I hope it is a joke (pretty good one if it is), but on an off-chance it is not: it is entirely plausible that you are the first Brave browser user to visit the site (or at least Brave of that version).
Are you sure you're looking only the "User Agent"? The text at the top is describing your entire "browser fingerprint." It includes everything the server could gather from you. Including cookies, browser version, width/height of the window, etc.
In case it's not clear, uniqueness should be seen as bad in this case. It means you can be tracked.
No idea what it means, but I am also curious. I literally just installed Brave on IOS before checking it out, so I tried it on IOS Chrome and the fingerprint was still unique.
I think it might just mean that we leak waaaay more data than most of us realize...
There's more than one iPhone, more than one IOS version and more than one version of safari. Multiply the odds of someone having your exact setup AND browsing this site.
Panopticlick is interested in solving a problem (and considerable progress has been made on that), this site is as it's name suggests here to sell you on a belief.
It'll cheerfully tell an unlimited number of identical browsers that they're "unique" because that's the message it is here to sell.
If it gave these supposedly "Unique" browsers an actually unique identifier they'd be able to compare it and see that they're not so "unique" as claimed or worse that the same browser gets different "unique" identifiers and so they aren't identifiers at all. So that's why it doesn't do that.
Interestingly this led me to notice Firefox limits hardware concurrency to a max of 16, changeable in about:config via the key dom.maxHardwareConcurrency
It achieved something: it serves as evidence that companies absolutely need to be beaten into submission with heavy-handed regulation of data collection, because they can't play nice on their own.
Honestly, I had always suspected a long term game like this was the actual intent. The EFF wants to say "SEE? They can't claim ignorance, they know people's intent and they're depraved in their indifference!". No one earnestly believed this would directly enhance privacy.
But frankly, all of this is just trying to negotiate with black hats. Any company actually acquiescing to rules for privacy will find themselves out-bid by companies who can claim they have better data by operating outside the law. These protocols are using the general public's privacy as sacrificial fuel to accomplish their impossible aims. It's a whole lot of wasted effort.
I wish the EFF would figure this out, It's impossible to law away a technological reality.
From what I understand GDPR was supposed to guarantee opt-out by default and this is widely adopted. Instead of having stupid popups on every single website asking us to agree to their tracking policies, wouldn't it make more sense to enforce a law that says they should respect the setting expressed in the header and users must not be bothered?
I think we'll probably see a wave of enforcement actions at some point that address some of this stuff.
There are still companies that hide the opt-outs in places I can't find after a lot of poking around (Oath, I'm looking at you), and a lot who will make the 'no tracking' button on their pop-up small and greyed out, and then ask you to confirm it using weird language like a link saying "Leave" that actually takes you back to what you were trying to read.
This makes me curious; has anyone tried making an extension to randomly choose for each request whether or not to send "Do Not Track"? There are probably a lot of other settings that similarly don't affect the page in any visible way that could also be randomized as well. I doubt I'm the first person to think of this!
Unless everyone was doing this, it'd be worse as you'd be in the few who have this extension (which sounds like it can trivially be tested by a webpage making a couple of requests).
Better remove the DNT header from this point of view.
Most of these fields you don't want to disable or spoof because either it breaks your web experience (imagine images randomly not loading because you spoofed your headers and the server thinks your browser supports .whatever or because you emptied the list and the server doesn't know what to send) or because it makes you unique (having your build id be "" is certainly more unique than whatever others actually use).
The tests you can spoof like the canvas fingerprinting where it doesn't break the canvas and the results are already so spread out being unique isn't an identifier itself are already built into a lot of browsers. The site doesn't really acknowledge this though, it just says "you're unique" without checking if it's a different unique value each time in which case it doesn't identify you at all.
The Canvas fingerprint is the biggest one, as it relies on different forms of hardware acceleration which is based on GPU+CPU+configs for your computer and browser.
Can't be that hard, considering Firefox allows for blocking Canvas fingerprinting in its settings, and the site indeed shows that my canvas data is shared with around 6% of the users, so definitely not unique.
The problem with this is the less unique you are, the more you start looking like a bot. The more you look like a bot the more times you have to do things to prove you aren't, like captchas
But I only care about filling captchas on say banking websites, which is approximately happens once a month.
The rest, I just close the tab: the content never worth it.
The most obnoxious ads don't care about captchas, they just blast you with ads from your previous search keywords/browsing history.
p.s. Would the amount of captchas reduce if we take not the top most non-unique fingerprint, but say "slightly below average"? It will be still severely non-unique for ads purposes.
