* I'm not in that city.

* It's running a kind of Chrome on a kind of Linux, at a stretch.

* Nobody can infer when I work and when I sleep. That includes me.

* The recent, high-end display is the screen of a low-end tablet I bought in a supermarket five years ago.

* But yes, browser fingerprinting is annoying.

* Since you can detect light mode, would it kill you to honor it?

If the color scheme weren’t so atrocious, it would almost be possible to read what it says.

The website is pretty & the overdramatic copy is fun, but there's much better fingerprinting demos out there.

The number of data points shown here is low - there's plenty more it could be checking - & a good number of them seem to be wrong (it's only detecting one as explicitly "withheld" but I believe a few of them actually are, leading to garbled output).

Needs some QA.

> Your graphics processor identified itself as or similar.

That checks out. I think what I have is similar to a graphics card but isn't quite.

A vibe-coded EFF Cover Your Tracks. The fact this made it to front-page is spookier than its contents

There's really a lot more you can look at here. Lot's a prior art on super-cookies and fingerprinting:

https://coveryourtracks.eff.org/

https://amiunique.org/

Dunno what it is with the wording but my brain started reading it in a bit of a "Hello Clarice" Hannibal Lecter style lol

>The specific combination of fonts on your device is nearly unique — like a fingerprint made of letters

Is this one true? I've not made any changes to fonts on my phone that I know of, wouldn't it just be bog standard iPhone fonts?

Curiosity not challenge

I prefer https://fingerprint.com/demo

Terrible company-at least you know you are testing what is being used.

> Where you were before

> news.ycombinator.com

This has always bothered me the most. I disabled the 'Referer' header once, but it breaks many websites.

Most of this is pretty standard stuff but one thing I did learn is some of the fingerprinting techniques I wouldn't've thought of. Like Mozilla/Apple not sharing GPU or battery information being used to confirm which browser I use even if I fake the User Agent String.

Happy to say that my browser didn't tell anything that I didn't expect it to. It even identified my IP from a location 1000km away from me.

Firefox on Android with ublock

Aren't LLMs smart enough to choose better color contrast by now?

I guess I shouldn't be surprised that it gives my exact GPU, but that was surprising to me. Just so everyone knows, its an AMD Radeon RX 6900 XT and I paid way too much for it during the covid/crypto price explosion when they were sold out everywhere. Still a bit raw about that, but it is an excellent card on Linux (fedora)

My battery is at NaN%, the site is cool but it should probably change the text if I’m not actually exposing that information.

It got the city wrong but close to where I live. This stuff would be wildly wrong if I fired up my VPN. Although its annoying when I connected to a VPN to Steam it’ll often show my prices in Canadian dollars instead of USD.

I appreciate the intent here, so this is constructive feedback:

  - Some of the numbers are off, eg 

  - low contrast in dark mode makes text hard to read

> Your screen is 320 by 568 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display.

It’s been a long time my 2016’ iPhone as been called recent or high-end but I’ll take the compliment, thank-you.

It's somewhat interesting but over half of what it talked about is just silly.

- Reverse IP/geocode (while be cute about "we won't show your IP", oh no, not my IP!)

- Timezone - Ok, yeah, lots of websites need/make use of that for completely legit tasks

- Browser/OS/Screen size - boring, again mostly needed or historical

- GPU - Again, not super interesting IMHO

- Battery - Ok, this is the first one I think should be behind a permission dialog

- Language - Come off it, that's just table stakes

- Fonts - Again, not sure how else this should work in a "perfect" world

- Cookies/dark mode/DnT/etc - Ehh, again aside from fingerprinting (which ruins everything) these are all QoL improvements IMHO

- Referrer - Again, this is just how the web works

I think the websites that take all of that and show you a fingerprint or show the data in a more data-oriented way are way more compelling.

This, almost certainly vibe-coded, website doesn't do anything novel and hits on a huge pet peeve of mine: using low-quality arguments for a legit issue (fingerprinting). By mixing in stuff like your IP/Language on the same level as Battery/GPU/other-fingerprinty-things it makes the whole argument less compelling.

Mine told me my graphics card was "or similar" so my stock Firefox is doing at least okay.

While I still follow the general privacy first tenets, I have ended up backing off on some tools (noscript and librewolf) at the extremes of privacy because if every site is going to track everything by my IP or by my ASN or browser fingerprint, I do have a happy medium of being private enough while not being utterly broken in my browsing.

Roughly that looks like email aliases on demand via sieve rules, ublock origin with liberal use of filter lists, different handles and a password manager, frozen credit ratings, and Tailscale exit nodes or Mozilla(Mullvad) VPN for uncontrolled WiFi access points for my jnrootabke android device and mostly signal for comms.

I'm getting to old to be a privacy extreme enthusiast when all of my family side channels everything straight to Facebook, so this is the impure level of privacy I can sustain.

This is just... silly. Everything it told me, while browsing on my iPhone, seems entirely reasonable.

> Every page you have ever visited knows at least this much. Most of them know more. None of them told you.

So? Why would I want the news site I'm visiting to "tell me" it knows my preferred language, that I'm using light mode, or the estimated location of my IP address...?

It's not surprising that a browser which renders text can be used to identify which fonts are available. It's not surprising that a browser which allows calculation with your GPU will identify your type of GPU.

The "without asking" framing is just silly. I expect to be asked for consent to use my webcam or microphone or exact precise location. But the last thing I want is to be asked for permission around detecting my local time zone or preferred language or my screen resolution or 20 other totally reasonable things for a website to be able to know.

Text is so dim is really hard to read.

You can't gaurentee any of this is fingerprintable without checking twice (i.e. give the user a unique url, then ask them to restart the browser and visit it). In privacy browsers like LibreWolf or Mullvad Browser this is almost all spoofed, save for things like the IP which needs to be hidden/changed independently of the browser.

Aside from the fingerprinting methods, the graphics processor string seems to be the most immediately personal data given up (other than location, which was incorrect for me). I could see sites tailoring ads around an assumed class, income, and level of digital literacy based on this data point alone.

Its mixing confidential info. For example, you know I'm connected from a location, but you do not know my precise location. I connected from a tower that is from Odido, but I am not paying Odido for a subscription.

I'm not worried about my privacy. No one can read the dark text on that page anyhow.

> Your screen is 1512 by 982 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display. Your device volunteered all of this in the first milliseconds of the connection.

No it didn't. It was queried by the JS running on the page. It's a fun demo but it could really do without the slop prose.

DuckDuckGo browser helped mask some stuff, but definitely a fair amount still goes through.

Annoyingly the web is becoming a bit more annoying to browse as a DuckDuckGo (mobile) and Brave (desktop) user. With a VPN on top it gets even worse.

With javascript off it just stalls at "reading" forever. There are certainly some viewport properties and other things it does know even without JS execution, but the mitigation is significant. And the page itself (the JS application) cannot act on that data or communicate it. Instead it has to be processed by some other application on the backend or wherever. Not in my browser by my computer.

>OH MY GOD WE KNOW STUFF ABOUT YOU

peoples obsession with 100% privacy while operating in a public space is immature. if you're that risk averse dont connect to the internet.

Vibecoded slop with LLM-written copy. When will it stop

Lol, the description text is so dramatic.

Man what a awful looking site. I shouldn't have to crank my brightness to max to kind of read the words

We've seen tens of pages like this, all done better. Now the vibe coders got into it and completely fuck up the idea.