67
submitted 4 months ago by strawberry@kbin.run to c/privacy@lemmy.ml

Even though i have Proton VPN blocking trackers and use firefox with arkenfox EFF always says my browser has a unique fingerprint. Same with Mullvad browser and Tor. When I switched Tor to "Safer" it said near unique fingerprint, and only when i switched it to safest did it say i am protected from fingerprinting

from my results id guess that it has no fingerprit thanks to no javascript, but 90% of websites are useless without js

all 36 comments
sorted by: hot top controversial new old
[-] Lemongrab@lemmy.one 21 points 4 months ago* (last edited 4 months ago)

You can fingerprint with just CSS and HTML

[-] ssm@lemmy.sdf.org 3 points 4 months ago

Yes, but it's much better than if you have scripts enabled. Assuming have your useragent set to something common, you're already covering a lot of ground, and even if you're not totally fingerprint-proof from every html attribute, every little bit helps.

[-] strawberry@kbin.run 3 points 4 months ago

oddly enough, when i keep my default ua, it says one in 400 have the same one, but when i change it to chrome running on windows (first one on that website you shared) it says only one in 3000

though i suppose this may be inaccurate because theres a good chance that firefox users are more likely to use this site than chrome users

should i just keep it changed to chrome on windows or default?

[-] refalo@programming.dev 2 points 4 months ago

Or just TLS.

[-] upto60percentoff@kbin.run 12 points 4 months ago

If EFF always says your browser has a unique fingerprint then that means the anti-fingerprinting is working, no?

[-] listless@lemmy.cringecollective.io 12 points 4 months ago

If your fingerprint is unique, that means you can't be confused for someone else.

That is literally the opposite of anti-fingerprinting.

You want to look like 1000's of other people, so they can't prove it was you that visited a particular site and use that information against you.

[-] upto60percentoff@kbin.run 6 points 4 months ago* (last edited 4 months ago)

If it's unique every time it means they can't create a consistent fingerprint for you.

A UUID assigned to each user is unique, but that's not useful for tracking unless you can ensure each user keeps the same number across visits.

[-] listless@lemmy.cringecollective.io 7 points 4 months ago

The idea with anti-fingerprinting is the idea that no matter who you are or what your setup is, the fingerprint is created, it matches many, many other browsers

Imagine a sea of people in Guy Fawkes masks.

[-] upto60percentoff@kbin.run 2 points 4 months ago* (last edited 4 months ago)

No, the idea is that you can't be traced via fingerprinting.

Both strategies accomplish that.

[-] listless@lemmy.cringecollective.io 1 points 4 months ago

The issueI have with the "always unique" plan is that if they can determine your browser was associated with some set of unique IDs, then they can track you. Imagine a TOTP where the keys were leaked so the adversary can determine the entire set of possible codes.

If everyone's fingerprints always match each other's, then you have plausible deniability.

[-] upto60percentoff@kbin.run 1 points 3 months ago* (last edited 3 months ago)

f they can determine your browser was associated with some set of unique IDs, then they can track you

The only scenario in which this could happen would leave both strategies equally vulnerable.

[-] hellfire103@lemmy.ca 7 points 4 months ago

Try it with Mullvad Browser or Brave. The former should give "You have a non-unique fingerprint", while the latter should give "You have a randomised fingerprint".

I personally prefer Mullvad, as it's not run by a raging homophobe and it's not based on Chromium.

[-] upto60percentoff@kbin.run 5 points 4 months ago* (last edited 4 months ago)

You and 1000 friends go to a party all dressed in the same Mr Blobby costume. When one of you gets absolutely shitfaced at the open bar and vomits in the middle of the dance floor, they get kicked out and banned from next week's rager. Next week rolls around, and 1001 Mr Blobbys rock up on on the dance floor, because management has no idea which Mr Blobby cost them their deposit last week.

You and 1000 friends all go to a party dressed as a unique DeviantArt Sonic OC. One of you fails to hold their liquor. They get kicked out. You all attend the party next week all wearing a completely different costume of a completely different DeviantArt Sonic OC, since the number of them is functionally infinite. Management can't kick the vomiteer out because as far as they're concerned, Jimmy the Hedgehog didn't show up this week, because whoever was Jimmy the Hedgehog is now Steve the Echidna.

