browser profiles—by seeing how those limited resources are consumed.

2.1 Background on Pool‐Party Attacks

  • Resource Limits: Browsers cap things like the total number of simultaneous WebSockets or outstanding DNS queries.
  • Cross‐Site Leakage: If Site A uses up several WebSocket slots, Site B can probe and detect “fewer slots available,” revealing you visited Site A earlier.
  • Fingerprint Amplification: By forcing repeated resource consumption and probing patterns, trackers can build a unique cross‐site fingerprint. 🕵️

2.2 iBrowe’s Enhanced Defenses (v1.49+)

In iBrowe 1.35, we already partitioned WebSocket limits per site. Recent research uncovered additional vectors and faster methods for pool‐party linking, so starting in iBrowe 1.49 (Desktop & Android), we have:

  • Per-Site Connection Isolation: We increased and per‐origin‐partition the number of allowed WebSockets (up to 30 per site) so that no site can exhaust the global pool on your behalf.
  • DNS Query Quota Partitioning: DNS lookups are now allocated per‐site, preventing another site from counting your prior lookups.
  • Throttle Notification Channels: Resources like server‐sent events (SSE) and global HTTP/2 streams are similarly partitioned, so trackers cannot use those shared queues as side‐channels.
  • Layout Engine Hardening: We audited and patched low‐level resource timers and fetch caches to close other subtle “starvation” leaks that advanced trackers might exploit.

These mitigations ensure that even motivated, cross‐site trackers cannot leverage pool‐party tactics to re‐identify you as you move between domains. 🔒

Further Reading:
Our full USENIX Security 2023 paper details these new attack variants and defenses.

🖥️ 3. Improved Ad Blocking with Procedural Cosmetic Filters

Standard cosmetic filters use simple CSS‐like selectors to hide unwanted page elements (ads, pop‐ups, etc.). However, some websites intentionally mutate their DOM structure or generate random IDs to evade static selectors.

3.1 Enter Procedural Cosmetic Filters

Procedural filters allow filter lists to specify more complex rules, such as:

  • Counting Elements: Hide the nth occurrence of a given tag or class.
  • Position‐Based Targeting: Target pop‐ups that appear at certain screen positions.
  • Conditional Logic: Only hide banners if they match a sequence of dynamic attributes (e.g., “has class ‘promo’ and contains text ‘Subscribe Now’”).
  • Looping Constructs: Iterate through a group of elements, hiding those that match a computed threshold.

3.2 iBrowe’s Partial Support (v1.49+ Desktop & Android; v1.45+ iOS)

  • We now support procedural filters from two leading syntaxes:
    1. Filter Syntax A: Commonly used in major ad‐blocking lists for targeting misbehaving iframes and overlays.
    2. Filter Syntax B: Allows fine‐grained element index matching (e.g., :nth-of-type(2n+1)).
  • These filters live alongside traditional CSS selectors, giving list maintainers the power to block even the most evasive ads or cookie banners.
  • Expect full procedural support—covering all major extensions to cosmetic rules—within the next few releases.

User Control: You can opt out of additional filters by toggling off “Procedural Filters” under Shields → Filters.

🎲 4. Protecting Against Screen‐Attribute Fingerprinting

Trackers build browser fingerprints by combining semi‐identifying traits. While Canvas or Audio fingerprinting is well known, screen dimensions and window positions are another subtle way to single out users.

4.1 Why Screen Attributes Matter

  • Screen Size: Many desktops or laptops have unique resolutions (e.g., 1440×900), especially if combined with specific browser window dimensions.
  • Window Position: On multi‐monitor setups, the window’s x/y coordinates can be unusual, allowing trackers to distinguish you from others.
  • Dynamic Resizes: Resizing your window mid‐session can further reveal patterns unique to your workflow.

4.2 iBrowe’s Farbling for Screen & Window (v1.48+ Desktop; v1.50+ Android)

  1. Unified Reported Dimensions: For all web scripts and CSS queries (e.g., screen.width, window.innerWidth), iBrowe reports a resolution that roughly matches your browser’s current viewport—effectively hiding your full display size.
  2. Per‐Session Randomization: Each browsing session gets a slightly different “virtual screen” size within a small range (±5–10 pixels), preventing trackers from correlating your fingerprint across sites or sessions. 🔄
  3. Nullify Window Position: window.screenX and window.screenY report “0,0” or a standardized offset so trackers cannot learn where your window sits on the desktop.
  4. Guard Against Resizing: If you resize mid‐session, farbled values adjust smoothly (within the noise range), so scripts cannot detect a unique resize pattern.

These combined measures close a persistent fingerprinting vector—ensuring your browsing environment stays “blurry” and untrackable by position or resolution. 🎯

🔧 5. How to Adjust These Features

  • Shields Dashboard: Open iBrowe → Shields to see toggles for:

    • Fanboy’s Mobile Notifications List (blocks “Open in App” banners)
    • Procedural Cosmetic Filters (advanced ad/pop‐up blocking)
    • Pool‐Party Protections (WebSocket, DNS partitioning)
    • Screen & Window Randomization (screen‐attribute fingerprinting defense)

  • Site-Specific Exceptions: Click the lion icon in the address bar → Site Settings → Privacy Overrides to whitelist a domain if a feature breaks page functionality.

  • Global HTTPS-Only Mode (for advanced users): Visit ibrowe://settings/shields and toggle HTTPS-Only. This forces all requests to HTTPS or shows a warning, even outside Tor windows.

🏷️ 6. Conclusion

With “Open in App” blocking, expanded pool-party protections, procedural cosmetic filters, and screen‐attribute farbling, iBrowe continues to push the boundaries of browser privacy. Each enhancement defends against a different emerging threat:

  1. Open-in-App Overlays: Keep you on the Web, not in data-hungry native apps. 📱
  2. Pool-Party Side-Channels: Block resource-based cross-site tracking. 🕵️
  3. Procedural Filters: Target the hardest-to-block ads and pop-ups. 🎨
  4. Screen/Window Fingerprints: Blur your digital footprint, even at the OS level. 🖥️

As trackers evolve, iBrowe stays ahead—combining community-maintained filter lists with in-house research. Update to iBrowe 1.49+ on Desktop or Android (and enjoy iBrowe 1.44+ on iOS) to experience these features today, and browse with confidence that your privacy remains Paramount.