A web page that shows you everything the browser told it
taken.
A web page that tells you what your browser gave away the moment you arrived. No login, no form, no permission. Most pages do this. None of them tell you.Since You Arrived
like this
⇧
cheese_greater
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
TheLeadenSea
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
All Ice In Chains
in reply to ☆ Yσɠƚԋσʂ ☆ • • •darcmage
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Cover Your Tracks
coveryourtracks.eff.orglike this
potatoguy likes this.
brbposting
in reply to darcmage • • •Kinda like they feed Cover Your Tracks to an LLM’s template so you can experience the data in narrative form
(No LLM used when you visit the site, just when they built it, is what I’m guessing here)
Bazimon
in reply to darcmage • • •herseycokguzelolacak
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Device Info - Web browser security, privacy, and troubleshooting tool.
www.deviceinfo.memrmisses
in reply to herseycokguzelolacak • • •like this
TVA likes this.
Rai
in reply to herseycokguzelolacak • • •Damage
in reply to herseycokguzelolacak • • •BeliefPropagator
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
giantpaper likes this.
☆ Yσɠƚԋσʂ ☆
in reply to BeliefPropagator • • •shrek_is_love
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to shrek_is_love • • •Dirt_Possum [she/her, undecided]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Would you feel differently about, say a book you read and somewhat enjoyed if you later learned it was written by a fascist? It sure would make a difference to me. Have you never consumed any sort of media that you later felt was tainted by who created it, or used a product that you later decided not to use again after learning how it was produced? There's even a colloquialism referring to this very thing, about "knowing how the sausage is made."
☆ Yσɠƚԋσʂ ☆
in reply to Dirt_Possum [she/her, undecided] • • •Dirt_Possum [she/her, undecided]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Dirt_Possum [she/her, undecided] • • •Dirt_Possum [she/her, undecided]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Dirt_Possum [she/her, undecided] • • •boboblaw [he/him, they/them]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to boboblaw [he/him, they/them] • • •LeeeroooyJeeenkiiins [none/use name]
in reply to Dirt_Possum [she/her, undecided] • • •I'll still eat that slop
Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Darkassassin07
in reply to ☆ Yσɠƚԋσʂ ☆ • • •piefed.social/c/fuck_ai/p/2042…
I came across this post the other day, and this person has put into words what I have simply failed to.
In short; AI makes the world feel empty and hollow. Many people enjoy the process behind the things we create or encounter, even if it wasn't us to go through that process. Replacing it with AI removes the human touch/connection that made that thing interesting. I don't want to know about the faceless algorithm that spat out what I'm seeing; I want to know about the person that created this and their experiences that brought them here.
☆ Yσɠƚԋσʂ ☆
in reply to Darkassassin07 • • •Darkassassin07
in reply to ☆ Yσɠƚԋσʂ ☆ • • •True; however many of the current use cases for AI aren't utilitarian, but are instead forcibly replacing artists while stealing their work to do so. Ontop of this, the infrastructure behind/supporting these tools is destructive and measurably making a significant amount of peoples lives worse.
These factors have jaded people against AI as a whole; as support for AI is seen as support for the destruction and instability it's brought with it.
☆ Yσɠƚԋσʂ ☆
in reply to Darkassassin07 • • •Darkassassin07
in reply to ☆ Yσɠƚԋσʂ ☆ • • •"I'm tired of listening to people complain about their or their friends lives being uprooted and my indifference to those problems"
Good, it's working. People are shying away from creating/posting AI content, knowing it's very vocally unwanted.
☆ Yσɠƚԋσʂ ☆
in reply to Darkassassin07 • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •The root cause is people posting AI slop where it's not welcome. If they could at least take that somewhere else, discussions could continue in peace.
Do you complain about people asking you to take a shower or leave because they don't like to smell you?
☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Weird, it's as if you haven't read a thing I've written.