> It's a cat and mouse game as fingerprint parameters keep increasing, but I think it's possible to win this one.
I don't think it's possible to win this one without dramatic changes to the web (e.g. abandon JS). Panopticlick was started 10 years ago, fingerprinting was pretty well known about back then, and though browser vendors have started adding defenses, it has evidently done nothing as the amount of data you can gather via scripts keeps only increasing and blocking some vectors would break some sites.
The situation was dire 10 years ago, it hasn't gotten better, it's not getting better. If anything it's now just worse because of so many idiots writing sites that don't really work at all with JS disabled.
The most practical approach I can think of that you could employ right now is to move browsers to run on headless servers (instead of the user's computer) and let them stream the rendered page to your client. It's still got plenty of issues, and javascript is making it hard to do it right and have a good UX. Fuck javascript and everyone who uses it without degrading gracefully.
It's doesn't "send the data" so much as "a general purpose UI platform cannot work unless a program knows the configuration of the UI". The idea that your complex computing environment could have an arbitrary complex conversation with an app, and not expose its identity, while perhaps desirable, it impractical.
You can browser behind a generic user-agent firewall, but you'll get a severely degraded experience that treats an Apple watch the same as a desktop workstation.
It's not just about design. For instance there is Canvas and WebGL for interactive content. Different GPU's draw things slightly differently. Someone creates a canvas in the background, draws stuff, reads it back and since your machine has a particular way of drawing things (because of GPU design, drivers, different browser implementations of the painting stack) you can be tracked. Same goes for audio capabilities. If you don't want multimedia, then fine, it is slightly easier. Then the server can probably try to track you with your upload / download speed, ping etc. They can tax your cpu to see how fast it is. Then they get your browser width / height. Combine them and you can be tracked pretty accurately. There are countless avenues for fingerprinting.
Well, sure, but at the hardware level, more standardization is possible too. If you have a popular model of computer and it's the same as everyone else's computer, it's hard to get much out of identifying it. This is kind of what Apple does by offering a limited number of models.
Another approach would be to use standardized VPN's that hide client machine differences.
There are downsides, of course. I'm not sure people care about fingerprinting enough to do all that.
I didn't sign up for "a general purpose UI platform". I got on board when it was a hypertext publication system. They've been boiling this frog for 25 years.
Every year, I'm less and less convinced that JavaScript is desirable to have in a web browser.
I've heard of a similar phenomenon where hackers probing a system can fingerprint different software stacks based on what they get as responses to different "undefined behavior" inputs. Anything that communicates with the outside world is intrinsically giving up some information about itself.
Alright, so how do I fix the unique ones like Canvas?
Edit: To block canvas fingerprinting I set `privacy.resistFingerprinting` to true in Firefox's about:config. Now I am trying to figure out how to disable the font list and Media devices, etc.
I am unique through the useragent. Apparently Brave and Chrome both put the device model of your phone into the useragent string. It also contains your OS version and Chromium version. I guess those three points alone are able to very significantly narrow you down.
Nope. Not at all. There is a browser[1] that tries to hide this stuff for you (it's the FF-derived TOR browser w/o the TOR bit). That should be a good start.
User-Agent is divulged publicly with all requests to all sites, so no protections exist around using it, because it is freely offered up by the user without requiring consent.
Client Hints have to be specifically requested by the remote website, which demonstrates intent to collect data, and thus falls under data collection laws.
> User-Agent is divulged publicly with all requests to all sites, so no protections exist around using it, because it is freely offered up by the user without requiring consent.
This seems like an argument you'd lose if your website failed to respond to requests that were missing the User-Agent.
I am really skeptical about the UA uniqueness fraction. I am on the latest version of Chrome on Windows and it claims that 0.17% of the people visiting the site have the same UA string. Mine is:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
for what it's worth. Can it really be that only two in a thousand people visiting the site in the last seven days have the latest version of Chrome? Or does Chrome just update so often that very few people tend to have the same version at any one time. (If the latter, that suggests that maybe it's not a very strong tracking signal.) It seems more likely to me that the data is just stale but I guess I don't know much about the true distribution of Chrome useragents.
