2 months
You must log in or register to comment.
- 2 months
This ones my fave: https://amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you’re unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
- 2 months
Yay, I’m completely unique! I won!
Wait a minute
- 0_o7@lemmy.dbzer0.comEnglish2 months
Yes and it will appear unique every time because every visit is using a different combination.
You’ll be unique be less trackable.
- eldavi@lemmy.mlEnglish2 months
i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i’m ultra unique:
Yes! You are unique among the 5084762 fingerprints in our entire dataset.
- brbposting@sh.itjust.worksEnglish2 months
Check next week or in a new private tab now, prob be unique then too—think Apple’s fuzzing/reporting some noise/junk data for us.
Canvas:
& WebGL:
gotta be noisy, here’s hoping!
I don’t know. But it’s random, which gives sites a “false sense of fingerprintability” each time.
- brbposting@sh.itjust.worksEnglish2 months
EFF updated their site since last check months ago, seeming to confirm theory
Nice (& I’m unique again on AmIUnique)
- 2 months
They basically asked for your name, birth date, and mother’s maiden name, and your browser just gave it to them and offered even more.
- 2 months
Is there no add on, for Firefox, for example, to stop or confuse fingerprinting?
Any suggestions?
For Android.
- 2 months
- 2 months
My Mum always said I was unique.
Now I have proof!
Just being in Australia, and setting the timezone correctly gets you to below 0.6%
😒
- 2 months
that’s pretty comprehensive, and similarity ratios show how easy it is to create a unique fingerprint for somebody if you hash a few of these metrics together for example.
- 2 months
I am unique cause I set language to EN-GB :D I guess their dataset is us centric
- 2 months
dang, even with vanadium on graphene i am very uniquely identified. I suppose it can’t be helped these days.
- 2 months
I am a unique signiture but it also got my OS wrong and couldn’t get my time zone
Y’all I think I won privacy
- 1 month
what does “You are unique among the 5119710 fingerprints …” mean?
- 2 months
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
- 2 months
Nothing makes you more unique than being one of the few people who disable java script
- 1 month
Honestly I would rather they fingerprint compared to running random code from websites.
- 2 months
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
- 2 months
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
- 2 months
AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn’t necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
- 2 months
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
- 2 months
You know it’s just counting the change in acceleration in your phone’s gyroscope chip or whichever it is. If you are typing something the phone “moves” twice with each swipe.
This page is just putting numbers it’s collecting from your phone into a template paragraph.
2 monthsLLMs always write with a very dramatic tone. I really hate that high impact language now.
- plz1@lemmy.worldEnglish2 months
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.- 2 months
The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
- 2 months
I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??
The opsec implications are severe.
- 2 months
Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose
- 2 months
Well maybe fingerprint duplication, some secure proxy provides a profile to follow/ plugin to install and all their customers look identical. Still gets your traffic pegged as a customer of that service.
- 2 months
The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.
- 2 months
Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!
- 2 months
Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.
- 2 months
depends on the isp, my router has its own adress on the iternet
couple of friends have a different isp that layers it users behind multiple nats so half the city would show the same ip on a website
- 2 months
I’ve never heard of that kind of network, is that a US thing? I can’t imagine having my traffic routed, as the person I replied to said, to the other side of the country before being routed to the proper destination. That is so incredibly inefficient and unnecessary. Not to mention the single point of failure.
Edit: And it makes hosting a public facing server at home a nightmare… I see no benefit to this except not having to get a large IP range to properly assign them to your customers, which sounds like capital efficiency rather than decent user experience. Did I get it right, is this a US thing? :D
Edit 2: And there are a lot of systems IP-banning abusers (it is, in fact, one of the most basic recommendations), meaning that if someone sharing that public IP gets IP banned, the entire customer group sharing the IP is troubled. Even worse if it ends up on a shared blacklist…
- 2 months
What the website see is the current IP of the used ISP server in this moment. In the last check it was Madrid, several hundreds km from my real home. The public IP isn’t the same as my user IP, which only know my ISP and I (and the police by the ISP, if exist a court order). The public IP don’t show your real location, the website only can use your GPS data if you have it activated or if it appears in your account data (Google, Google Maps).
- 2 months
The public IP location is not precisely your location because your IP address does not convey that information at all. Services that locate an IP guesstimate based, mostly, on what range your IP is a part of, and what public data is available about that range.
I’m not sure about Spain (pretty confident it is the same, only a capitalist hellhole would do what you suggest), but in France and the Netherlands at least, your IP (the one a website sees) is always yours and yours only, not the IP of some ISP server.