You will continue to be told to remove the AI slop. Get with the times or be left behind because opposition against AI slop is here to stay. It is much better for your mental health to stop resisting. Not everybody is born privileged with a talent for spamming communities with unwanted content. Opposing AI slop is democratising access to people's attention.
☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Lumidaub • • •Darkassassin07
in reply to ☆ Yσɠƚԋσʂ ☆ • • •I'm actually going to make a separate point from my other comment:
Art is a matter of perspective.
Maybe you don't care about how your toothbrush was designed; but someone somewhere sat down and made decisions about how to best shape it, what materials to use, what kind/how many/what thickness of bristles, how to color it, etc. Those were decisions made from experiences that person had which they chose to factor into their designs.
Someone else out there is interested in what led to those design choices, perhaps to design their own with improvements or changes, perhaps just out of curiosity. They can't ask an algorithm why it made the choices it did and have a discussion about the details; but they could with a person.
What some find disinteresting, others immerse themselves in. AI destroys those opportunities for human connection. Human connection we already struggle to find as a species.
You might not care how this site was created, but some do. The use of an LLM has made it impossible to discuss the choices made, because there weren't any decisions
... Show more...I'm actually going to make a separate point from my other comment:
Art is a matter of perspective.
Maybe you don't care about how your toothbrush was designed; but someone somewhere sat down and made decisions about how to best shape it, what materials to use, what kind/how many/what thickness of bristles, how to color it, etc. Those were decisions made from experiences that person had which they chose to factor into their designs.
Someone else out there is interested in what led to those design choices, perhaps to design their own with improvements or changes, perhaps just out of curiosity. They can't ask an algorithm why it made the choices it did and have a discussion about the details; but they could with a person.
What some find disinteresting, others immerse themselves in. AI destroys those opportunities for human connection. Human connection we already struggle to find as a species.
You might not care how this site was created, but some do. The use of an LLM has made it impossible to discuss the choices made, because there weren't any decisions, just an algorithm spitting out letters one after another...
☆ Yσɠƚԋσʂ ☆
in reply to Darkassassin07 • • •Terence Tao (@tao@mathstodon.xyz)
Terence Tao (Mathstodon)BeliefPropagator
in reply to ☆ Yσɠƚԋσʂ ☆ • • •pathief
in reply to BeliefPropagator • • •It is a big deal how much the browser shares about you without people realizing. No one thinks about these things.
If you use a VPN on Spain you might think you're safe but then your timezone is saying you're in Ireland. You thought you were fooling them buy you really aren't. You can't outsmart fingerprint and I wish people made a bigger deal about this so actual solutions get implemented.
Sites like these raise awareness which is quite important.
☆ Yσɠƚԋσʂ ☆
in reply to BeliefPropagator • • •Kuori [she/her, pup/pup's]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •because if you lack the ability to discern whether or not something is actual useful feedback or hallucinated AI garbage then it's worthless
"knowing" something wrong is arguably worse than not knowing anything at all
☆ Yσɠƚԋσʂ ☆
in reply to Kuori [she/her, pup/pup's] • • •Kuori [she/her, pup/pup's]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •rank condescension aside
if you are somehow incapable of realizing that leaning on AI only exacerbates the problem you're talking about then idk what to tell you
☆ Yσɠƚԋσʂ ☆
in reply to Kuori [she/her, pup/pup's] • • •Kuori [she/her, pup/pup's]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •yeah your point was easily understood the first time, mine was that there's no reason to go out of your way to make the problem worse by constantly shitting out slop everywhere
but you seem to greatly enjoy your garbage so whatever
Rai
in reply to BeliefPropagator • • •Lumidaub
in reply to Rai • • •otp
in reply to BeliefPropagator • • •WalrusDragonOnABike [they/them]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •principalkohoutek [none/use name]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •ghost_laptop
in reply to ☆ Yσɠƚԋσʂ ☆ • • •plinky [he/him]
in reply to ghost_laptop • • •Damage
in reply to plinky [he/him] • • •space_comrade [he/him]
in reply to plinky [he/him] • • •Random Dent
in reply to ghost_laptop • • •Collatz_problem [comrade/them]
in reply to Random Dent • • •Random Dent
in reply to Collatz_problem [comrade/them] • • •Darkassassin07
in reply to ☆ Yσɠƚԋσʂ ☆ • • •The only thing in there I find surprising is the battery info. I'm not sure what legitimate use a website would have for that one. And perhaps that the gyro isn't behind a permission. There's pages that use it for 360 video for example, but you should have to allow that one.
