- DrSteveBrule@mander.xyzEnglish24 minutes
I thinks I’m in a town 2 hours south of where I’m at, but it got the time zone wrong by three hours.
- wampus@lemmy.caEnglish1 hour
Heheh, a whole lot of mocking in this thread, but I don’t mind the site / its display.
Yeah, it’s overly melodramatic in its setup, and a bunch of the information doomerism is silly in terms of the info basically being required to provide data comms etc. It also tends to get things a bit wrong in a few categories – like for me, it said I was in a totally different city (still the right country at least - Canada), then it said my time zone was in iceland, which is kinda… no.
But the general message of the site, and the awareness its trying to raise in regards to how much data gets shared for basic comms establishment, and how that information gets used to fingerprint people, is worthwhile.
- dev_null@lemmy.mlEnglish43 minutes
It got the country wrong for me. I didn’t use a VPN or anything. So that’s good I guess.
- 55 minutes
There are multiple sites like this, for example clickclickclick.click has been around for 10 years (not optimized for mobile)
- stray@pawb.socialEnglish1 hour
Why would a website need to know my screen resolution? That’s private.
- lastlybutfirstly@lemmy.worldEnglish14 minutes
I used to make websites back in the 2000s. Hit trackers collected this info back then too. Knowing screen resolutions is useful for designing the website. Knowing all this info in general is helpful. If 99% of your visitors are coming from the US with a screen resolution of 1080p and are using Firefox, you know not to worry too much about making the site compatible with Netscape Navigator, 640x480 monitors, and translating everything to French.
I am surprised by this site knowing my graphics card. I don’t know why modern web developers would need to know that. I’ve been out of the game so long. Perhaps it’s useful info.
Edit:
I’m also always surprised/saddened that today nobody on the Internet seems to know anything at all about making websites. This kind of thing was common knowledge back in the 2000s.
- new_world_odor@lemmy.worldEnglish13 hours
This is lame as shit. The tone of the writing is going to get non-tech people feeling quite dismissive, or scared enough to seek out surface level info, which just rolls back into feeling dismissive. It’s actually really stupid because they’re clearly driving fear, but hardly touch the real thing to be scared of. Fingerprinting is barely mentioned, it’s only really addressed once, in the font identification section. The issue with all these data points is how they can be collected and correlated across the web - it basically means fuck-all if it’s only from one page.
edit: On top of that, each data point is presented as some sort of horrible catastrophe, when some are completely benign. Barely addressing why some points actually matter, or not at all. (Like click/touch data, it’s needed for site functionality, but it gets creepy when that data is used for things like psychological profiling)
Even more disappointing because the formatting/appearance is more than clean enough to share with basically anyone. Yet the tone and focus makes that out of the question. What a waste of time to make this.
- Tippy@sh.itjust.worksEnglish18 hours
Laughing my ass off reading through this. The sanctimonious and passive aggressive threatening tone is perfect for how much info it got wrong just because I use Firefox and an adblock. YOUR BROWSER DIDN’T TELL US ANYTHING ABOUT THIS, LIKELY BECAUSE ITS FIREFOX. BUT THAT MEANS WE KNOW YOU USE FIREFOX AND WE ARE CHOOSING TO BE SAFE WITH THAT INFO, YOURE WELCOME, PWNED!!!11!1111!1
Teaching people about fingerprinting and how important understanding it is for personal privacy is good, but acting like a 4chan script kiddy group and making bizarre empty threats like you’re mr robot ain’t it, dawg.
From other comments this is likely some AI slop to sell a product, but if they’re serious they come off like they just slept through sec+ and think they’re shadow brokers now lmao
- paris@lemmy.blahaj.zoneEnglish17 hours
On a bog standard phone with dns blocking and nothing more, it was able to identify a lot of information. Some pieces of information I didn’t realize are sent to websites when I visit them. It’s a good demonstration of fingerprinting.
- Tippy@sh.itjust.worksEnglish17 hours
Using a slightly less popular browser with a single privacy addon almost completely circumvented their fingerprinting. Changing the user agent to mask the few pieces of almost useless info it did get, would have totally circumvented their fingerprinting.
I understand the average user would have more correct indicators. The point is, if they’re going to run a service like this, pretending to be hackers and making entirely toothless threats to scare people with info they likely don’t even know how to interpret themselves, shows how incompetent they are and that they don’t actually want to educate. Hence why most legit groups that do education like this choose to present themselves as professionals and adults instead.
- FG_3479@lemmy.worldEnglish17 hours
You should try fingerprint.com .That is what Dropbox, Booking.com, TikTok etc use and you need Firefox with Jshelter set to the following settings to defeat it.