What does it mean when i load the test, and it says i'm unique, and then i go back five minutes later without changing anything and it says i'm still unique?
are they tracking that i've run the test before, verifying that i'm me, and telling me i'm still unique, or is my fingerprint differing between two subsequent tests?
also, i'm suspicious about some of these values - only 0.13% of people have a querty keyboard layout? Only 7% of tests have no gyroscope? That doesn't sound right.
that doesn't sound too far out of whack to me, considering the user-agent string changes every time your OS version and your browser version increment.
Why would the most recent version Google makes available to my Pixel 3a phone be different from the most recent version Google makes available to anyone else?
It wouldn't be, they're almost certainly doing something wrong on the back end. I sent identical requests on multiple IPs spaced out over some time, and each one of them returned as being "unique". Even though the e.g. UA values were in fact the same. I suspect some kind of aggressive dedupe of things that look too similar, or some such.
Since users of evergreen browsers will have frequently changing version number strings, the history of snapshots of these fingerprints is time sensitive. This serves to artificially inflate the uniqueness, as an identical device using the same evergreen browser 1 month, or 2 week ago, will not match you now, but would match if they revistited with their now updated browser.
To be useful, fingerprinting techniques need to somehow be robust against always increasing version numbers of evergreen browsers in ways that this website is not.
Is there something actionable I can take based on the results of this page? E.g. is there some Firefox add-on that obfuscates attributes used for fingerprinting?
That's across "all time", not just the last 7 days.
But for the last 7 days, Firefox has over 300%, and Windows over 285%. Gecko is over 700%. Screen left of 0 is 250%. -- I'm guessing some kind of calculation error?
I tried it myself in Tor Browser, and I think this conclusion "You can most certainly be tracked" is highly misleading. Without JavaScript, the only information collected by the website is the headers sent by the browser, listed below...
> User agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 (all time: 2.19% / 30 days: 10.80%)
Surely, there are ways to track users without JavaScript, but none of them is inspected by the website. The website only inspects the headers, and from the listed information above, the tracker doesn't learn anything more than "This user is running the latest release of Tor Browser with JavaScript disabled", and at least 100,000 people are doing it right now.
But because the sample size of this website is limited, it only sees the fact that these attributes seem to be a very small percentage of the overall traffic, while ignoring the fact that these headers are generic, it makes the conclusion.
> "You can most certainly be tracked"
Which is misleading. A Tor Browser with JavaScript disabled is still one of the most difficult browsers to track.
The website actually tells you that,
> But only 1440 browsers out of the 1560340 observed browsers (<0.01 %) have exactly the same fingerprint as yours.
If you are the only person using the latest version of Tor Browser to access this website with JavaScript disabled, yes, you can be tracked as a "Tor user without JavaScript", and if you enter personal information, your identity can be crosstracked between websites (if you are still the only Tor user with JavaScript disabled). Otherwise, not much.
Interestingly, when a new Tor Browser release comes out, there will always be an user to upgrade the browser before everyone else, then goes to a fingerprint testing website, tests the browser, and says "OMG! I'm unique and trackable!". In this case, don't panic, just keep using it, you won't be unique anymore within a week.
Sites like this and the EFF’s panopticlick err on the side of saying you can be tracked when that might not be true.
For example: I visited this same site a while ago with the same device, and both times it has said I was unique. A new version of iOS came out, so my user agent changed. Unless sites are also storing unique data on your machine (through cookies or localstorage), browser fingerprinting is a crapshoot. This goes double for mobile devices.
Another unusual circumstance is when you're the first users who have just installed the latest software update, a fingerprint testing website will identify you as an unique user. But you won't be unique anymore within a few days.
It happens a lot in the Tor mailing list. Often, a new major release of Tor Browser comes out, a user is shocked by the upgrade, "OMG! I'm unique and trackable!". Don't panic, just keep using it.
Of course most sites that try to track you are also storing cookies or local storage. It only takes one to tie your two unique fingerprints together... of course your IP address might suffice. Or account/email address, if you're logged into a site that shares data with third parties and use the same address.
I'm sure someone's also devised a way to guess how to bind two fingerprints together when OS or browser updates but many other parameters (timezone, ip, language, screen size, fonts, etc) remain similar enough.
Would I be right in saying that if you use iOS safari (which a decent number of mobile users use) you are not very unique at all and any tracking based on browser fingerprinting is pretty useless? (Or is it the combination of a non unique browser fingerprint with a slightly more targeted origin IP address from the ISP) that makes it almost worth/possible trying to identify a person without cookies?
