Time to start installing and uninstalling random fonts everyday.
And then you become even more identifiable cause you’re part of the 10 madmen in Google’s database who do it
In reality hes the only madmen but switches IPs in between
Or you could use chameleon browser extension.
It changes your data every 5 minutes
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
Your screen is 360 by 640 pixels, rendered at 4x density — which means it is almost certainly a recent, high-end display
GUESS AGAIN, IDIOTS!
Your finger moved 899 times… what???
It seems to count a swipe as a series of dozens of movements. Probably to show there’s a clear fingerprint even in how exactly you move your finger.
Websites don’t just get a “swipe” command. They know exactly where your finger is on the screen at any given moment.
What other tabs were open? 👀
It’s been a few years since I was invested in this topic, but I think the “meta” for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.
Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.
Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.
Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don’t want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.
For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a “blocks JavaScript flag” is just a single unique identifier.
Sandboxing and siloing can also mitigate some of the risk, and is relatively painless once implemented.
All of it comes down to threat model and motivation. You can probably get like 70% better privacy/security for 20% of the work, which is a good standard for a typical usecase/person. Install ublock, disable some of the higher risk and less useful tracking (websites don’t need my fucking battery and gyroscope).
Diminishing returns start to hit hard, in part due to the passive fingerprinting / active tracking tension, due to cloudflare, due to everyone around you that doesn’t give a shit. Anything on the other end of the risk spectrum should just be done without a smartphone in the vicinity, if possible.
Well then I am glad that it got most of it wrong. I don’t even put thaat much emphasis on fingerprinting countermeasures. Apparently, using Firefox in a private tab is enough.
I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.
That’s it.
Well too bad!
🗿
the data is still there tho
Can’t trust vibecoded website tbh cause they’re just saying BS there, as longest the javascripts off, it wouldn’t be able to obtain the obvious data of your devices
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
If you’re referring to browser user agent, then yes it’s trackable but other than that it is useless with no JS cause it can’t access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don’t use “most browser” like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
Whoops, I dunno why it’s formatted weirdly
Because it’s AI-slopped.
Great news. My VPN is working!
I’m not even on VPN and I was located half a country away in Europe
Well they tried
Yeah that was the one part they were way off on for me
I’m glad it acknowledges explains the impacts of anti-fingerprinting measures. I’ve seen some others assume that a random canvas is unique rather than one of the many people randomising it the same way, leading to a false “unique” assessment.
Your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work. The substitution is itself distinctive.
Your browser masked your graphics processor. Firefox and Safari have started returning generic strings — “Mozilla”, “Apple”, “or similar” — instead of the real renderer. The fact that yours did so tells us, with reasonable confidence, which browser you are running. The mask is also a fingerprint.
I like that they covered all the possibilities for the do not track flag, as I saw it as useless from the very start, as by then I realized the honour system didn’t mean shit and it would just be another piece of data.
And yet here they are showing me their webpage in darkmode 😒
I definitely have misleading information on there, which is great, but I probably need more.
Interesting, I wonder how unique the fingerprinting is though, they don’t give you any specific stats.
Is it really possible to identify me with like 1/100 precision for example, if you don’t have my real IP, real country, no trackers, and all you have is a list of fonts, my graphics card, and the browser info?
That’s the magic of fingerprinting. They don’t need what we would consider are the “real” signals like IP address anymore.
They can create a composite value based on boring stuff like the things you mentioned, plus a few others. They can pull fun stuff like the details of your TLS handshake OS, browser, versions of various plugins/addons, etc. Given 20+ signals they can fingerprint you pretty well. They store it and just profile you, follow you around.
VPNs, privacy addons are just more signals to use to fingerprint you. You stand out even more when you try to hide. It’s been this way for a while now.
Is there any way to browse the web without being fingerprinted, short of literally using a separate computer
Really?
No.
It’s been this way for a while. At best, you can use some techniques to provide plausible deniability from a legal perspective.
Not that laws matter anymore.
The best you can do is try to blend in.
I don’t understand why this should be inherently impossible. If you buy a separate device, and use that exclusively for one thing and do not cross-contaminate, that should work to avoid fingerprinting right? And this is all information that your computer is voluntarily providing, and is I assume possible to change independently from the hardware. So why not?
The way and what you type, how you move your mouse, when you browse…
Think we can make things more difficult, but just assume tracked everywhere. Won’t know about browser privacy 0days either for who knows how long.
Some stuff has to be reported accurately for stuff to work well, like screen size. Other stuff can be and is faked, even by Apple out of the box I’m pretty sure.
Not my area of expertise :)
Some stuff has to be reported accurately for stuff to work well, like screen size
Ah yes, CSS, the famously serverside technology
CDNs serve different sizes accordingly I thought? Sometimes. Deliver pages faster without noticeable image compression. Don’t some large sites do this all the time? Based on viewport size