Your IP address is a fundamental part of communication over the Internet, obviously the servers you speak to are going to need to know where to send their replies. There are ways to mask that ofc; proxies, vpns, etc.
Timezone+Language are needed for localization.
Display information and preferences, to render things correctly/as desired. Desktop web pages look like crap on a mobile display (and what type of mobile? Tablet, or phone?), plus they can't (well, shouldn't) show things in darkMode unless you tell them that's what you want...
Cookies: it does say 0mb stored by others for me, but that's not entirely true. Sites are typically given independent storage so they can't read eachothers cookies, but they can work together to have one site read its own cookies and pass that on to the s
... Show more...The only thing in there I find surprising is the battery info. I'm not sure what legitimate use a website would have for that one. And perhaps that the gyro isn't behind a permission. There's pages that use it for 360 video for example, but you should have to allow that one.
Your IP address is a fundamental part of communication over the Internet, obviously the servers you speak to are going to need to know where to send their replies. There are ways to mask that ofc; proxies, vpns, etc.
Timezone+Language are needed for localization.
Display information and preferences, to render things correctly/as desired. Desktop web pages look like crap on a mobile display (and what type of mobile? Tablet, or phone?), plus they can't (well, shouldn't) show things in darkMode unless you tell them that's what you want...
Cookies: it does say 0mb stored by others for me, but that's not entirely true. Sites are typically given independent storage so they can't read eachothers cookies, but they can work together to have one site read its own cookies and pass that on to the site you're currently visiting, on request, all embedded in the original page you were viewing. Just because they can't read eachothers storage directly doesn't necessarily mean thay can't get the data. 10gb per site seems like an absurdly high limit for this though. You could store whole movies in that space.
Visibility is one I've known but never really liked. The only 'legitimate' use for that I've seen is pausing media when it leaves your screen (or waiting to start media until its entered view), but half the time that's undesirable anyway. Why should a site know if, when, and how long I've looked at a particular portion of the page?
Blisterexe
in reply to Darkassassin07 • • •Some sites have heavy visual effects that are paused when you tab out, which is a good use of the feature.
Dessalines
in reply to ☆ Yσɠƚԋσʂ ☆ • • •This ones my fave: amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you're unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
My Fingerprint- Am I Unique ?
amiunique.orglike this
TVA likes this.
Kefla [she/her, they/them]
in reply to Dessalines • • •Yay, I'm completely unique! I won!
Wait a minute
like this
TVA likes this.
quediuspayu
in reply to Dessalines • • •scutiger
in reply to quediuspayu • • •sobchak
in reply to Dessalines • • •0_o7
in reply to sobchak • • •Yes and it will appear unique every time because every visit is using a different combination.
You'll be unique be less trackable.
eldavi
in reply to Dessalines • • •i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i'm ultra unique:
idiomaddict
in reply to eldavi • • •brbposting
in reply to idiomaddict • • •Check next week or in a new private tab now, prob be unique then too—think Apple’s fuzzing/reporting some noise/junk data for us.
Canvas:
& WebGL:
gotta be noisy, here’s hoping!
diaphragm w*rkplace
in reply to brbposting • • •enchantedgoldapple
in reply to diaphragm w*rkplace • • •diaphragm w*rkplace
in reply to enchantedgoldapple • • •brbposting
in reply to idiomaddict • • •EFF updated their site since last check months ago, seeming to confirm theory
Nice (& I’m unique again on AmIUnique)
Cover Your Tracks
coveryourtracks.eff.orgmmmac
in reply to Dessalines • • •☆ Yσɠƚԋσʂ ☆
in reply to Dessalines • • •MakingWork
in reply to Dessalines • • •Is there no add on, for Firefox, for example, to stop or confuse fingerprinting?