I was quite surprised that on my iPhone 8 Plus with iOS 13 I was totally unique apparently. How exactly could that be possible if this is a device where I cannot install any plugins, change fonts, or really do anything to make it more or less different to another iPhone?
My fonts alone makes me pretty unique it seems (<0.01%). 180 or so fonts that the browser is happy to share with the world. Does seem a little unnecessary.
Firefox's preference is "font.system.whitelist". You can specify a list of which fonts are exposed to web content (such as the default set shipped with your OS). The preference is used by the Tor browser.
Does Safari actually do something similar? On my Mac, amiunique.org reports 344 fonts in Safari, 331 in Firefox (not using "font.system.whitelist"), and 309 in Chrome.
AZERTY gave me 0.03%, even though France and Belgium together have >1% of the world population, and definitely more than one percent of all internet users.
Apparently I'm the only person in the world using linux-5.4.14-zen with a Radeon VII. Which would be kinda cool if that information wasn't being broadcast to every site I visit.
The problem is that even if you can disable this one, it's enabled by default and browserv vendors keep adding this shit without any concern for the privacy impact.
Remember that you are unique in the list of visitors to this website. That is a limited group. You are probably unique anyway, but the numbers here are not acurate.
I switched to 30d because with browser update cycles "all time" is kinda useless, imho.
> Content language 31.51% en-US,en;q=0.5
This is a default Firefox. I didn't change anything. Surely there's probably only Chinese that has more users of this language?
I'm not even an American or in the US... (all time it was just below 30%, not teal-colored, but already orange..)
Also why is the JS result for Content language 35.40%?
Whereas my list of plugins is 46.2% (higher value seems better) - but I'm absolutely sure there's at least one uncommon one among them...
Hardware concurrency 16 is really interesting, 3.32%, probably all fellow Ryzen users.
TLDR: Surely there are some of those properties where it absolutely makes sense to avoid the uniqueness, but others seem a bit like bullshit metrics.
But on the other hand, my user agent (OS+Browser) = 7.37% is a really good sign for me. I find this a very, very high percentage. (Ok, it's Win10+Firefox, but still...)
I fired up Chrome (I'm a Firefox user too), and for content-language it showed "en-US,en;q=0.9" (FF is q=0.5), so I guess each language is broken down into a few buckets.
245 comments
[ 4.6 ms ] story [ 114 ms ] threadIn case it's not clear, uniqueness should be seen as bad in this case. It means you can be tracked.
Version 1.2.43 Chromium: 79.0.3945.130 (Official Build) (64-bit)
I think it might just mean that we leak waaaay more data than most of us realize...
A better site with similar functioning is: https://panopticlick.eff.org/
this tool said it is.
It'll cheerfully tell an unlimited number of identical browsers that they're "unique" because that's the message it is here to sell.
If it gave these supposedly "Unique" browsers an actually unique identifier they'd be able to compare it and see that they're not so "unique" as claimed or worse that the same browser gets different "unique" identifiers and so they aren't identifiers at all. So that's why it doesn't do that.
Brilliant and terrible.
https://en.wikipedia.org/wiki/Do_Not_Track
https://developer.apple.com/documentation/safari_release_not...
So we're going to ask the profit-motivated bad-actors across the web to pretty-please exempt us from your tracking because we asked nicely?
And we need to hide this away in settings and have it default-off because otherwise how will they know we really meant it?
It's like it was designed by someone with an early 90s understanding of the web, and no comprehension whatsoever of just how awful marketing can be.
Tracking should never be opt-out in the first place, and it needs to be fought with technological and legal measures, not silly http request flags.
But frankly, all of this is just trying to negotiate with black hats. Any company actually acquiescing to rules for privacy will find themselves out-bid by companies who can claim they have better data by operating outside the law. These protocols are using the general public's privacy as sacrificial fuel to accomplish their impossible aims. It's a whole lot of wasted effort.
I wish the EFF would figure this out, It's impossible to law away a technological reality.
There are still companies that hide the opt-outs in places I can't find after a lot of poking around (Oath, I'm looking at you), and a lot who will make the 'no tracking' button on their pop-up small and greyed out, and then ask you to confirm it using weird language like a link saying "Leave" that actually takes you back to what you were trying to read.
Better remove the DNT header from this point of view.
The tests you can spoof like the canvas fingerprinting where it doesn't break the canvas and the results are already so spread out being unique isn't an identifier itself are already built into a lot of browsers. The site doesn't really acknowledge this though, it just says "you're unique" without checking if it's a different unique value each time in which case it doesn't identify you at all.
