| ▲ | Beijinger 2 days ago |
| "But companies found another way to uniquely identify you across different sessions and websites without using cookies or other persistent storage. It’s called web fingerprinting. Fingerprinting is a more sophisticated approach to identify a user among millions of others. It works by studying your web browser and hardware configuration. Many websites use a fingerprinting library to generate a unique ID. This library collects data from multiple JavaScript APIs offered by your web browser. For example, websites can see web browser version, number of CPUs on your device, screen size, number of touchpoints, video/audio codecs, operating system and many other details that you would not want a typical news website to see." My "rugged" browser for regular browsing has plug-ins that randomize all this data. |
|
| ▲ | rafram 2 days ago | parent | next [-] |
| This most likely makes you more identifiable, not less, until a critical mass of people are using a browser with the exact same randomness properties. |
| |
| ▲ | graemep 2 days ago | parent | next [-] | | I can see this as an argument for avoiding unusual properties, but how can they identify you using random properties? Even if it is just one user doing this how can they match the fingerprints? Also, its unusual enough that its unlikely they will bother trying. | | |
| ▲ | rafram 2 days ago | parent [-] | | The fact that the properties are randomized (and which properties are randomized) identifies the extension that you’re using, and if that extension has like 10 users, that uniquely identifies you across sites. All of this is overkill anyway unless you actually think you’re up against a determined actor targeting you personally. If you are, they will bother trying. | | |
| ▲ | graemep 2 days ago | parent | next [-] | | > The fact that the properties are randomized (and which properties are randomized) identifies the extension that you’re using, and if that extension has like 10 users, that uniquely identifies you across sites. How do they know they are randomised rather than actual properties? | |
| ▲ | bigbuppo 2 days ago | parent | prev [-] | | Go hang out with people that actually work in marketing and advertising and see if that changes your views. |
|
| |
| ▲ | Beijinger 2 days ago | parent | prev [-] | | Yes. It makes me unique. Every visit. If I visit the site 10 times, you have 10 unique IDs. | | |
| ▲ | rafram 2 days ago | parent [-] | | And if the site loads 100 iframes, it can figure out the distribution of values that your browser returns, which doesn’t change, and is likely to be close to unique until many people are using the same setup as you. (Or it can just use properties of the extension like monkey-patched function toString() outputs to identify its users, which, again, narrows it down to a very small group.) | | |
| ▲ | Beijinger 2 days ago | parent [-] | | Yes! You are unique among the 4162412 fingerprints in our entire dataset. Yes! You are unique among the 4162649 fingerprints in our entire dataset. Two visits... https://amiunique.org/ | | |
| ▲ | rafram 2 days ago | parent [-] | | Yeah, you get the exact same results in two separate incognito sessions in stock Chrome. They don't immediately add your fingerprint to their database. (And that site isn't using the state of the art in fingerprinting - check https://fingerprint.com/ for a slightly better indicator.) | | |
| ▲ | Beijinger 2 days ago | parent [-] | | https://fingerprint.com/demo/ Yes, fingerprint.com realizes that I am the same visitor. But ONLY IF I access it from the same IP address. This is impressive, but in the end not so much. They claim VPN does not matter for them. It does. Probably one of the last things that makes my browser identifiable. | | |
| ▲ | rafram 2 days ago | parent | next [-] | | > Yes, fingerprint.com realizes that I am the same visitor. QED... | | |
| ▲ | Beijinger 2 days ago | parent [-] | | Yes, based on IP address. Great achievement. I change my IP, I am unique again. And they want money for this? Nice try. |
| |
| ▲ | miki123211 2 days ago | parent | prev [-] | | Haha, that failed spectacularly. On stock Mac OS Safari (no plugins, no hardened config), I did what they asked and visited their site in incognito mode via a VPN. It gave me a different id, with a message gleefully announcing that "your ID is the same when you're in incognito mode!" It even showed me some supposed visit from a minute ago. Jesus what a scam. | | |
|
|
|
|
|
|
|
| ▲ | RiverCrochet 2 days ago | parent | prev [-] |
| what plugins do you use/recommend? |
| |
| ▲ | Beijinger 2 days ago | parent [-] | | You could try these: Browser Plugs Fingerprint Privacy Randomizer Clear URLs [I don't care about cockies] Privacy Badger Random User-Agent Switcher Temporary Containers uBlock Origin Canvas Blocker NoScript Font Fingerprint Defender Not all sites will work with it. For banking and plan ticket booking, I always recommend a separate, but major (e.g. Chrome) browser without any plug-ins. | | |
| ▲ | gruez 2 days ago | parent | next [-] | | >Random User-Agent Switcher Don't bother. User agent spoofing is easily detectable and it's trivial to figure out your real user-agent based on js implementation differences or TLS fingerprinting. All this does is get you banned/flagged by security vendors, on top of sticking out like a sore thumb. >Canvas Blocker >Font Fingerprint Defender Also easy to easy to detect because randomized values will put you in the bucket of "uses privacy extension" users, which is probably a smaller bucket than whatever hardware profile you're on (eg. macbook pro m3 14"). | | |
| ▲ | Beijinger 2 days ago | parent [-] | | Maybe. >>Random User-Agent Switcher
>Don't bother. User agent spoofing is easily detectable and it's trivial to figure out your real user-agent based on js implementation differences or TLS fingerprinting. JS is blocked by default on my browser. >Canvas Blocker
>Font Fingerprint Defender > Also easy to easy to detect because randomized values will put you in the bucket of "uses privacy extension" Hm. How are they going to detect it is randomized? They would have to identify me first again as the same user and then conclude I randomize these values. | | |
| ▲ | gruez 2 days ago | parent [-] | | >JS is blocked by default on my browser. The major browsers can still be differentiated via default headers and TLS fingerprints, none of which requires js. Moreover if they're inconsistent you'd get flagged with "spoofs user agent", which makes you more identifiable than something like "firefox on mac". >Hm. How are they going to detect it is randomized? They would have to identify me first again as the same user and then conclude I randomize these values. Because a given canvas/font metrics value should return the same result given the same graphics hardware/font set. If you randomize the results it basically guarantees that your fingerprint has never been seen before. This might seem like a good thing (because you're randomized every time), but any competent fingerprinting implementation is just going to flag you as "spoofs canvas/font information". The point isn't necessarily to identify you as any particular user, it's to use the fact you're spoofing canvas/font/user-agent to fingerprint you further. |
|
| |
| ▲ | RiverCrochet 2 days ago | parent | prev [-] | | Thanks! IMHO The portable versions of Chrome or Firefox are great when you want a completely separate browser instance. |
|
|