Any suggestions?
For Android.
SwooshBakery624 [they/them]
in reply to MakingWork • • •WebLibre: The Privacy-Focused Browser | F-Droid - Free and Open Source Android App Repository
f-droid.orgMakingWork
in reply to SwooshBakery624 [they/them] • • •About:config doesn't work on my android Firefox.
I should switch.
No1
in reply to Dessalines • • •My Mum always said I was unique.
Now I have proof!
Just being in Australia, and setting the timezone correctly gets you to below 0.6%
😒
FeelThePower
in reply to Dessalines • • •MadameBisaster
in reply to Dessalines • • •I guess their dataset is us centric
ChaoticNeutralCzech
in reply to Dessalines • • •Click click click
clickclickclick.clickValarie
in reply to Dessalines • • •I am a unique signiture but it also got my OS wrong and couldn't get my time zone
Y'all I think I won privacy
Programman4233
in reply to Dessalines • • •brillotti
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Mobile Sensors Exploitation
crypto.stanford.edulike this
TVA likes this.
UndulyUnruly
in reply to brillotti • • •scoobydoo27
in reply to UndulyUnruly • • •Mongostein
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Programman4233
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
☆ Yσɠƚԋσʂ ☆
in reply to Programman4233 • • •Programman4233
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Programman4233 • • •TʜᴇʀᴀᴘʏGⒶʀʏ⁽ᵗʰᵉʸ‘ᵗʰᵉᵐ⁾
in reply to Programman4233 • • •I use a custom font on one of my websites with the font files hosted on my server, which it offers to th... Show more...
I use a custom font on one of my websites with the font files hosted on my server, which it offers to the browser, but it can be overridden by user accessibility settings
idiomaddict
in reply to Programman4233 • • •meowmeow
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Kefla [she/her, they/them]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •What the fuck why is my browser telling random websites what fonts I have installed? Shouldn't that be completely irrelevant to everyone except me and my particular device?
like this
TVA likes this.
chinaski
in reply to Kefla [she/her, they/them] • • •like this
TVA likes this.
Dirt_Possum [she/her, undecided]
in reply to Kefla [she/her, they/them] • • •like this
TVA likes this.
nothx [he/him]
in reply to Kefla [she/her, they/them] • • •Kefla [she/her, they/them]
in reply to nothx [he/him] • • •like this
TVA likes this.
Dirt_Possum [she/her, undecided]
in reply to Kefla [she/her, they/them] • • •pathief
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
egerlach
in reply to pathief • • •Phil Dowson
in reply to ☆ Yσɠƚԋσʂ ☆ • • •This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
like this
TVA likes this.
redparadise
in reply to Phil Dowson • • •Lumidaub
in reply to ☆ Yσɠƚԋσʂ ☆ • • •lolno
Steve
in reply to Lumidaub • • •like this
TVA likes this.
Lumidaub
in reply to Steve • • •limdaepl
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Looks like it doesn’t know shit about me. Just that I am on an iPhone and my general location from the IP. Not surprising at all.
Maybe this is more thrilling for android users?
Texas_Hangover
in reply to limdaepl • • •scutiger
in reply to limdaepl • • •This specific website only shows information that the browser is freely offering. Basically you open the page, and without the website even asking for anything, that's the information it's getting. It's not querying any data points, or trying to tie any of them together. This is just your browser saying "Hi, we just met, so here's a bunch of stuff you may want to know about me."