The Canvas fingerprint is the biggest one, as it relies on different forms of hardware acceleration which is based on GPU+CPU+configs for your computer and browser.
1. Find out the top non-unique fingerprint [of the year.]
2. Create a Firefox add-on (or modify Firefox source if an add-on is not powerful enough), which uses the most non-unique fingerprint [this year.]
3. Targeted advertising ends for those who use the plug-in/add-on.
It's a cat and mouse game as fingerprint parameters keep increasing, but I think it's possible to win this one.
But I only care about filling captchas on say banking websites, which is approximately happens once a month.
The rest, I just close the tab: the content never worth it.
The most obnoxious ads don't care about captchas, they just blast you with ads from your previous search keywords/browsing history.
p.s. Would the amount of captchas reduce if we take not the top most non-unique fingerprint, but say "slightly below average"? It will be still severely non-unique for ads purposes.
Although that doesn't fix everything
I don't think it's possible to win this one without dramatic changes to the web (e.g. abandon JS). Panopticlick was started 10 years ago, fingerprinting was pretty well known about back then, and though browser vendors have started adding defenses, it has evidently done nothing as the amount of data you can gather via scripts keeps only increasing and blocking some vectors would break some sites.
The situation was dire 10 years ago, it hasn't gotten better, it's not getting better. If anything it's now just worse because of so many idiots writing sites that don't really work at all with JS disabled.
The most practical approach I can think of that you could employ right now is to move browsers to run on headless servers (instead of the user's computer) and let them stream the rendered page to your client. It's still got plenty of issues, and javascript is making it hard to do it right and have a good UX. Fuck javascript and everyone who uses it without degrading gracefully.
You can browser behind a generic user-agent firewall, but you'll get a severely degraded experience that treats an Apple watch the same as a desktop workstation.
Another approach would be to use standardized VPN's that hide client machine differences.
There are downsides, of course. I'm not sure people care about fingerprinting enough to do all that.
Every year, I'm less and less convinced that JavaScript is desirable to have in a web browser.
Edit: To block canvas fingerprinting I set `privacy.resistFingerprinting` to true in Firefox's about:config. Now I am trying to figure out how to disable the font list and Media devices, etc.
1: https://www.whonix.org/wiki/SecBrowser
https://groups.google.com/a/chromium.org/forum/#!msg/blink-d...
User-Agent is divulged publicly with all requests to all sites, so no protections exist around using it, because it is freely offered up by the user without requiring consent.
Client Hints have to be specifically requested by the remote website, which demonstrates intent to collect data, and thus falls under data collection laws.
This seems like an argument you'd lose if your website failed to respond to requests that were missing the User-Agent.
Then sites that need some information can get it, but won't be allowed to get so much identifying information that you're unique.
(Disclosure: I work for Google)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
for what it's worth. Can it really be that only two in a thousand people visiting the site in the last seven days have the latest version of Chrome? Or does Chrome just update so often that very few people tend to have the same version at any one time. (If the latter, that suggests that maybe it's not a very strong tracking signal.) It seems more likely to me that the data is just stale but I guess I don't know much about the true distribution of Chrome useragents.
I’m using the current iPad mini, which is 10 months old, with the current os version. I highly doubt I’m that unique.
are they tracking that i've run the test before, verifying that i'm me, and telling me i'm still unique, or is my fingerprint differing between two subsequent tests?
also, i'm suspicious about some of these values - only 0.13% of people have a querty keyboard layout? Only 7% of tests have no gyroscope? That doesn't sound right.
'AmIUniqueId', expires Mon, 25 May 2020 12:28:29 GMT
To be useful, fingerprinting techniques need to somehow be robust against always increasing version numbers of evergreen browsers in ways that this website is not.
But for the last 7 days, Firefox has over 300%, and Windows over 285%. Gecko is over 700%. Screen left of 0 is 250%. -- I'm guessing some kind of calculation error?
> User agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 (all time: 2.19% / 30 days: 10.80%)
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 (all time: 52.15% / 30 days: 37.04%)
> Content encoding: gzip, deflate, br (all time: 66.35% / 30 days: 92.02%)
> Upgrade Insecure Requests: 1 (all time: 27.33% / 30 days: 85.86%)
> Referer: https://amiunique.org/ (all time: 16.55% / 30 days: 60.97%)
> JavaScript disabled (all time: 4.70% / 30 days: 14.09%)
Surely, there are ways to track users without JavaScript, but none of them is inspected by the website. The website only inspects the headers, and from the listed information above, the tracker doesn't learn anything more than "This user is running the latest release of Tor Browser with JavaScript disabled", and at least 100,000 people are doing it right now.
