Onion Browser with Orbot set to gold - site can’t see shit. So that works!
This ones my fave: https://amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you’re unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
what does “You are unique among the 5119710 fingerprints …” mean?
TIL LibreWolf randomizes some fingerprinting targets.
Yes and it will appear unique every time because every visit is using a different combination.
You’ll be unique be less trackable.
i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i’m ultra unique:
Yes! You are unique among the 5084762 fingerprints in our entire dataset.
Somehow safari on an iPhone is also unique.
Check next week or in a new private tab now, prob be unique then too—think Apple’s fuzzing/reporting some noise/junk data for us.
Canvas:
& WebGL:
gotta be noisy, here’s hoping!
EFF updated their site since last check months ago, seeming to confirm theory
Nice (& I’m unique again on AmIUnique)
Attribute number 1 already says 0%. We’re done here.
They basically asked for your name, birth date, and mother’s maiden name, and your browser just gave it to them and offered even more.
Is there no add on, for Firefox, for example, to stop or confuse fingerprinting?
Any suggestions?
For Android.
About:config doesn’t work on my android Firefox.
I should switch.
that’s pretty comprehensive, and similarity ratios show how easy it is to create a unique fingerprint for somebody if you hash a few of these metrics together for example.
I am unique cause I set language to EN-GB :D I guess their dataset is us centric
I am a unique signiture but it also got my OS wrong and couldn’t get my time zone
Y’all I think I won privacy
dang, even with vanadium on graphene i am very uniquely identified. I suppose it can’t be helped these days.
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.
Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.
depends on the isp, my router has its own adress on the iternet
couple of friends have a different isp that layers it users behind multiple nats so half the city would show the same ip on a website
I’ve never heard of that kind of network, is that a US thing? I can’t imagine having my traffic routed, as the person I replied to said, to the other side of the country before being routed to the proper destination. That is so incredibly inefficient and unnecessary. Not to mention the single point of failure.
Edit: And it makes hosting a public facing server at home a nightmare… I see no benefit to this except not having to get a large IP range to properly assign them to your customers, which sounds like capital efficiency rather than decent user experience. Did I get it right, is this a US thing? :D
Edit 2: And there are a lot of systems IP-banning abusers (it is, in fact, one of the most basic recommendations), meaning that if someone sharing that public IP gets IP banned, the entire customer group sharing the IP is troubled. Even worse if it ends up on a shared blacklist…
What the website see is the current IP of the used ISP server in this moment. In the last check it was Madrid, several hundreds km from my real home. The public IP isn’t the same as my user IP, which only know my ISP and I (and the police by the ISP, if exist a court order). The public IP don’t show your real location, the website only can use your GPS data if you have it activated or if it appears in your account data (Google, Google Maps).
The public IP location is not precisely your location because your IP address does not convey that information at all. Services that locate an IP guesstimate based, mostly, on what range your IP is a part of, and what public data is available about that range.
I’m not sure about Spain (pretty confident it is the same, only a capitalist hellhole would do what you suggest), but in France and the Netherlands at least, your IP (the one a website sees) is always yours and yours only, not the IP of some ISP server.
If you can open your ports in your router and access them from the internet, then your public IP is yours. Most people can (even with a dynamic IP). If it was an ISP server, you wouldn’t be able to.
The thing a european ISP usually do is assign a dynamic IP, so that while your IP is assigned to your home router and yours only at a moment in time, it will likely change the next day, and will always change on a reboot of your router. But it still is your router’s IP at that moment in time, not a random ISP server. IPs are not physically assigned to a device
My home IP is mine, fixed, and I can verify that it is indeed my router. Yet the location of it according to locators is the other side of the country. The location locators give you for your IP being different to your actual location is not a proof that your public IP is not your actual home IP at all. And that is because an IP is not tied to a location and only your ISP can tell the location of their IPs.
Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!
I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??
The opsec implications are severe.
Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose
Well maybe fingerprint duplication, some secure proxy provides a profile to follow/ plugin to install and all their customers look identical. Still gets your traffic pegged as a customer of that service.
Really interesting and slightly scary, thanks for sharing!
And yet here they are showing me their webpage in darkmode 😒
I prefer https://www.deviceinfo.me/
Interesting that this one doesn’t detect my battery (says it’s blocked) but the one OP posted can see it
It seems to be based on how the website is interpreting the browser. I got mine correct but with the battery mentions Firefox and a removed API. I wasn’t using Firefox.
iOS and the browser I use block a lot of stuff from being visible, interesting!
Funny how websites can read the gyroscope. It can also be used as a microphone. https://crypto.stanford.edu/gyrophone/
Madness! This entire shit show should incur a stalking charge. It’s disgusting this is even allowed.
Well they tried
So a prettier and minimal version of https://coveryourtracks.eff.org/ ?
Kinda like they feed Cover Your Tracks to an LLM’s template so you can experience the data in narrative form
(No LLM used when you visit the site, just when they built it, is what I’m guessing here)
This is a much more detailed, less “fear mongering AI” version of the other website. Thanks for sharing!
Great news. My VPN is working!
I’m not even on VPN and I was located half a country away in Europe
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
Enable the kill switch in the VPN settings of Android
I definitely have misleading information on there, which is great, but I probably need more.
I found it interesting that it knows my battery level and current orientation of the phone.
I can understand the latter since it might want to render differently, but why does it need to know the battery level?
So that Uber will charge you a higher rate when the battery is low
I don’t even know it it’s /s anymore
certainly how making your battery level available to apps is getting used I’m sure
Potentially to activate battery-saving features? Like AMOLED-black mode if your battery is <15 % or something (and your screen is AMOLED)
Shouldn’t that be the provenance of the device itself though. My phone already allows me to set a threshold when it should go to night mode for example. The system can tell the browser to switch rendering to night mode. There’s no real reason for the browser then to report to the site.
It got my phone’s orientation wrong
Same tbh
Time to start installing and uninstalling random fonts everyday.
And then you become even more identifiable cause you’re part of the 10 madmen in Google’s database who do it
I have ~2,000 fonts installed. I thought it would say something about it.
Opend it in Tor Browser inside a Whonix dispVM inside Qubes OS it got nothing on me