If they want to know more, they can just ask and the browser will give more information. If there's information the browser doesn't want to share, the website can infer a bunch more information.
printf("%s", name);
in reply to ☆ Yσɠƚԋσʂ ☆ • • •w3dd1e
in reply to printf("%s", name); • • •like this
TVA likes this.
printf("%s", name);
in reply to w3dd1e • • •w3dd1e
in reply to printf("%s", name); • • •magnue
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
☆ Yσɠƚԋσʂ ☆
in reply to magnue • • •like this
TVA likes this.
slampisko
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
☆ Yσɠƚԋσʂ ☆
in reply to slampisko • • •like this
TVA likes this.
lad
in reply to ☆ Yσɠƚԋσʂ ☆ • • •So that Uber will charge you a higher rate when the battery is low
I don't even know it it's /s anymore
☆ Yσɠƚԋσʂ ☆
in reply to lad • • •MML
in reply to magnue • • •magnue
in reply to MML • • •Dogiedog64
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
Anna
in reply to ☆ Yσɠƚԋσʂ ☆ • • •QuietCupcake [any, they/them]
in reply to Anna • • •zeezee
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Zach777
in reply to zeezee • • •Although they can still fingerprint you I think.
like this
TVA likes this.
Brimstone
in reply to Zach777 • • •like this
TVA likes this.
SCmSTR
in reply to Brimstone • • •Zach777
in reply to Brimstone • • •floquant
in reply to zeezee • • •like this
TVA likes this.
FE80
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
Kyle
in reply to ☆ Yσɠƚԋσʂ ☆ • • •So uh... By using fennec and sometimes a VPN. Am I making myself more unique and fingerprint able?
Should I be using something that sends randomised bogus data instead?
Here I thought I was private but some of these 1% figures makes it look like I'm very unique and easily tracked.
like this
TVA likes this.
tristynalxander
in reply to Kyle • • •Mine is sending that my primary language is English, but that I know other languages (I don't), but it'd be nice to have a tool messes with them more.
iByteABit
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Interesting, I wonder how unique the fingerprinting is though, they don't give you any specific stats.
Is it really possible to identify me with like 1/100 precision for example, if you don't have my real IP, real country, no trackers, and all you have is a list of fonts, my graphics card, and the browser info?
like this
TVA likes this.
blargh513
in reply to iByteABit • • •That's the magic of fingerprinting. They don't need what we would consider are the "real" signals like IP address anymore.
They can create a composite value based on boring stuff like the things you mentioned, plus a few others. They can pull fun stuff like the details of your TLS handshake OS, browser, versions of various plugins/addons, etc. Given 20+ signals they can fingerprint you pretty well. They store it and just profile you, follow you around.
VPNs, privacy addons are just more signals to use to fingerprint you. You stand out even more when you try to hide. It's been this way for a while now.
like this
TVA likes this.
chicken
in reply to blargh513 • • •blargh513
in reply to chicken • • •Really?
No.
It's been this way for a while. At best, you can use some techniques to provide plausible deniability from a legal perspective.
Not that laws matter anymore.
The best you can do is try to blend in.
like this
TVA likes this.
chicken
in reply to blargh513 • • •brbposting
in reply to chicken • • •The way and what you type, how you move your mouse, when you browse…
Think we can make things more difficult, but just assume tracked everywhere. Won’t know about browser privacy 0days either for who knows how long.
Some stuff has to be reported accurately for stuff to work well, like screen size. Other stuff can be and is faked, even by Apple out of the box I’m pretty sure.
Not my area of expertise :)
chicken
in reply to brbposting • • •Ah yes, CSS, the famously serverside technology
brbposting
in reply to chicken • • •chicken
in reply to brbposting • • •brbposting
in reply to chicken • • •megaman
in reply to chicken • • •Buddahriffic
in reply to iByteABit • • •Yeah, I kinda wish the site generated a hash or something because I've got an extension that fakes the canvas results, but the site says those identifiers are unique for me... But are they the same unique (which indicates the extension isn't doing anything) or different each time (which might even make the others less useful if it aggregates everything?
