I’ve lost hope. My amiunique.org fingerprint is always unique.
I’d like my web browser to peach less on me. Websites don’t need to know my primary browsing language is en-gb, I’m rather proficient in other written dialects.
They don’t need to fingerprint my audio setup.
It seems like browsers were conceived at a time when surveillance capitalism didn’t exist and they still behave like thar
What I don't understand is, why can't we just have a browser that doesn't give any of those details that is used to determine unique a browser. It doesn't make sense to allow a website to have access to that info.
You mean like the tor-browser? It's not that they don't exist it's more that they're pointless if they're not used by lots of people.
Personally I'm more in favour of randomizing some of the properties. That way you don't need to rely on being unique. In the end it's all about how much information you're transmitting about your identity, and while picking a common value is one way of increasing entropy picking a random value is much more effective.
You don't actually want that. Not giving up those details is information unto itself. You want a browser that gives up the same bits as everyone else's browsers so they can't tell it apart from the others.
Instead of that capability, couldn't there have been, e.g., <input type="font"> instead? Let the website ask the browser to show the user a list of installed fonts, and to pick a single one to tell the website about.
> It seems like browsers were conceived at a time when surveillance capitalism didn’t exist and they still behave like thar
It's worse than that - the world's most popular browser was created by a company which gets most of its competitive advantage and, arguably, revenue from surveillance capitalism. The incentive to make fingerprinting hard is not just 0, it's negative.
Google doesn't like fingerprinting. That may be because they already have all your identities and don't want competition, but they still don't like fingerprinting.
> Google doesn't like fingerprinting. That may be because they already have all your identities and don't want competition
Google sells ads. Of course they don't want you rolling your own fingerprinting. That's their job. I'd need to see a statement signed under oath to believe Google, itself, doesn't fingerprint.
Do we really have reason to believe this matters? Just because amiunique.org identifies users based on all possible metrics available from a website doesn't necessarily mean much:
- We don't know whether other websites actually use this same technique to attempt to identify unique users. In other words, there's no indication that normal commercial websites are taking every possible measure of the browser, assigning a UUID to that configuration, and then attempting to build a fingerprint based on that, rather than just using cookies, and perhaps other, more basic fingerprinting.
- A browser might give different metrics in private browsing mode, due to some plugins operating differently.
- A normal website (eg: google.com) observes a much, much wider list of potential browser configurations than amiunique.org. There's no reason to think that you'd be just as unique when compared to a much wider selection of possible configurations.
- Corporate solutions, such as fingerprint.com _can_ be tricked.
Unfortunately that particular test telling everyone their fingerprint is unique isn't very useful.
Try something like fingerprint.com, close your browser session, go back, and compare IDs.
On Tor Browser or Mullvad Browser, it should generally register each session as your first session, with unique IDs. If not, the useful life of the tracking should be short.
Related to this, being multi-lingual on the web can be annoying. If I set my language to da-DK (my native), some non-danish websites will serve a poorly translated or machine translated version. But if I set it to en-GB a lot of danish web sites will serve an english translation, which I also don't want. I have to fiddle with this setting a lot. I wish I could set da-DK only for .dk TLDs.
If anything we need more settings, and more warning popups to go along with them that list or link to information on some of the breakage users can expect. Inform the user and let them decide.
This is the approach I've been taking. Outside of a handful of websites, the situation has become so intolerable that it's not really worth trying to find a way to safely use the wider web anymore.
Avoid websites which require a specific browser, and specific browser settings to function. In the vast majority of cases there's no reason why a site needs to scan my computer, use webgl, use webrtc, and a million other things which are used to track me. They're built poorly in this way because they're only testing against chrome, and are apathetic about privacy.
I recently had to purchase some audio plug-ins for music production.
I was trying to decide between two bundles by two competing companies. They were pretty even, in my mind, in terms of pros and cons.
Then I discovered that one of the two companies had a website that's broken by basic privacy settings, such as preventing autoplay for videos.
Or write custom clients for any website you care about. Essentially scrapers for every site which will extract and present information without the website's code running.
It's so obviously hilarious that I'm surprised they don't call it out, or if they don't want to draw attention to it, moved it into multiple sentences.
"0.5% of our tinfoil hat purchasers wear it, according to our wearing-telemetry."
