Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
michaelt 4 hours ago

Browser fingerprinting is an unintended side-effect of things it's sorta-kinda reasonable for browsers to provide.

A user agent that says the browser's version? Reasonable enough.

Being able to ask for fonts, if the system has them? Difficult to have font support without that.

Getting the user's timezone, language and keyboard layout? Reasonable.

The size of the screen, and the size of the browser window? Difficult to lay things out without that.

Of course a video or audio player needs to know which video formats your browser supports - how else to provide the right video?

Obviously javascript can get the time, and it's trivial to figure out the system's clock error by comparing that to the time on a server.

Before you know it, almost every browser is uniquely identifiable.

fc417fc802 29 minutes ago | parent | next [-]

Most of the things you've listed here don't actually seem all that reasonable to me.

User agents as a concept are rather poorly thought out across the board and not all that useful but persist because that's just how technical cruft is.

Fonts should be provided by the website; if not provided the choice should take the form of a spec sent by the website including line height, sarifs or not, monospace or not, etc. There's little to no excuse for the current font situation IMO beyond poor design decisions that became heavily entrenched.

Timezone and other obviously private metadata should never be shared without the user explicitly granting permission on a case by case basis. The status quo here is completely inexcusable as is the continued failure to fix the problem.

Size of the physical screen should never be exposed under any circumstances. The current size of the browser window is reasonable on its face but now that fingerprinting is understood to be an issue should always be heavily letterboxed unless the user consents to sharing the exact value.

Video formats should be provided by the website as a list of offerings and the browser should respond with a choice; the user could optionally intervene. There's no reason to expose the full capabilities to a remote service.

Querying the current time should be gated behind an explicit permission. There's almost never a need for it. However from a fingerprinting perspective you also have to worry about correlating the rate of clock skew across clients. That can be solved by gating access to high resolution time counters behind an explicit permission as (once again) the vast majority of services have no legitimate use for such functionality.

francoi8 2 hours ago | parent | prev | next [-]

All of these could have a set of standard non identifiable answers (eg. firefox reports the same 20 fonts, couple video formats, one among a few standard window sizes etc.) and for anything more extensive/precise, it would require the user's authorization and the user should have the option of feeding fake info (eg. fake timezone)

snailmailman 2 hours ago | parent [-]

Firefox's "Resist fingerprinting" does this. It sets timezone to UTC, standardizes the fonts, standardizes a whole bunch of other fingerprinting data, etc. It also has a "letterboxing" option to round screensize down to the nearest 100px and stuff too. Tor uses all of those settings by default, though they are also in standard firefox in about:config.

When i use Resist Fingerprinting my main issue is the timezone being set to UTC. most of the other stuff it does never causes issues. I guess sometimes sites need to read the canvas, but theres a permission box that allows that when needed. I wish there was a similar permission box for timezone.

The only other drawback to the "resist fingerprinting" option is you will encounter cloudflares' captcha checkbox everywhere and all of the time :(

sandworm101 3 hours ago | parent | prev | next [-]

The tor project seeks this bypass this by keeping such things standardized across users, even down to reported screen size. And there is nothing stopping the browser from fibbing as most settings dong matter all that much (ie UK v Canadian v American English).

BeetleB 3 hours ago | parent | prev [-]

I fantasize having a browser that I can use only for viewing content.

No applications. No mail. No need for cookies.

I can use a "regular" browser for more enhanced stuff. But for simple content consumption, we can just have a "dumb" browser that can't do much.

> A user agent that says the browser's version? Reasonable enough.

No user agent. I'm guessing it will need it for JavaScript or HTML features, and dynamically update if using an old browser, but let's just not supply a user agent and let it be the reader's burden to have a reasonably decent browser.

> Being able to ask for fonts, if the system has them? Difficult to have font support without that.

What's the fallback if the system doesn't have them?

> Getting the user's timezone, language and keyboard layout? Reasonable.

Keyboard layout is irrelevant for viewing content. For timezone and language: Yeah, I can see the use cases, but these are in a small minority. Let there be a popup when requested, and the user can specify the timezone/language as requested.

> The size of the screen, and the size of the browser window? Difficult to lay things out without that.

Let's let this new browser return only from a (small) discrete set of sizes. It will pick the size closest to the actual browser window size and send that.

> Of course a video or audio player needs to know which video formats your browser supports - how else to provide the right video?

Same answer as user agent. Either let the user pick from a selection of video formats, or just hard code a reasonable one and put the onus on the user to have a browser that supports it.

> Obviously javascript can get the time, and it's trivial to figure out the system's clock error by comparing that to the time on a server.

This hypothetical browser could just not send the time :-) For 99% of content consumption, this function is not needed.

What I'm describing should be part of "Private mode". Or browsers should have an "Ultra-private" mode that is the above. If it's too complex/risky maintaining it all in one codebase ... fine. Just have a separate browser.

Right now, if I built such a browser, I'm sure a lot of sites meant for content would break. But in my fantasy world, using "Ultra-private" would be the default, and people who make sites will target them first.

I think much of the complexity in making a web browser is all the "other" stuff. Being able to run apps, cookie/privacy management, etc.

0x62 2 hours ago | parent | next [-]

Unfortunately you've now made an incredibly niche browser, and the lack of those metrics is a good fingerprint by itself. How browsers render SVGs can be used for fingerprinting (even the underlying OS affects this, and I assume you'll want to see those), combine with ISP from IP address, and unless theres hundreds users in every city you're now pretty easily trackable.

BeetleB 11 minutes ago | parent [-]

> Unfortunately you've now made an incredibly niche browser, and the lack of those metrics is a good fingerprint by itself.

If 100 people are using that browser, how will they know which one is me?

> How browsers render SVGs can be used for fingerprinting (even the underlying OS affects this, and I assume you'll want to see those)

Can you provide details on this? And how will they know which OS I'm using (through SVG rendering...)? The UserAgent definitely should not send the OS.

> combine with ISP from IP address

That's already provided whether I use Private mode or not, correct? I can always use a VPN.

bryan_w an hour ago | parent | prev | next [-]

Just use Tor browser? You can turn the tor part off if you need the speed.

What you want exists, have at it

BeetleB a minute ago | parent [-]

As the submission shows, Tor browser isn't enough. My hypothetical browser would never have an IndexedDB API. Why should it?

"Web applications use it for offline support, caching, session state, and other local storage needs"

This use case is completely orthogonal to what my browser is meant to do. My browser would not have a concept of local storage.

The premise of starting with a modern browser and stripping away features to get privacy is flawed - it's always vulnerable to these types of things. I'm going the opposite route: Only add features if they cannot be exploited for monitoring.

93po 2 hours ago | parent | prev [-]

i've had the same thought for 20 years and unfortunately it's less likely than ever to happen now, given how many sites require javascript and have cloudflare pages before even loading a site (I get several a day).

thankfully i think traditional web surfing is probably going to die out in the next 10 years, and progressively decline a lot much sooner than that as people start to interact with AI rather than browsers (or any software for that matter).

my feed of hackernews is going to be my AI agent giving it to me in plain text very soon, and soon after that i will probably never visit the internet again because it will be impossible to know what's real and fake

as a millennial it will be interesting to experience the full cycle of being born when nothing was online, to everything being online, to then again being entirely offline by the time i'm older

fc417fc802 22 minutes ago | parent [-]

> my feed of hackernews is going to be my AI agent giving it to me in plain text very soon

Wait for the advent of local agents running on local models (for privacy) followed by techniques to fingerprint agents, followed by techniques to infer query parameters based on agent behavior. I wish I was joking but it seems all too plausible.