I did notice earlier today that the YouTube recommendations were all actually related to the video I was currently watching instead of it trying to get me to go down a rabbit hole I've already been down even logged out, like it does on my desktop where I haven't installed that extension.
tristynalxander
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
colourlessidea
in reply to tristynalxander • • •tristynalxander
in reply to colourlessidea • • •Yeah, I think there are two problems. One issue is that they profile users both for ads and manipulative algorithmic content, and I'd like them to profile me incorrectly in most cases (except like they are less likely to try to sell people on linux things, that's a great thing I'd like to keep in the profile). The other issue is that they follow individual users using this fingerprinting, again this can be used both to sell things and to manipulate, but it's a tad creepier since it tracks how you're unique even compared to people superficially similar to you.
Ideally, I'd like some extension where I can look at values and either keep them, set them, or randomize them.
TʜᴇʀᴀᴘʏGⒶʀʏ⁽ᵗʰᵉʸ‘ᵗʰᵉᵐ⁾
in reply to ☆ Yσɠƚԋσʂ ☆ • • •And yet here they are showing me their webpage in darkmode 😒
Dark Secret
in reply to TʜᴇʀᴀᴘʏGⒶʀʏ⁽ᵗʰᵉʸ‘ᵗʰᵉᵐ⁾ • • •Agent641
in reply to ☆ Yσɠƚԋσʂ ☆ • • •tpihkal
in reply to ☆ Yσɠƚԋσʂ ☆ • • •like this
TVA likes this.
lauha
in reply to tpihkal • • •pwxd
in reply to ☆ Yσɠƚԋσʂ ☆ • • •pwxd
in reply to pwxd • • •Scrollone
in reply to pwxd • • •thethunderwolf
in reply to pwxd • • •🗿
the data is still there tho
pwxd
in reply to thethunderwolf • • •iglou
in reply to pwxd • • •That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
pwxd
in reply to iglou • • •If you're referring to browser user agent, then yes it's trackable but other than that it is useless with no JS cause it can't access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don't use "most browser" like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
moseschrute
in reply to pwxd • • •You can still fingerprint a user based on CSS features.
fingerprint.com/blog/disabling…
Demo: Disabling JavaScript Won’t Save You from Fingerprinting
Fingerprintmoseschrute
in reply to pwxd • • •You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
fingerprint.com/blog/disabling…
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
Looks like the demo is open source: github.com/fingerprintjs/blog-…
Demo: Disabling JavaScript Won’t Save You from Fingerprinting
Fingerprintpwxd
in reply to moseschrute • • •ShowSuperb9281
in reply to pwxd • • •RememberTheApollo_
in reply to ☆ Yσɠƚԋσʂ ☆ • • •I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.
That’s it.
Zacryon
in reply to ☆ Yσɠƚԋσʂ ☆ • • •DornerStan
in reply to ☆ Yσɠƚԋσʂ ☆ • • •It's been a few years since I was invested in this topic, but I think the "meta" for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.
Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.
Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.
Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don't want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.
For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a "blocks JavaScript flag" is just a single unique identifier.
Sandboxing and si
... Show more...It's been a few years since I was invested in this topic, but I think the "meta" for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.
Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.
Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.
Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don't want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.
For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a "blocks JavaScript flag" is just a single unique identifier.
Sandboxing and siloing can also mitigate some of the risk, and is relatively painless once implemented.
All of it comes down to threat model and motivation. You can probably get like 70% better privacy/security for 20% of the work, which is a good standard for a typical usecase/person. Install ublock, disable some of the higher risk and less useful tracking (websites don't need my fucking battery and gyroscope).
Diminishing returns start to hit hard, in part due to the passive fingerprinting / active tracking tension, due to cloudflare, due to everyone around you that doesn't give a shit. Anything on the other end of the risk spectrum should just be done without a smartphone in the vicinity, if possible.
beernutz
in reply to ☆ Yσɠƚԋσʂ ☆ • • •glnpf148
in reply to beernutz • • •Allero
in reply to beernutz • • •It seems to count a swipe as a series of dozens of movements. Probably to show there's a clear fingerprint even in how exactly you move your finger.