Yes, brave has 2 checkboxes in its settings page. One for crash reports and the other for privacy-preserving product analytics (P3A) which is what they are talking about here. Disabling those stops Brave from sending anything to brave endpoints, aside from auto update checks of course.
I mean, this is a press release way of saying they're removing Strict fingerprinting protection, not that it's being simplified.
That said, I get it. I have all the fingerprint protection stuff turned on in Firefox, and it breaks a lot of sites. In fact, it hurts the UX of most of the sites I use a lot, and completely breaks a lot of them. There are some critical websites where I just have to load up Chrome if I'm going to use them at all.
And their point about it being self-defeating if so few people use fingerprinting protection that you can more easily identify them uniquely by the fact that they use it. I've wondered about that myself.
So I think it's cool to get rid of it in their browser, and I like their explanation of the reasoning, I just don't like the weasel-word "simplify" to describe it.
Is there a way to randomize a few inconsequential ones of these on each page load? i.e. subtle canvas rendering changes, report adding or removing a few installed fonts.
I don't understand why this complaint survives, it seems a myth at this point.
Open a fresh install of Brave. No crypto things are happening. There's one button inviting you to enable it, which you can dismiss with 2 clicks. It will never ask again.
Every time I disable a Brave Rewards setting, a new one seems to pop up. It's in the address bar, it's on the startup page, it's in the sidebar quick menu, it's in another section of the startup page, it's in the tab bar when I open the browser settings, the crypto stuff is everywhere.
I wish they'd auto hide all that crap for you after you click "not interested in cryptocurrency stuff".
Sorry I don't really understand your comment (English isn't my native language).
So there was / is a legitimate data structure which stores these affiliate links and someone accidentally used it as a source for the url auto completion?
I assume the legitimate reason to store affiliate links, are things like the widgets on the "new tab" page?
If that really was an honest mistake I'm sorry for spreading stories like this, without checking them first in more detail.
Yeah, the only times I've had problems with it, it was because of WebGL. So I use Standard mode in like 2-3 sites, and Strict everywhere else. This is a bad move IMO
i think that's important because most users will only use the default settings. Firefox would be the clear winner if they didn't use default settings because they give you so much more control and customization than other browsers. Even without add-ons, about:config lets you really lock firefox down.
If it's not then it sure as hell should be. I'll go even further and say it should be considered an illegal search and a violation of personal integrity, both of which justify violence in self-defense.
Tor Browser does letterboxing for anti-fingerprinting of usable window size, which can be kinda painful, with sometimes large margins of lost display space.
Any current thoughts on this, and on Brave's approach?
I see a request for letterboxing in Brave, and a PR that does randomizing of some values instead:
Normally, a browser window has a rectangular area of the display that is "visible" and used for the Web page, with browser controls and scrollbars and window decorations around it.
To a company that wants to identify who the person is (such as to build a profile of the person and sell that information) one way is to "fingerprint" the browser and how it's used. The dimensions of that visible display rectangle help with this, since individuals will often tend to end up with a window size that's more particular to them than of all possible users.
One browser anti-fingerprinting privacy feature targets that telltale rectangle size, with "letterboxing" (different from movie letterboxing). Which means that range of different visible rectangle dimensions of what could be many users get reduced to the same smaller rectangle dimensions. Which (like movie letterboxing) results in large unused margins for all users.
So, say that you have a 1920x1080 native window size, including all the decorations and controls. That's a pretty common size, and doesn't fingerprint you very well at all. But your particular preferences for things like window decorations and font sizes and such narrow that down quite a bit. And if you don't have a common display size, nor a maximized window, but you tend to have the window the same size, that can fingerprint you even more.
With letterboxing, your 1920x1080 native window might give you, say, a 1600x800 display rectangle for the browser page. And a bunch of other people's native windows, of various sizes in the vicinity, and of various desktop settings, will also get the same 1600x800 display rectangle.
With letterboxing, everyone is wasting precious screen space, but they're supposedly harder for adversaries to identify.
I'm not thrilled with the tradeoff here. Though it's easier to stomach when so many Web sites make poor use of the display anyway, I've been desensitized.
(Sorry, I'd make this explanation shorter, if I had more time.)
I don't know about Brave's implementation, but Firefox is lack luster as you can actually see the letter box 99% of the time. I feel like if real resources were poured into it then you could have sites almost look no different. In Firefox it really looks like the developers just made a smaller view port and called it good enough.