- Time precision: High
- Locally rendered images: Little lies
- Locally generated audio: Little lies
- WebAssembly speed-up: Enabled
- Everything else including Fingerprint Detector disabled
- lauha@lemmy.worldEnglish3 hours
Standard firefox provided 19 datapoints and with jshelter it was 24 and nothing changed what the site says :)
- Tippy@sh.itjust.worksEnglish16 hours
I’m not saying I’m a sec expert and impervious to tracking. I don’t need to try multiple sites until one gives me more correct hits, I understand the basics of fingerprinting and how it can be used maliciously. I do more than the average user to safeguard my information.
My point is, real sec professionals attempting to educate and make the general public more knowledgeable about privacy don’t have to rely on scare tactics and vague implications that they live in the matrix and are coming for you to accomplish that. It makes them look like ding-dongs who need to take the trenchcoats and sunglasses off and open the blinds. This thankfully seems to be a common sentiment in this thread.
- FG_3479@lemmy.worldEnglish17 hours
Or a Firefox fork with resistFingerprinting disabled (Jshelter deals with that).
- spizzat2@lemmy.zipEnglish16 hours
Similar results with NoScript.
This volume requires JavaScript. That is part of the point — your browser is what is being read.
With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops.
The fact that they’re stopped from “the telling” says a lot about their abilities, but not much about “the disclosure”.
I imagine it was just stuff collected in most server logs: IP Address, user agent string… I’m not too concerned, really.
- 43 minutes
Looks like they don’t have a dedicated backend dev. A similar presentation could be done by making it a dynamically generated page, with some CSS animations.
- boonhet@sopuli.xyzEnglish16 hours
Even bog standard ios hides some stuff they claim to have.
WHAT RENDERS YOUR WORLD
Apple GPU
Your graphics processor identified itself as Apple GPU. This tells us the manufacturer, the generation, and roughly the price of your machine. Combined with your screen size and font list, this string alone can distinguish your device from most others on the internet. The technique is called WebGL fingerprinting. No permission is required.
Uh sure, that string tells you the generation and price.
- ProfessorScience@lemmy.worldEnglish21 hours
They’re really playing up the ominous tone.
“We know this because your IP address — xxx.xxx.xxx.xxx — was the first thing your device sent us. We know the rest of it. We chose not to display it. Most pages would not have made that choice. We did not ask for your location. Your address arrived before you did.”
Uh, yeah. That’s how IP addresses work.
- lauha@lemmy.worldEnglish5 hours
Language and dark mode setting are also funny. Yes, I literally want to share those preferences so you don’t serve me a blinding white website in hebrew. What a hacker you are.
- anton@lemmy.blahaj.zoneEnglish3 hours
Same with time zone. The IP location was way more specific, but if you use a vpn it might reveal some information.
20 hoursdude be careful, right now your house is probably broadcasting a street address.
the mailman that drops your mail off? he knows
- bamboo@lemmy.blahaj.zoneEnglish20 hours
We sent a SYN-ACK packet and YOU acknowledged it, confirming you are not spoofing YOUR IP address. Now WE share the same sequence number. Most sites do not tell you this is happening.
- XLE@piefed.socialEnglish20 hours
Compare this to Google’s homepage, which is clean, wholesome, friendly, and inviting.
(I don’t mind sites that try to scare the user straight, but this one definitely has the unmistakable tinge of AI-generated wording. Make a sense if you click through the links at the bottom to see who created it.)
- morto@piefed.socialEnglish20 hours
It really looks ai-generated. It even contains mistakes like saying that my 5yo phone model with low resolution is a high end device. All the text is pretty “generic” and sloppy
Tbh, a five year old phone can absolutely be high end. Mine is four years old and I absolutely consider it high end.
- morto@piefed.socialEnglish14 hours
A 5yo phone can absolutely be high end, but definitely not mine lol. It got a cheap soc, low resolution and 2gb of ram
- saimen@feddit.orgEnglish17 hours
I am pretty sure 90% of the people using the Internet don’t know what an IP address is.
- 17 hours
Obvious, the address of where you pee.
- MisterCurtis@lemmy.worldEnglish19 hours
Yeah, a bit overly ominous. But my mom doesn’t know that’s how IP addresses work. And if it scares a bit more privacy mindedness into her, good.
I think this is the idea behind it. Sure it looks sanctimonious if you’re already privacy-minded, but then the site isn’t for you.
- 21 hours
Yes. You can either give them your real one, or not. That’s the point being made. Actually the point of the whole page is that just loading a website tells a huge amount about you, even if you are behind a vpn and extensions to minimize your fingerprint. You are a product for sale.