Websites don't just get a "swipe" command. They know exactly where your finger is on the screen at any given moment.
beernutz
in reply to Allero • • •LeeeroooyJeeenkiiins [none/use name]
in reply to ☆ Yσɠƚԋσʂ ☆ • • •GUESS AGAIN, IDIOTS!
plz1
in reply to ☆ Yσɠƚԋσʂ ☆ • • •iglou
in reply to plz1 • • •The point is not that they know your IP, but that even your IP already gives away information. That's why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
Bane_Killgrind
in reply to iglou • • •I understand how all of it works. Whether it's vibe coded or not it, it showed me stuff that I didn't think about like arbitrary web pages can know my phone tilt, battery level??
The opsec implications are severe.
iglou
in reply to Bane_Killgrind • • •Bane_Killgrind
in reply to iglou • • •Zerush
in reply to iglou • • •Ironfacebuster
in reply to Zerush • • •Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend's IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That's if they have anything that isn't firewalled, obviously, but the point stands!
iglou
in reply to Zerush • • •lobo
in reply to iglou • • •depends on the isp, my router has its own adress on the iternet
couple of friends have a different isp that layers it users behind multiple nats so half the city would show the same ip on a website
iglou
in reply to lobo • • •I've never heard of that kind of network, is that a US thing? I can't imagine having my traffic routed, as the person I replied to said, to the other side of the country before being routed to the proper destination. That is so incredibly inefficient and unnecessary. Not to mention the single point of failure.
Edit: And it makes hosting a public facing server at home a nightmare... I see no benefit to this except not having to get a large IP range to properly assign them to your customers, which sounds like capital efficiency rather than decent user experience. Did I get it right, is this a US thing? :D
Edit 2: And there are a lot of systems IP-banning abusers (it is, in fact, one of the most basic recommendations), meaning that if someone sharing that public IP gets IP banned, the entire customer group sharing the IP is troubled. Even worse if it ends up on a shared blacklist...
Zerush
in reply to iglou • • •iglou
in reply to Zerush • • •The public IP location is not precisely your location because your IP address does not convey that information at all. Services that locate an IP guesstimate based, mostly, on what range your IP is a part of, and what public data is available about that range.
I'm not sure about Spain (pretty confident it is the same, only a capitalist hellhole would do what you suggest), but in France and the Netherlands at least, your IP (the one a website sees) is always yours and yours only, not the IP of some ISP server.
If you can open your ports in your router and access them from the internet, then your public IP is yours. Most people can (even with a dynamic IP). If it was an ISP server, you wouldn't be able to.
The thing a european ISP usually do is assign a dynamic IP, so that while your IP is assigned to your home router and yours only at a moment in time, it will likely change the next day, and will always change on a reboot of your router. But it still is your router's IP at that moment in time, not a random ISP server. IPs are not physically assigned to a device
... Show more...The public IP location is not precisely your location because your IP address does not convey that information at all. Services that locate an IP guesstimate based, mostly, on what range your IP is a part of, and what public data is available about that range.
I'm not sure about Spain (pretty confident it is the same, only a capitalist hellhole would do what you suggest), but in France and the Netherlands at least, your IP (the one a website sees) is always yours and yours only, not the IP of some ISP server.
If you can open your ports in your router and access them from the internet, then your public IP is yours. Most people can (even with a dynamic IP). If it was an ISP server, you wouldn't be able to.
The thing a european ISP usually do is assign a dynamic IP, so that while your IP is assigned to your home router and yours only at a moment in time, it will likely change the next day, and will always change on a reboot of your router. But it still is your router's IP at that moment in time, not a random ISP server. IPs are not physically assigned to a device
My home IP is mine, fixed, and I can verify that it is indeed my router. Yet the location of it according to locators is the other side of the country. The location locators give you for your IP being different to your actual location is not a proof that your public IP is not your actual home IP at all. And that is because an IP is not tied to a location and only your ISP can tell the location of their IPs.
nixukty
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
neon_nova
in reply to nixukty • • •jpeps
in reply to neon_nova • • •One clue to me is the "how many times you moved" statement. One actual human "move" is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
neon_nova
in reply to jpeps • • •Bane_Killgrind
in reply to jpeps • • •You know it's just counting the change in acceleration in your phone's gyroscope chip or whichever it is. If you are typing something the phone "moves" twice with each swipe.