> I see a request for letterboxing in Brave, and a PR that does randomizing of some values instead:
randomizing is the better way to go.
Tor's approach to fingerprinting seems misguided to me. Their idea is to make every single user appear to be identical so that you can always tell when someone is using Tor Browser, but you can't track which Tor Browser user a visitor is.
The problem is that new fingerprinting techniques are found all the time, and as soon as even one is discovered that Tor Browser doesn't know about or hasn't updated to address you become 100% trackable.
Instead of trying to always make sure that every browser will produce an identical "Tor Browser" fingerprint and just hoping you account for everything that might go wrong, it seems like the smarter thing to do would be to make sure that every browser (and even every session) used a totally randomized fingerprint. That makes it impossible to track anyone across sites/visits and impossible to even tell the difference between someone using Tor Browser or any other browser that has a unique fingerprint (or randomizes to create one). Most people's browsers are already creating a unique fingerprint, the trick is just to make one person's browser differently unique every time. Every website will see your browser visit them once, but then never again.
86 comments
[ 2.8 ms ] story [ 150 ms ] threadWe remove the privacy settings because otherwise webs won't work.
I’d like my web browser to peach less on me. Websites don’t need to know my primary browsing language is en-gb, I’m rather proficient in other written dialects.
They don’t need to fingerprint my audio setup.
It seems like browsers were conceived at a time when surveillance capitalism didn’t exist and they still behave like thar
Personally I'm more in favour of randomizing some of the properties. That way you don't need to rely on being unique. In the end it's all about how much information you're transmitting about your identity, and while picking a common value is one way of increasing entropy picking a random value is much more effective.
You may dislike the move. For me it has made the linux desktop more feasible.
I can order photos through a print shop online, without having to install a windows-only program (just as an example).
It's good enough that I stopped pirating a copy of Photoshop ages ago. Not perfect, but pretty close to it.
I assumed it was a left over from the early days of the web before fonts were a thing.
A bit of an aside, but I love that their data set consists of 26% Linux users and 41% Firefox users.
It's worse than that - the world's most popular browser was created by a company which gets most of its competitive advantage and, arguably, revenue from surveillance capitalism. The incentive to make fingerprinting hard is not just 0, it's negative.
Google doesn't like fingerprinting. That may be because they already have all your identities and don't want competition, but they still don't like fingerprinting.
Google sells ads. Of course they don't want you rolling your own fingerprinting. That's their job. I'd need to see a statement signed under oath to believe Google, itself, doesn't fingerprint.
Do we really have reason to believe this matters? Just because amiunique.org identifies users based on all possible metrics available from a website doesn't necessarily mean much:
- We don't know whether other websites actually use this same technique to attempt to identify unique users. In other words, there's no indication that normal commercial websites are taking every possible measure of the browser, assigning a UUID to that configuration, and then attempting to build a fingerprint based on that, rather than just using cookies, and perhaps other, more basic fingerprinting.
- A browser might give different metrics in private browsing mode, due to some plugins operating differently.
- A normal website (eg: google.com) observes a much, much wider list of potential browser configurations than amiunique.org. There's no reason to think that you'd be just as unique when compared to a much wider selection of possible configurations.
- Corporate solutions, such as fingerprint.com _can_ be tricked.
Try something like fingerprint.com, close your browser session, go back, and compare IDs.
On Tor Browser or Mullvad Browser, it should generally register each session as your first session, with unique IDs. If not, the useful life of the tracking should be short.
Relevant discussion: https://old.reddit.com/r/TOR/comments/qxt7di/tor_is_still_fi...
Disable JavaScript. That helps a little bit. Keep js off by default on all websites, and enable it by individual bases.
https://addons.mozilla.org/en-US/firefox/addon/disable-javas...
https://apps.apple.com/us/app/stopthescript/id1588394487
Related to this, being multi-lingual on the web can be annoying. If I set my language to da-DK (my native), some non-danish websites will serve a poorly translated or machine translated version. But if I set it to en-GB a lot of danish web sites will serve an english translation, which I also don't want. I have to fiddle with this setting a lot. I wish I could set da-DK only for .dk TLDs.
Then I discovered that one of the two companies had a website that's broken by basic privacy settings, such as preventing autoplay for videos.
I gave my money to the other company.
I think this is likely because people who go on their way to switch to using strict mode are more likely to disable the telemetry as well.
"0.5% of our tinfoil hat purchasers wear it, according to our wearing-telemetry."
