| ▲ | voidUpdate 2 days ago | |
How does web fingerprinting work with things like iPhones, where many people have the same screen, browser, os version, etc? | ||
| ▲ | kevindamm 2 days ago | parent | next [-] | |
The browser version will have some variance because releases are rolled out to clients over time, and users don't restart their browser immediately. I don't know all the signals FingerprintJS use but they obviously depend significantly on the user agent string (which has the precise version) seen by how the author could spoof it with Tor's UA randomizer. BTW, the article is incorrect that Chrome doesn't allow for user agent modification or other fingerprint resistance; you can: https://developer.chrome.com/docs/devtools/device-mode/overr... and there are extensions for more convenience. The article is also incorrect about third party cookie leakage from ads but it was possible to sniff the session ID in some cases, back a decade ago before everything went cookieless and dropped session identifiers from the protocol entirely. However, it is possible for advertisers to parameterize their campaigns and analytics to such a detail that they can link demographics to their internal user IDs, though it's against policy it is easy to go unnoticed. And things like location exfiltration in too many Android apps, I'm not trying to give Google a complete pass on privacy but it's clear the author made some assumptions based on bias. Back to your question, though, there are other things you can use as part of the fingerprint. The fonts that are installed are a proxy for which applications have been installed. The artifacts at the edge of text rendered onto a canvas can indicate which graphics chip and drivers are installed, sometimes with differences even within the same GPU model and driver version. Touch tracking can tell whether you swipe with your left hand or your right hand. Timing signals can indicate CPU specs and even hint at whether you're in a VM or behind a VPN, etc. There are more, accessible from JS in most cases, and really most of it is more reliable than what's in the user agent string. | ||
| ▲ | fuzzy2 2 days ago | parent | prev | next [-] | |
I think there’s still quite a bit: font size, regional settings (language etc), software versions, browser extensions, adblockers… | ||
| ▲ | dehrmann 2 days ago | parent | prev [-] | |
Not as well. This is especially true for iPhones where there are fewer SKUs and aggressively pushed updates. | ||