This page is just putting numbers it's collecting from your phone into a template paragraph.
TranquilTurbulence
in reply to jpeps • • •nixukty
in reply to neon_nova • • •AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn't necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
pruwyben
in reply to ☆ Yσɠƚԋσʂ ☆ • • •iglou
in reply to pruwyben • • •Spezi
in reply to iglou • • •quick_snail
in reply to pruwyben • • •Or you could use chameleon browser extension.
It changes your data every 5 minutes
bthest
in reply to pruwyben • • •piyuple
in reply to ☆ Yσɠƚԋσʂ ☆ • • •quick_snail
in reply to ☆ Yσɠƚԋσʂ ☆ • • •Looks like I'm safe
racoon
in reply to quick_snail • • •quick_snail
in reply to racoon • • •Alas Poor Erinaceus
in reply to ☆ Yσɠƚԋσʂ ☆ • • •bthest
in reply to Alas Poor Erinaceus • • •"31 data points"
Hell yeah! i is ghost.
Bloomcole
in reply to ☆ Yσɠƚԋσʂ ☆ • • •UnderpantsWeevil
in reply to Bloomcole • • •QuinnyCoded
in reply to ☆ Yσɠƚԋσʂ ☆ • • •I wonder, do phones have 6dof tracking (space + rotation) or 3dof tracking (just rotations)
because if it's 3dof I'm calling bullshit on some of this.
I have 7 3dof fullbody trackers for vrchat (cough cough !VRChat@sh.itjust.works cough cough) and they're so damn inconsistent and need to constantly be ready to be calibrated to line up with what your body is actually doing. Having 1 3dof device can definitely detect walking or swinging, no shot it can tell if you're in bed or on a couch
b000rg
in reply to QuinnyCoded • • •poke
in reply to b000rg • • •Zerush
in reply to ☆ Yσɠƚԋσʂ ☆ • • •racoon
in reply to Zerush • • •racoon
in reply to ☆ Yσɠƚԋσʂ ☆ • • •pineapple
in reply to ☆ Yσɠƚԋσʂ ☆ • • •fingerprint.com is an actual tracking company, while the front page doesn't show what it knows it shows weather it has seen you before.
You can setup browsers to randomize fingerprints (tor does this automatically) so while your browser fingerprint is almost always unique you can see if it changes enough so it doesn't recognise you across accesses.
WorldsDumbestMan
in reply to ☆ Yσɠƚԋσʂ ☆ • • •luciferofastora
in reply to ☆ Yσɠƚԋσʂ ☆ • • •lobo
in reply to ☆ Yσɠƚԋσʂ ☆ • • •central europe, maybe its due to architecture the isp has wifi access points around the city and people connect to them
back when it was starting there wasnt even isolation between clients, we used to send random shit to printers on the network as kids
rumba
in reply to ☆ Yσɠƚԋσʂ ☆ • • •I hit it with Firefox and it gave 24 points. Firefox refused to disclose my battery level. But did give it my angular geometry.
I opened it in Brave and it lied about my screen resolution and colored up my fonts, my battery. It refused to give up my angular geometry.
Why the hell doesn't firefox just include some of those white lies?
Karl
in reply to ☆ Yσɠƚԋσʂ ☆ • • •My jaw dropped when I read the what angle my device is being held at, how many times I scrolled and tapped, what my position is!!!
How is this even legal?!
I always thought they just took my location, my device name etc. I had no idea it's this deep.
crow
in reply to ☆ Yσɠƚԋσʂ ☆ • • •SteinSkylark
in reply to ☆ Yσɠƚԋσʂ ☆ • • •