Preventing browser fingerprinting

Discussion in 'privacy problems' started by Floyd 57, Oct 10, 2021.

  1. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
  2. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    392
    Location:
    Milan, Italia
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
    Could you elaborate? Mum taught me to always question stuff and never take something for an answer. Actually she didn't xd
     
  4. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    392
    Location:
    Milan, Italia
    Your extensions can be id'd by webmasters and you will be part of a very small pool of users with similar browser and extensions, etc.

    Edit: when these features are built into the browser you are just part of the large herd of users.
     
  5. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,153
    Location:
    Brooklyn, NY
    It's possible to machine ID you too. I always fail that potion because my cpu is not a common one. I guess there are ext. out there that can spoof your hardware but as Bertazzone said, that of itself can make you unique also.

    It's like chewing gum stuck to the sole of your shoe trying to accomplish stuff like this, it seems.
     
  6. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
    That's what i was trying to say, when they call the function to get your extensions you just hijack it and show nothing or whatever stock Tor has.

    Edit: In https://amiunique.org/ there is no extension fingerprint
     
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
    There is, for example, a detection of plugins

    upload_2021-10-10_23-24-8.png

    So if you inspect amiunique.org site you can see they are using PluginDetect 0.8.9 (actually outdated as the newest one is 0.9.1)

    upload_2021-10-10_23-24-52.png


    Then you go to the site of the thing they're using and u can see the source code (although you can also see it when you inspect but on the site you gain more info how it works)

    http://www.pinlady.net/PluginDetect/download/

    So then all you have to do is figure out how it works (mostly by pressing Ctrl+F after you format that giant chunk of code) and write corresponding code in your own extension to mess with it. EASY, if you got the time (edit: and skill). And that's just for the plugins, there are a lot of fingerprinting stuff. But I am confident with enough time it's possible to do, maybe even I could do it who knows. But I'm wondering if people will be interested in this. And of course I will use Stock Tor as i think that's the only values are that can provide a non-unique fingerprint

    Of course the easiest way would be to block any file containing "PluginDetect" or smth like that, but that's more like a lame solution than actually solving the problem
     
    Last edited: Oct 10, 2021
  8. monkeylove

    monkeylove Registered Member

    Joined:
    Dec 10, 2013
    Posts:
    117
    The best I could do was use multi account containers in Firefox, and then put various sites in their own containers.
     
  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
    Did you manage to achieve non-uniqueness without blocking javascript?
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
    I prefer:

    https://coveryourtracks.eff.org/

    if your browser configuration blocks ads + invisible trackers, this is already sufficient in a normal browsing session.
    The targeted advertising first purpose of the browser fingerprinting is certainly stopped almost completely by your adblocker.
    Instead, we need to be more cautious with the use of our mobile devices:


    1.jpg
    2.jpg

    Opera no VPN + No incognito mode.
    For my needs it is more than enough.
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,319
    Location:
    Canada
    +1 :thumb:
     
  12. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    878
    Location:
    usa
    Here is what I'm getting at your recommended link.

    Error.JPG
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,481
    Location:
    UK
    @zmechys
    Maybe because the link is HTTP and not HTTPS.
     
  14. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    878
    Location:
    usa
    Maybe.
     
  15. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    878
    Location:
    usa
    I'm using Win10 and Firefox but amiunique shows the following data on me.

    (I have UltraBlock installed. And it changes constantly.)

    Unique.JPG
     
  16. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
    I think you'd be surprised just how many sites use something like Fingerprinting JS https://fingerprintjs.com/ https://github.com/fingerprintjs/fingerprintjs/
    and External Protocol Flooding Vulnerability Demo (schemeflood.com) is accurate as hell, on my chromium browser it crashes (i'd have to see why), but on edge it reports everything correctly. Scary how we/they can literally track programs installed on your pc just like that, as if FingerprintingJS wasn't enough by itself. But the fact it has 400k downloads a month i think speaks volumes for how used it is.

