While fingerprinting your browser with javascript has been available for a long time, there are also other methods to identify your browser even with javascript disabled. This is explained on this site which introduced an interesting demo site about 2 years ago. A new paper from IBM research is concerned with that problem as well. How relevant is this fingerprinting approach and how can we mitigate this threat? 1. Similarly like JS-based fingerprinting, CSS-based fingerprinting is mostly done by 3rd-party trackers. Which means that most of them are blocked by, e.g., the EasyPrivacy list in your adblocker. Hence, the scale of this threat is limited, IMHO (which also applies to JS-based fingerprinting). 2. According to the IBM paper, CSS-based tracking (by trackers not covered by EasyPrivacy) can be defended against by blocking 3rd-party iFrames. This can be done by using Dynamic Filtering in uBlock Origin with its medium mode. Blocking 1st-party frames for "trusted sites" is possible in Noscript as well but that would break embedded media. 3. Another defense mentioned in the IBM paper is faking, e.g., your screen resolution or zoom factor. This might be implemented, e.g., in the Brave browser or in the JShelter add-on.
I do not understand the reason for recommending an extension that has not been developed since the year 2021.....
I was not referring to JShelter. I am familiar with this extension,I also opened a thread in this forum. I was referring to this extension: https://chrome.google.com/webstore/detail/auto-iframes-remover/fhenkighldilmobhdgopkhejbaainnfm mentioned in the IBM report.