That said, I get it. I have all the fingerprint protection stuff turned on in Firefox, and it breaks a lot of sites. In fact, it hurts the UX of most of the sites I use a lot, and completely breaks a lot of them. There are some critical websites where I just have to load up Chrome if I'm going to use them at all.
And their point about it being self-defeating if so few people use fingerprinting protection that you can more easily identify them uniquely by the fact that they use it. I've wondered about that myself.
So I think it's cool to get rid of it in their browser, and I like their explanation of the reasoning, I just don't like the weasel-word "simplify" to describe it.
You guy are actually building a good browser
You cannot mean to imply that Brave is worthless without Eich.
If they could just fix the back-button on Brave iOS so it doesn’t occasionally pick a completely different tab, I’ll be happy.
Technically, in the browser, yes. Culturally, at the organization level, no.
Open a fresh install of Brave. No crypto things are happening. There's one button inviting you to enable it, which you can dismiss with 2 clicks. It will never ask again.
I wish they'd auto hide all that crap for you after you click "not interested in cryptocurrency stuff".
So there was / is a legitimate data structure which stores these affiliate links and someone accidentally used it as a source for the url auto completion?
I assume the legitimate reason to store affiliate links, are things like the widgets on the "new tab" page?
If that really was an honest mistake I'm sorry for spreading stories like this, without checking them first in more detail.
1. https://librewolf.net/
2. https://privacytests.org/
Worst part is, they don’t even mention this…
"Desktop Browsers (default settings)"
Any current thoughts on this, and on Brave's approach?
I see a request for letterboxing in Brave, and a PR that does randomizing of some values instead:
* https://community.brave.com/t/feature-request-letterboxing-i...
* Bug 23170: anti-fingerprinting: hide screen size and window position #13737 https://github.com/brave/brave-core/pull/13737
(Incidentally, that PR number is not quite elite. :)
To a company that wants to identify who the person is (such as to build a profile of the person and sell that information) one way is to "fingerprint" the browser and how it's used. The dimensions of that visible display rectangle help with this, since individuals will often tend to end up with a window size that's more particular to them than of all possible users.
One browser anti-fingerprinting privacy feature targets that telltale rectangle size, with "letterboxing" (different from movie letterboxing). Which means that range of different visible rectangle dimensions of what could be many users get reduced to the same smaller rectangle dimensions. Which (like movie letterboxing) results in large unused margins for all users.
So, say that you have a 1920x1080 native window size, including all the decorations and controls. That's a pretty common size, and doesn't fingerprint you very well at all. But your particular preferences for things like window decorations and font sizes and such narrow that down quite a bit. And if you don't have a common display size, nor a maximized window, but you tend to have the window the same size, that can fingerprint you even more.
With letterboxing, your 1920x1080 native window might give you, say, a 1600x800 display rectangle for the browser page. And a bunch of other people's native windows, of various sizes in the vicinity, and of various desktop settings, will also get the same 1600x800 display rectangle.
With letterboxing, everyone is wasting precious screen space, but they're supposedly harder for adversaries to identify.
I'm not thrilled with the tradeoff here. Though it's easier to stomach when so many Web sites make poor use of the display anyway, I've been desensitized.
(Sorry, I'd make this explanation shorter, if I had more time.)
randomizing is the better way to go.
Tor's approach to fingerprinting seems misguided to me. Their idea is to make every single user appear to be identical so that you can always tell when someone is using Tor Browser, but you can't track which Tor Browser user a visitor is.
The problem is that new fingerprinting techniques are found all the time, and as soon as even one is discovered that Tor Browser doesn't know about or hasn't updated to address you become 100% trackable.
Instead of trying to always make sure that every browser will produce an identical "Tor Browser" fingerprint and just hoping you account for everything that might go wrong, it seems like the smarter thing to do would be to make sure that every browser (and even every session) used a totally randomized fingerprint. That makes it impossible to track anyone across sites/visits and impossible to even tell the difference between someone using Tor Browser or any other browser that has a unique fingerprint (or randomizes to create one). Most people's browsers are already creating a unique fingerprint, the trick is just to make one person's browser differently unique every time. Every website will see your browser visit them once, but then never again.
[1] https://github.com/mapbox/mapbox-gl-js/issues/10518
[2] https://github.com/mapbox/mapbox-gl-js/issues/8377