If you can open your ports in your router and access them from the internet, then your public IP is yours. Most people can (even with a dynamic IP). If it was an ISP server, you wouldn’t be able to.
The thing a european ISP usually do is assign a dynamic IP, so that while your IP is assigned to your home router and yours only at a moment in time, it will likely change the next day, and will always change on a reboot of your router. But it still is your router’s IP at that moment in time, not a random ISP server. IPs are not physically assigned to a device
My home IP is mine, fixed, and I can verify that it is indeed my router. Yet the location of it according to locators is the other side of the country. The location locators give you for your IP being different to your actual location is not a proof that your public IP is not your actual home IP at all. And that is because an IP is not tied to a location and only your ISP can tell the location of their IPs.
And yet here they are showing me their webpage in darkmode 😒
- TheLeadenSea@sh.itjust.worksEnglish2 months
Really interesting and slightly scary, thanks for sharing!
- 2 months
Interesting that this one doesn’t detect my battery (says it’s blocked) but the one OP posted can see it
- 2 months
It seems to be based on how the website is interpreting the browser. I got mine correct but with the battery mentions Firefox and a removed API. I wasn’t using Firefox.
- 2 months
iOS and the browser I use block a lot of stuff from being visible, interesting!
- 2 months
Funny how websites can read the gyroscope. It can also be used as a microphone. https://crypto.stanford.edu/gyrophone/
- 2 months
Madness! This should entire shit show should incur a stalking charge. It’s disgusting this is even allowed.
- 2 months
It sounds like an Android/Google issue. The website told me that it could not read my gyroscope because I’m on iOS and Apple has not allowed websites to read it since 2019.
- brbposting@sh.itjust.worksEnglish2 months
Kinda like they feed Cover Your Tracks to an LLM’s template so you can experience the data in narrative form
(No LLM used when you visit the site, just when they built it, is what I’m guessing here)
- 2 months
This is a much more detailed, less “fear mongering AI” version of the other website. Thanks for sharing!
- 2 months
Can’t trust vibecoded website tbh cause they’re just saying BS there, as longest the javascripts off, it wouldn’t be able to obtain the obvious data of your devices
- 2 months
You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
Looks like the demo is open source: https://github.com/fingerprintjs/blog-nojs-fingerprint-demo
- 2 months
That’s a cool project but most websites are using JavaScript for tracking, and I doubt most website have the afford to even use CSS just to track someone who doesn’t have JS on.
- 2 months
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
- 2 months
If you’re referring to browser user agent, then yes it’s trackable but other than that it is useless with no JS cause it can’t access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don’t use “most browser” like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
- 2 months
You can still fingerprint a user based on CSS features.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/#css
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
- 2 months
Your screen is 360 by 640 pixels, rendered at 4x density — which means it is almost certainly a recent, high-end display
GUESS AGAIN, IDIOTS!
- 2 months
Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique — like a fingerprint made of letters
What the fuck why is my browser telling random websites what fonts I have installed? Shouldn’t that be completely irrelevant to everyone except me and my particular device?
- 2 months
It should be, yes. But browsers like Chrome are literally made by the company that stands to profit from fingerprinting you, so they’re always going to be made to make it easy to do just that. Firefox at least has “resist fingerprinting” option which apparently can limit font visibility to only base system fonts rather than fonts you installed and language-pack fonts. LibreWolf has this on out of the box.
So it can know which fonts it can use and your device would be able to display them?
- 2 months
Why doesn’t it just let the site display whatever it wants and let me worry about the issue of whether they display properly
- 2 months
The site could also be set to display whatever font it wants but also set to list standard fonts that also work which the browser can then choose from on the user’s end if the user doesn’t have the first choice font. That way you the user don’t have to worry about it and there is no way to fingerprint by the browser just handing out an entire list of fonts installed on the user’s system. There are plenty of ways to make things like this work, but the incentive is to keep them as they are or to increase uniqueness so people can be more easily fingerprinted.
I’m glad it acknowledges explains the impacts of anti-fingerprinting measures. I’ve seen some others assume that a random canvas is unique rather than one of the many people randomising it the same way, leading to a false “unique” assessment.
Your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work. The substitution is itself distinctive.
Your browser masked your graphics processor. Firefox and Safari have started returning generic strings — “Mozilla”, “Apple”, “or similar” — instead of the real renderer. The fact that yours did so tells us, with reasonable confidence, which browser you are running. The mask is also a fingerprint.
- 2 months
I like that they covered all the possibilities for the do not track flag, as I saw it as useless from the very start, as by then I realized the honour system didn’t mean shit and it would just be another piece of data.