- Phoenixz@lemmy.caEnglish20 hours
Well yes, but most people don’t even know that part. I guess it’s not the worst thing to tell them?
- Rioting Pacifist@lemmy.worldEnglish20 hours
Didn’t realize my phone sent it’s rotation data without promoting, everything else is kind of needed to send me info.
My IP
My screen size
My interactions with the page
Yeah, the rotation was a bit of a surprise to me. Doesn’t seem like Waterfox has a setting to disable that, so I just disabled my browser’s access to the accelerometer and gyros entirely.
- db2@lemmy.worldEnglish17 hours
Now instead of cutting it off send fake data so it looks like your phone is in a blender.
- ShinkanTrain@lemmy.mlEnglish16 hours
Weird, this user’s gyro says the phone is angled at the entire Doom source code
I find it weird that the web operator decided to make it so rotation data only is publicly shown if your phone is actually laying down. Because if you’re holding it in the standard position, it doesn’t even announce that it collects it.
- bamboo@lemmy.blahaj.zoneEnglish21 hours
Doesn’t seem to be anything new here than what’s we already know:
Just with a more ominous tone. Is it any wonder people are afraid of technology?
- rozodru@piefed.worldEnglish19 hours
sooooo reading a browsers user-agent is now a thing to worry about? oh look I changed my user-agent and now this dumb ass site is giving all the wrong info woulda look at that.
“We know where you are based on your IP” yeah bro, that’s how IP’s work. look i turned on mullvad, omg now it says i’m in Sweden!
“we know you’re using an AMD gpu” gasp ya don’t say. oh look I changed my user-agent again and now you think I’m on nvidia, crazy how that works huh?
This is a dumb bullshit site.
oh look it’s built by these morons: https://riseuplabs.app/ a company that vibe codes every “product” they have. so naturally building a stupid site that just pulls your user-agent would seem amazing to them.
This is bullshit marketing for their bullshit vibe coding. report this post, it’s an ad.
- db2@lemmy.worldEnglish17 hours
It didn’t even get the IP location thing right for me even without a VPN. It wasn’t even close. 🤣
Lol it says I have a “recent, high end device”… It’s a Samsung that’s old enough to be in the third grade.
Only thing that’s missing is a bunch of threats with a Bitcoin address at the bottom.
- ShinkanTrain@lemmy.mlEnglish16 hours
I’m guessing it has inferred that (wrongly) from your screen size and resolution.
That’s not a great datapoint, if that’s the case, there’s 2015 phones that are unnecessarily 4K (right when 4K TVs were becoming popular)
- brsrklf@jlai.luEnglish21 hours
Your graphics processor identified itself as or similar.
Ah yes, Or similar, great GPU, love it.
- LeapSecond@lemmy.zipEnglish20 hours
Your finger moved 273 times. You tapped 14 times.
I’m sorry what?
Since they went into the effort to make this sound so ominous, it’d be cool to see some actual inferences from the data points. For example it would be pretty easy to tell you are behind a VPN and your real location is probably xyz.
- cheese_greater@lemmy.worldEnglish19 hours
They knew i was on a vpn and the time zone, your phone just gives that shit up
Dont even get me started on “experimental” browser flags that come default on some browsers
- CarterH739@lemmy.worldEnglish20 hours
The location is off by about fifty miles. It didn’t get my GPU or battery level. Everything else is stuff that doesn’t matter. Firefox browser, English, android device. I am not terribly impressed.
You’re right, and same for me, but what if you’d never considered any of this before and are new to the idea of privacy? I expect it would then give you pause for thought.
Sure, it’s a gimmick site. But it serves a useful purpose for those who don’t know about the topic. Which is probably the majority of users.
Despite my own experience: TIL the tilt angle of my phone is available to websites.
- CarterH739@lemmy.worldEnglish2 hours
I guess I was mostly put off by the sensationalism. Everything is saturated with it these days.
You made an interesting point though, about people being new to this. I’m an old man. The internet wasn’t even a thing until I was in my early teens. It was sort of a Wild West situation for a while there and guarding personal info was the norm. But these days information gathering is built into every device, website, app, etc. To people growing up with this now it probably seems like it’s just the way things are done and nothing to worry about. I can see it being useful for pointing that out. I think it would be more useful though if it focused more on showing how to counteract these things, rather than just being scary.
- CarterH739@lemmy.worldEnglish2 hours
Now that one goes after a whole lot more info than the other. I was pretty happy to see the amount of “unknown” and “permission not granted or denied” responses though.
- Ulrich@feddit.orgEnglish2 hours
That’s not necessarily great either though, because that “unknown” becomes your unique fingerprint that almost no one else has. Ideally you to have spoofed information with the most common parameters, or even better, randomized ones.
