Show HN: Explore what the browser exposes about you (neberej.github.io)
I built a tool that reveals the data your browser exposes automatically every time you visit a website.
GitHub: https://github.com/neberej/exposedbydefault
Demo: https://neberej.github.io/exposedbydefault/
Note: No data is sent anywhere. Everything runs in your browser.
46 comments
[ 1059 ms ] story [ 2259 ms ] threadI’ve been experimenting with ways to reduce my browser fingerprint and exploring techniques to anonymize fingerprint data.
So I built this.
This is kind of like a lighter, more thorough version of CreepJS but entirely client side. I don’t maintain massive lists of time zones or do server-side comparisons to calculate uniqueness. Instead, it automatically surfaces everything a browser exposes, explaining each item in detail.
Here's a suggestion: it's important to show us that our browser footprint allows us to be positively identified and tracked, but it only alerts us to a problem. It would be very useful if the site also provided some tips to improve anonymity, particularly if it's low-effort changes such as tweaking a couple of config changes.
https://webgpureport.org/
But, they are bucketed
https://www.w3.org/TR/webgpu/#privacy-considerations
It's not zero pieces of info but it's also not close to as bad as it looks. Effectively, everyone who has, say an NVidia GPU, will likely have the same list of features and limits.
As a more general example: The number is just a flat out wrong
> Unique to 1 in 2,147,483,648+ devices.
No, I have an iPhone Pro and am in the PST time zone, set to English. It has the exact same finger print as millions of other devices among the 40 million people in the PST time zone. In general, The only things different between 2 iPhones of the same model are time-zone, laguange setting, and font size.
Please STOP EXAGGERATING!
you walked right by the chance to call it WeirdoJS
What I'd love for these sites to do is help me understand where I am distributionally. How unique am I? On what? Help me understand what needs to be fixed and what my threat vector is.
The problem with these is that I'm always unique. Doesn't matter what browser I'm on or what. If I am unique on a clean Apple laptop in either Safari or Chrome then it is essentially meaningless. I got controlled hardware and vanilla software, how else do you blend into the crowd?
But in the wild sites aren't always implementing all these features. So I want to see if I'm unique to standard site or even one that is a bit more heavy. Importantly HOW unique am I? What things am I not unique, how unique am I, and what are the most unique things about me?
Having that information gives me the ability to do something about it. Without that information then this is just like any other website where essentially the message is "be scared! People can track you on the internet and there's nothing you can do about it!"
No idea how representative either tool is.
For me it says 1 in 17,179,869,184+, but scrolling through all the variables, the vast majority should be the same for any MacBook Chrome user.
It would be great to see the stats of each individual characteristic.
It's important to point out fingerprinting, yet no ordinary user cares.
> Impossible to "expose"
The perks of disabling JS on every site!
Because let’s be honest - all of us know that a lot of data points are being collected about us, countless articles have been written about the insanity of cookie and user-data monetization networks - still it appears to be a privilege to few to tap into that data trove.
I personally haven’t seen an effort to try and make this transparent. Efforts like this page are commendable and informative, much like amiunique or other services - still they lack the tangible information that sharing this information with “the world” reveals about an affected individual.
Why hasn’t this been done yet? Why is this seemingly not trivial?
So instead I wonder if we could build an open database of “identities” that our browsers could clone.
That is your browser deliberately reports the whatever is currently the most popular of a set of general identities.
My iPhone is allegedly unique to 1 in 2,147,483,648+ devices.
But I wonder how true that is, given how many people use the same model and iOS version as me.
For example, in the DRM section, they extract the Security Level, like L3 – Software Decode (SW_SECURE_DECODE).
Their WebRTC test is also unique: they utilize a TURN server as a feedback mechanism. That means even if you tamper with WebRTC JS in the browser (like some extensions do), it can still expose your real IP by leveraging UDP and bypassing the proxy altogether. https://scrapfly.io/web-scraping-tools/webrtc-leak