One thing I find odd is that, on LibreWolf, a lot of these fingerprint tests are disabled or even worse, randomized. How is it able to generate a stable fingerprint?
Perhaps I'm missing it but does it explain what aspects of your setup contribute the most to your score or suggest remedial actions? I wasn't that surprised to find that my standard setup is highly fingerprintable (for one, I use Firefox which alone is enough to single me out in a crowd) but I also tried using a vanilla Chromium install via a popular commercial VPN and still got a rating of 100%.
Running Chrome will make you highly fingerprint-able since it has so many APIs that can identify your hardware and software configurations directly or indirectly. It doesn’t help you “blend in” at all.
Looking at the JS, in the `calculateUniqueScore` function - it is just checking how many features it was able to detect (it gives a weight to each summing up to 100).
It is not checking how unique you are based off of some data-set it has.
This site also has plenty other such "issues"/"bugs" feels like it was quickly vibe-coded without much care.
I recently wrote about the limits of these kinds of fingerprinting tests. They tend to overly focus on uniqueness without taking into account stability. Moreover sample size is often really small which tends to artificially make a lot of users unique
I'm deeply confused by a lot of the privacy discourse here. There seems to be opposing goals between preventing the fingerprinting mechanisms and just preventing uniqueness. Under the "preventing uniqueness" model, my Linux computer with custom Firefox and no fonts, and no js, etc. is the "most fingerprint-able" because it's the most unique. Whereas grandma on Windows and Chrome is "less unique," and therefore in some sense less fingerprint-able.
I think there are a few potential problems with this view that I never see discussed:
- Firefox sends some dummy data when making use of privacy.resistFingerprinting, and so you should get a unique fingerprint _every time_ you visit a site, so the fact alone that you're unique might potentially not matter if you're _differently_ unique every time you visit the site. Is there a flaw in this line of thinking?
- My understanding is that the primary utility of browser fingerprinting is for advertising / tracking. In other words, the bulk of the population an advertiser would actually care about would be the huge middle of the bell curve on Chrome using Windows, not the privacy nuts on Linux with a custom browser config. In other words, if "blending in with the crowd" really worked I would think that tracking companies would fail against the most important and largest part of the user pool. If anything, it's more important to target grandma as she will actually click on ads and buy stuff online compulsively.
Can anyone speak to these points? I often feel like the pro-privacy people are just crawling in the dark and not really aware of that real-world tracking is actually occurring vs. what might be possible in a research paper. Maybe I'm just the one that's confused?
Ah... I was here wondering why browsers don't just run sites in a built-in virtual containers..allowing the same reports of the same hardware for everyone. especially for WebGL and canvas fingerprinting.
I suppose someone might say it is about performance of going through a virtual layer? I understandit might break specialized 3D web-apps...but for common web-browsing? idk. Do people regularly use web-based app that need direct access to a GPU to be fast and functional? But surely, an exceptions list could work.
Interesting, even with a VPN on mobile safari on an iPhone over a carrier connection I get a uniqueness score of 100%. This is a neat tool, but I'm skeptical of its accuracy. I've run similar tests of uniqueness in the past and this just isn't accurate.
Well, perhaps my system is better than I thought. The site could not resolve anything until I turned JavaScript on (JS off is my normal default state)—it continued to poll and displayed nothing indefinitely (had to be terminated).
When I turned JS on it could not determine my machine type, got screen reso wrong and it provided incorrect location info (map and coordinates were wrong). Moreover the browser type was incorrect (but then I automatically randomize the browser type on each launch).
26 comments
[ 4.5 ms ] story [ 56.1 ms ] threadDoesn't even detect common browser extensions.
You cannot expect people to technically protect themselves from tracking.
(you can invite them to not use abusing services though)
It is not checking how unique you are based off of some data-set it has.
This site also has plenty other such "issues"/"bugs" feels like it was quickly vibe-coded without much care.
> This can happen due to several reasons:
> [...] JavaScript Errors: When any of the 24+ fingerprint collection methods throws an error [...]
So when any of the browser APIs it exploits aren't available, it just fails instead of using that as a datapoint in itself. I'm unimpressed.
https://blog.castle.io/what-browser-fingerprinting-tests-lik...
I think there are a few potential problems with this view that I never see discussed:
- Firefox sends some dummy data when making use of privacy.resistFingerprinting, and so you should get a unique fingerprint _every time_ you visit a site, so the fact alone that you're unique might potentially not matter if you're _differently_ unique every time you visit the site. Is there a flaw in this line of thinking?
- My understanding is that the primary utility of browser fingerprinting is for advertising / tracking. In other words, the bulk of the population an advertiser would actually care about would be the huge middle of the bell curve on Chrome using Windows, not the privacy nuts on Linux with a custom browser config. In other words, if "blending in with the crowd" really worked I would think that tracking companies would fail against the most important and largest part of the user pool. If anything, it's more important to target grandma as she will actually click on ads and buy stuff online compulsively.
Can anyone speak to these points? I often feel like the pro-privacy people are just crawling in the dark and not really aware of that real-world tracking is actually occurring vs. what might be possible in a research paper. Maybe I'm just the one that's confused?
I do not see how this is better
Yay, I am safe. I use Brave. Everyone should use Brave.
I suppose someone might say it is about performance of going through a virtual layer? I understandit might break specialized 3D web-apps...but for common web-browsing? idk. Do people regularly use web-based app that need direct access to a GPU to be fast and functional? But surely, an exceptions list could work.
I am sure I am missing something, but what?
When I turned JS on it could not determine my machine type, got screen reso wrong and it provided incorrect location info (map and coordinates were wrong). Moreover the browser type was incorrect (but then I automatically randomize the browser type on each launch).