    In fact, according to this article from august LAST YEAR, a quarter of the top 10K sites are using fingerprinting scripts. It has only gotten worse and will get even worse. https://www.zdnet.com/article/a-qua...tes-are-using-browser-fingerprinting-scripts/

    https://www.trackoff.com/ this seems to "reset" fingerprint, though you cannot get it right now to test it.

    Also, ublock origin does not block these fingerprinting scripts. WHen you go to amiunique.org what do you see?
    You see this:

    upload_2021-10-11_20-37-53.png

    See out of all these scripts only one was blocked:

    upload_2021-10-11_20-40-11.png

    So ublock origin doesn't block ****.

    Now, if you read the zdnet article, you will see

    Also there is a decent chance FP-Inspector missed at least some if not many sites because after all it is automated.

    But as you can read, they report the sites to the lists so the lists will block em. Except all you have to do is change up the name of the script and boom it's unblocked again. Hell u could even make it with random characters.
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
    Ultrablock only randomizes your UserAgent string in the http headers. Literally just that. If you go to amiunique you will see they still detect your real useragent from the javascript UserAgent string and other stuff. So not only are you still unique, but literally the only thing that changed out of dozens and dozens of methods of fingerprinting is the http header user agent.

    If you read FingerprintingJS info here https://github.com/fingerprintjs/fingerprintjs/, you will see that they can still detect you by deduplicating you, since they will have many fingerprints of yours that are almost 100% identical minus this http header user agent string

     
  18. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    878
    Location:
    usa
    I went to your recommended web-site by using VPN and Firefox on Windows10.

    I got my fingerprints = 95% accurate(?), and closed the browser, and cleaned it.
    After cleaning my browsing history, cookies, etc..., I went back to the same 95% accurate web-site and got slightly different numbers.

    See attached.
    On the left side, the UNIQUE ID from my first visit, on the right side, my UNIQUE ID from the second visit.

    P.S. They recommend me to revisit again and promise me the same ID.

    Are you sure?

    ID - final.JPG


    Edit.

    I've just checked one more time with my Win10 and Firefox 93.

    ID-3.JPG
     
    Last edited: Oct 11, 2021
  19. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
    Well I'm not gonna clean my main browser, and i actually don't have any other ones I only have edge for a quick test if smth doesn't work on Chromium (even tho Edge is also Chromium lul), but i don't have extensions and such. And sure i could put some but it's a lot more work than it would be for u, also because i am not sure if it's because of that or not, or a combination of factors. So you say u closed browser and cleaned everything. Well I cannot test that (more like don't want to), but if you close your browser and clean it on every single site you visit, well isn't that to put it mildly, extremely inconvenient? Because i dont get a different ID with or without a vpn by using ultrablock. So could you test if you can get a different ID without closing and cleaning your browser, and if yes what extensions you are using. And also what flags do you got on firefox (damn it seems like I will have to install it good thing I got Shadow Defender)
     
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
    I don't see what you see:

    7% vs 4%

    3.jpg

    2 vs 1

    Immagine.jpg
     
  21. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,197
    Location:
    Europe
  22. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    878
    Location:
    usa

    I always clean my browser!
    In addition, I always use Sandboxie, and Privazer always erases my closed Sandboxie folder.
    Wise Care finds some extra stuff and removes it, and, finally, CCleaner with CCEnhancer finishes the cleaning process.

    Not to clean my browser - it's NOT ME!

    And, yes, most probably, there are millions of millions of the Internet users who don't clean their browsing history, cookies, etc., but it's not me.

    I always clean ALL MY COOKIES!
    It's not that difficult for me to log in.
    But there are no cookies left when I close my browser.

    Edit.

    I've NoScript installed on Firefox but I don't use on a regular basis. I have tested my Firefox without NoScript.
     
    Last edited: Oct 12, 2021
  23. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    878
    Location:
    usa
    Here is my UNIQUE ID from this morning.

    ID-4.JPG

    Edit.

    I was issued a new "UNIQUE" number just now.

    ID-5.JPG
     
    Last edited: Oct 13, 2021
  24. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    878
    Location:
    usa
    I promise it's my last posting about that UNIQUE ID.
    I think I was able to prove how ... that UNIQUE ID is.
    Clean your browser history and cookies.

    id-6.JPG
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.