But because the sample size of this website is limited, it only sees the fact that these attributes seem to be a very small percentage of the overall traffic, while ignoring the fact that these headers are generic, it makes the conclusion.
> "You can most certainly be tracked"
Which is misleading. A Tor Browser with JavaScript disabled is still one of the most difficult browsers to track.
The website actually tells you that,
> But only 1440 browsers out of the 1560340 observed browsers (<0.01 %) have exactly the same fingerprint as yours.
If you are the only person using the latest version of Tor Browser to access this website with JavaScript disabled, yes, you can be tracked as a "Tor user without JavaScript", and if you enter personal information, your identity can be crosstracked between websites (if you are still the only Tor user with JavaScript disabled). Otherwise, not much.
Interestingly, when a new Tor Browser release comes out, there will always be an user to upgrade the browser before everyone else, then goes to a fingerprint testing website, tests the browser, and says "OMG! I'm unique and trackable!". In this case, don't panic, just keep using it, you won't be unique anymore within a week.
For example: I visited this same site a while ago with the same device, and both times it has said I was unique. A new version of iOS came out, so my user agent changed. Unless sites are also storing unique data on your machine (through cookies or localstorage), browser fingerprinting is a crapshoot. This goes double for mobile devices.
It happens a lot in the Tor mailing list. Often, a new major release of Tor Browser comes out, a user is shocked by the upgrade, "OMG! I'm unique and trackable!". Don't panic, just keep using it.
I'm sure someone's also devised a way to guess how to bind two fingerprints together when OS or browser updates but many other parameters (timezone, ip, language, screen size, fonts, etc) remain similar enough.
I’m running safari, private mode, plus a single content blocker app.
Wow I didn't know it reveals the GPU
Firefox has an about:config preference that would let you set up a font whitelist yourself, but it doesn’t have a standard set.
https://bugzilla.mozilla.org/show_bug.cgi?id=1121643
Does Safari actually do something similar? On my Mac, amiunique.org reports 344 fonts in Safari, 331 in Firefox (not using "font.system.whitelist"), and 309 in Chrome.
So anything that's not QWERTY nor "unsupported" makes up the remaining ~95%?
I'm running a stock Windows 10. Microsoft Edge with Ublock Origin as only browser extension.
Software installed is Visual Studio, Visual Studio Code, NVidia CUDA development System, Erlang Dev System, and Microsoft Office. That's it.
You'd think there would at least be "dozens" of us. Nope:
> Your full fingerprint is unique among the 1572109 collected so far.
User Agent is < .01%
> Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4023.0 Safari/537.36 Edg/81.0.396.0
and my fonts are < .01%
> Agency FB, Aharoni, Algerian, Arial, Arial Black and 171 others
Other < .01% are "WebGL Parameters", "Connection" and "Navigator Properties"
A bit surprised that it doesn't even need to do any fancy combinations of identifiers to get a uid in my case.
Really wonder how I can hide that information from my browser...
> Content language 31.51% en-US,en;q=0.5
This is a default Firefox. I didn't change anything. Surely there's probably only Chinese that has more users of this language?
I'm not even an American or in the US... (all time it was just below 30%, not teal-colored, but already orange..)
Also why is the JS result for Content language 35.40%?
Whereas my list of plugins is 46.2% (higher value seems better) - but I'm absolutely sure there's at least one uncommon one among them...
Hardware concurrency 16 is really interesting, 3.32%, probably all fellow Ryzen users.
TLDR: Surely there are some of those properties where it absolutely makes sense to avoid the uniqueness, but others seem a bit like bullshit metrics.
But on the other hand, my user agent (OS+Browser) = 7.37% is a really good sign for me. I find this a very, very high percentage. (Ok, it's Win10+Firefox, but still...)
A basic Microsoft Edge installation with en-GB content language header has a similarity ratio of 0.18% -- really?
Java enabled: true -- 0.26%
Java enabled: false (on Brave) -- 8.75%
en-GB would start below 5%, having en-GB on edge means someone would have to be using edge (under 1%) and not on the mobile for a mobile first site.
Keeping a current java version enabled is difficult. Each browser update, each java update disables java by default now.
Could be a small Brave sample size.