[-] merde@sh.itjust.works 12 points 4 months ago* (last edited 4 months ago)

mull: Your browser fingerprint appears to be unique among the 172,086 tested in the past 45 days.

firefox focus: Your browser fingerprint appears to be unique among the 172,099 tested in the past 45 days.

tor: Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 86045.5 browsers have the same fingerprint as yours.

tor after enabling "request English versions of web pages for enhanced privacy": Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 57368.0 browsers have the same fingerprint as yours.

tor with safest security level: Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 823.48 browsers have the same fingerprint as yours.

mull after changing android region to United States: Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 12294.86 browsers have the same fingerprint as yours.

changing region doesn't effect tor, as unlike mull it doesn't leak system information

[-] refalo@programming.dev 8 points 4 months ago* (last edited 4 months ago)

possible

In practice? No not really.

JShelter is the only thing I have seen that stops creepjs from working at all. But that doesn't mean you can't be fingerprinted. Not to mention Crimeflare has been very successful with their TLS fingerprinting methods (among other things), which doesn't even require working JavaScript.

And compared to creepjs, EFF's tool is a joke and works quite differently, and not in a good way.

[-] notanaltaccount@lemmy.world 1 points 3 months ago

Are websites often implementing all creepsjs tequniques? It seems like if standard identifiers were enough they wouldn't add in more just because minimal benefit relative to extra effort.

Does TLS fingerprinting do more than fingerprint browser type?

[-] TheBigBrother@lemmy.world 7 points 4 months ago* (last edited 4 months ago)

Burn your PC and use another one every time you open the browser..

[-] MajorHavoc@programming.dev 7 points 4 months ago* (last edited 4 months ago)

always says my browser has a unique fingerprint.

That's mysterious! It's hard to entirely smudge away your digital fingerprint, but getting 100% unique match makes me think something important in your setup might be missing.

Does it say why?

Do you get the same result in a "Private Browsing" session?

Are your cookies set to clear automatically?

If you're allowing 3rd party cookies, you're going to have a unique fingerprint 100% of the time. That would certainly do it.

I can't think of another reason you would get 100% unique match over and over, though.

Are you running nightly releases of your browsers? That shouldn't get 100%, but could if you're unlucky. Or a big pack for browser plugins that love to announce themselves? I'm grasping at straws now.

Edit: You can press F12, while in your browser, and find a tab called 'Network' to see details of what your browser is sending out about you. Pay particular attention to 'headers' and 'cookies'. If those are too informative, it gives you a unique fingerprint. 99.99% of everyone has a unique digital fingerprint. But some basic techniques, studiously applied, should take you out of that pool.

Source: Websites have no idea who I am a lot of the time, generally when I choose. I'm clever and well informed, but I'm really just doing the same stuff you find in most short online guides to privacy.

[-] UnfortunateShort@lemmy.world 6 points 4 months ago* (last edited 4 months ago)

You choice of language already has a great impact on uniqueness. You can't (practically) become less unique than browser wanting stuff in English.

Resolution? Might be really bad, if say you use a smartphone with 20.5:9 aspect ratio or something. Speaking of: Performance is also a factor. If your device uses a rare SoC with measurably different speed than others, that's some uniqueness right there.

Now, you (presumably) have very strict privacy settings. That alone makes you more unique, because who really cares, right? And for example blocking region specific ads can be really, really bad in terms of uniqueness.

EFF's website explains a bit about what they use. Refer to that to get a better idea about what makes you unique.

[-] UnfortunateShort@lemmy.world 5 points 4 months ago

PSA: Firefox 128.0 uses a new HTTP_ACCEPT header that seems super unique to the test, because, well, it's new.

[-] Hello_there@fedia.io 2 points 4 months ago

With the right chemicals you can burn off your fingerprints

[-] refalo@programming.dev 2 points 4 months ago
[-] Crashumbc@lemmy.world 1 points 4 months ago

Depends how deep you go!

[-] ReversalHatchery@beehaw.org 1 points 4 months ago

The best protection may be to avoid sites that make use of it, at least to the extent possible

[-] hellfire103@lemmy.ca 1 points 4 months ago

What browser extensions are you using in Mullvad and Tor?

[-] strawberry@kbin.run 1 points 4 months ago
[-] hellfire103@lemmy.ca 0 points 4 months ago

Huh, that's strange. Cover Your Tracks should have given much better results.

[-] jaxiiruff@lemmy.zip 1 points 3 months ago

I gave up caring about this ages ago when I realised nothing I did improved my results from that website. Fingerprinting doesnt really seem that big of a deal to me as much as using a vpn and ublock extensions.

[-] daris@leminal.space 1 points 3 months ago

I tried different Browsers and the only one that gives "good" results on that site is brave.

[-] delirious_owl@discuss.online 1 points 4 months ago
[-] strawberry@kbin.run 5 points 4 months ago

my threat model isn't that extreme lol. just wanna do the best I can with a normal is and browser

this post was submitted on 12 Jul 2024
67 points (97.2% liked)

Privacy

31876 readers
329 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS