46 comments

[ 1059 ms ] story [ 2259 ms ] thread
Hi HN,

I’ve been experimenting with ways to reduce my browser fingerprint and exploring techniques to anonymize fingerprint data.

So I built this.

This is kind of like a lighter, more thorough version of CreepJS but entirely client side. I don’t maintain massive lists of time zones or do server-side comparisons to calculate uniqueness. Instead, it automatically surfaces everything a browser exposes, explaining each item in detail.

Hi, thank you for going through the trouble of putting this together. This sort of service is invaluable as it allows us clueless people to be mindful about something that negatively impacts our life.

Here's a suggestion: it's important to show us that our browser footprint allows us to be positively identified and tracked, but it only alerts us to a problem. It would be very useful if the site also provided some tips to improve anonymity, particularly if it's low-effort changes such as tweaking a couple of config changes.

There's a mis-understanding of at least the Graphics part. For example WebGPU features. It looks like lots of info

https://webgpureport.org/

But, they are bucketed

https://www.w3.org/TR/webgpu/#privacy-considerations

It's not zero pieces of info but it's also not close to as bad as it looks. Effectively, everyone who has, say an NVidia GPU, will likely have the same list of features and limits.

As a more general example: The number is just a flat out wrong

> Unique to 1 in 2,147,483,648+ devices.

No, I have an iPhone Pro and am in the PST time zone, set to English. It has the exact same finger print as millions of other devices among the 40 million people in the PST time zone. In general, The only things different between 2 iPhones of the same model are time-zone, laguange setting, and font size.

Please STOP EXAGGERATING!

You’re quite welcome to not believe what everyone is telling you.
> This is kind of like a lighter, more thorough version of CreepJS

you walked right by the chance to call it WeirdoJS

I'm really frustrated with these types of websites because they tell me nothing.

What I'd love for these sites to do is help me understand where I am distributionally. How unique am I? On what? Help me understand what needs to be fixed and what my threat vector is.

The problem with these is that I'm always unique. Doesn't matter what browser I'm on or what. If I am unique on a clean Apple laptop in either Safari or Chrome then it is essentially meaningless. I got controlled hardware and vanilla software, how else do you blend into the crowd?

But in the wild sites aren't always implementing all these features. So I want to see if I'm unique to standard site or even one that is a bit more heavy. Importantly HOW unique am I? What things am I not unique, how unique am I, and what are the most unique things about me?

Having that information gives me the ability to do something about it. Without that information then this is just like any other website where essentially the message is "be scared! People can track you on the internet and there's nothing you can do about it!"

(comment deleted)
I get a new fingerprint id everytime I refresh the page (firefox, linux) -- so that might be sampling a tiny bit too much. audio and canvas fingerprint are constant though so it's probably plenty enough...
Interesting!

For me it says 1 in 17,179,869,184+, but scrolling through all the variables, the vast majority should be the same for any MacBook Chrome user.

It would be great to see the stats of each individual characteristic.

I tried various browsers, even the Tor browser, but it keeps showing 'Unique to 1 in 17.179.869.184+ devices'?
May I ask if this code is the result of 'vibe coding'?
What we need is VPB. Virtual Private Browser like VPNs. Essentially standardised cloud browsers that can execute your requests and send you back the result as bitmap buffers.
> Doesn't even load with JS

> Impossible to "expose"

The perks of disabling JS on every site!

seems like brave works well and isn't getting correctly fingerprinted
I could not be more thrilled to see tools like this being built. Without tools to see the problems, we will never fix them
Yet on the flip side, if I’m trying to auto identify my own phone for a login-less private app i tried to build I couldn’t get to reliably generate a consistent fingerprint on safari private mode, it regenerates 50% of the time, I’ve tried several libraries like fingerprintjs and co..
this seems incredibly variable as to be almost useless as any type of "fingerprint" - running the latest version of Chrome on Android, the ID at the top of the page changes each reload.
It’s just a blank page for me on iOS 26.1 Safari with Lockdown Enabled.
Seems like the fingerprint ID is unique on each refresh in Safari, so fingerprint protection working as intended I presume?
This is useless. I think you misunderstand the point of fingerprinting. A powerful fingerprinting algo should strive to detect you as the same person (aprox) while you use two different browsers. A more powerful one will detect you while you use another device. This only detect your current refresh.
Thanks for pointing this out. At first, I was concerned – “Unique to 1 in 2,147,483,648+ devices” – but, my fingerprint ID changes with each page refresh, so there's no tracking possible. I'm using Brave on iOS.
Is it possible and cost-covering to create an ad-sponsored service that discloses what ad networks collect about users - i.e. age, location, preferences, interests, pregnancy, illnesses etc?

Because let’s be honest - all of us know that a lot of data points are being collected about us, countless articles have been written about the insanity of cookie and user-data monetization networks - still it appears to be a privilege to few to tap into that data trove.

I personally haven’t seen an effort to try and make this transparent. Efforts like this page are commendable and informative, much like amiunique or other services - still they lack the tangible information that sharing this information with “the world” reveals about an affected individual.

Why hasn’t this been done yet? Why is this seemingly not trivial?

I want to know how much of my porn habits reddit/fb/google/whoever keep on file.
My understanding that attempts to defeat fingerprinting are often useless because they can tend to make you more, rather than less, unique.

So instead I wonder if we could build an open database of “identities” that our browsers could clone.

That is your browser deliberately reports the whatever is currently the most popular of a set of general identities.

If two people have the same model iPhone and same version of iOS how different or similar would the fingerprints be?

My iPhone is allegedly unique to 1 in 2,147,483,648+ devices.

But I wonder how true that is, given how many people use the same model and iOS version as me.

It reports that my OS is Windows 10 on two different browsers, even though my OS is Windows 7.
Here's another one: https://scrapfly.io/web-scraping-tools/browser-fingerprint They actually delve much deeper, with a wealth of additional data and interesting details.

For example, in the DRM section, they extract the Security Level, like L3 – Software Decode (SW_SECURE_DECODE).

Their WebRTC test is also unique: they utilize a TURN server as a feedback mechanism. That means even if you tamper with WebRTC JS in the browser (like some extensions do), it can still expose your real IP by leveraging UDP and bypassing the proxy altogether. https://scrapfly.io/web-scraping-tools/webrtc-leak