Great news. My VPN is working!
Well they tried
And yet here they are showing me their webpage in darkmode 😒
I’m glad it acknowledges explains the impacts of anti-fingerprinting measures. I’ve seen some others assume that a random canvas is unique rather than one of the many people randomising it the same way, leading to a false “unique” assessment.
Your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work. The substitution is itself distinctive.
Your browser masked your graphics processor. Firefox and Safari have started returning generic strings — “Mozilla”, “Apple”, “or similar” — instead of the real renderer. The fact that yours did so tells us, with reasonable confidence, which browser you are running. The mask is also a fingerprint.
I like that they covered all the possibilities for the do not track flag, as I saw it as useless from the very start, as by then I realized the honour system didn’t mean shit and it would just be another piece of data.
all trackers hate this one trick
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
Nothing makes you more unique than being one of the few people who disable java script
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
I definitely have misleading information on there, which is great, but I probably need more.
Welp, my user agent switcher is successfully purporting to be a different operating system.
I found it interesting that it knows my battery level and current orientation of the phone.
I can understand the latter since it might want to render differently, but why does it need to know the battery level?
Potentially to activate battery-saving features? Like AMOLED-black mode if your battery is <15 % or something (and your screen is AMOLED)
Shouldn’t that be the provenance of the device itself though. My phone already allows me to set a threshold when it should go to night mode for example. The system can tell the browser to switch rendering to night mode. There’s no real reason for the browser then to report to the site.
On Firefox android both the battery level and graphics card information were not available. But it was described as another data point regardless.
So uh… By using fennec and sometimes a VPN. Am I making myself more unique and fingerprint able?
Should I be using something that sends randomised bogus data instead?
Here I thought I was private but some of these 1% figures makes it look like I’m very unique and easily tracked.
Should I be using something that sends randomised bogus data instead?
Mine is sending that my primary language is English, but that I know other languages (I don’t), but it’d be nice to have a tool messes with them more.
This ones my fave: https://amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you’re unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
that’s pretty comprehensive, and similarity ratios show how easy it is to create a unique fingerprint for somebody if you hash a few of these metrics together for example.
i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i’m ultra unique:
Yes! You are unique among the 5084762 fingerprints in our entire dataset.
Somehow safari on an iPhone is also unique.
TIL LibreWolf randomizes some fingerprinting targets.
Yay, I’m completely unique! I won!
Wait a minute
The percentage of, normally, privacy-aware people
Attribute number 1 already says 0%. We’re done here.
They basically asked for your name, birth date, and mother’s maiden name, and your browser just gave it to them and offered even more.
Interesting, I wonder how unique the fingerprinting is though, they don’t give you any specific stats.
Is it really possible to identify me with like 1/100 precision for example, if you don’t have my real IP, real country, no trackers, and all you have is a list of fonts, my graphics card, and the browser info?
Yeah, I kinda wish the site generated a hash or something because I’ve got an extension that fakes the canvas results, but the site says those identifiers are unique for me… But are they the same unique (which indicates the extension isn’t doing anything) or different each time (which might even make the others less useful if it aggregates everything?
I did notice earlier today that the YouTube recommendations were all actually related to the video I was currently watching instead of it trying to get me to go down a rabbit hole I’ve already been down even logged out, like it does on my desktop where I haven’t installed that extension.
That’s the magic of fingerprinting. They don’t need what we would consider are the “real” signals like IP address anymore.
They can create a composite value based on boring stuff like the things you mentioned, plus a few others. They can pull fun stuff like the details of your TLS handshake OS, browser, versions of various plugins/addons, etc. Given 20+ signals they can fingerprint you pretty well. They store it and just profile you, follow you around.
VPNs, privacy addons are just more signals to use to fingerprint you. You stand out even more when you try to hide. It’s been this way for a while now.
Is there any way to browse the web without being fingerprinted, short of literally using a separate computer
Really?
No.
It’s been this way for a while. At best, you can use some techniques to provide plausible deniability from a legal perspective.
Not that laws matter anymore.
The best you can do is try to blend in.
I don’t understand why this should be inherently impossible. If you buy a separate device, and use that exclusively for one thing and do not cross-contaminate, that should work to avoid fingerprinting right? And this is all information that your computer is voluntarily providing, and is I assume possible to change independently from the hardware. So why not?
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
Well. That’s horrifying. Thanks, I guess.
Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique — like a fingerprint made of letters
What the fuck why is my browser telling random websites what fonts I have installed? Shouldn’t that be completely irrelevant to everyone except me and my particular device?
It should be, yes. But browsers like Chrome are literally made by the company that stands to profit from fingerprinting you, so they’re always going to be made to make it easy to do just that. Firefox at least has “resist fingerprinting” option which apparently can limit font visibility to only base system fonts rather than fonts you installed and language-pack fonts. LibreWolf has this on out of the box.
Thats part of how you’re fingerprinted.
So it can know which fonts it can use and your device would be able to display them?
Why doesn’t it just let the site display whatever it wants and let me worry about the issue of whether they display properly
The site could also be set to display whatever font it wants but also set to list standard fonts that also work which the browser can then choose from on the user’s end if the user doesn’t have the first choice font. That way you the user don’t have to worry about it and there is no way to fingerprint by the browser just handing out an entire list of fonts installed on the user’s system. There are plenty of ways to make things like this work, but the incentive is to keep them as they are or to increase uniqueness so people can be more easily fingerprinted.
Quite fear mongering and not very educative. Throws around a lot of terms whose meanings are not explained, nor are there links to further descriptions. This doesn’t help people who need to know about this stuff. If you already know about this stuff, it doesn’t really add any value.
There are links and more info when you get to the bottom, you can click on sources. It gives you info and what to do about it, with links to sites like EFF.
