Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
This ones my fave: https://amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you're unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
TIL LibreWolf randomizes some fingerprinting targets.
Yes and it will appear unique every time because every visit is using a different combination.
You'll be unique be less trackable.
i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i'm ultra unique:
Yes! You are unique among the 5084762 fingerprints in our entire dataset.
Attribute number 1 already says 0%. We're done here.
They basically asked for your name, birth date, and mother's maiden name, and your browser just gave it to them and offered even more.
Is there no add on, for Firefox, for example, to stop or confuse fingerprinting?
Any suggestions?
For Android.
all trackers hate this one trick
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
Nothing makes you more unique than being one of the few people who disable java script
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn't necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
One clue to me is the "how many times you moved" statement. One actual human "move" is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
"We know your IP address". No kidding, that's how IPv4 works, even if the browser wasn't ~~leaking~~ offering it.
The point is not that they know your IP, but that even your IP already gives away information. That's why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
Really interesting and slightly scary, thanks for sharing!
Funny how websites can read the gyroscope. It can also be used as a microphone. https://crypto.stanford.edu/gyrophone/
Madness! This entire shit show should incur a stalking charge. It’s disgusting this is even allowed.
I prefer https://www.deviceinfo.me/
Interesting that this one doesn't detect my battery (says it's blocked) but the one OP posted can see it
Well too bad!
🗿
the data is still there tho
Can't trust vibecoded website tbh cause they're just saying BS there, as longest the javascripts off, it wouldn't be able to obtain the obvious data of your devices
You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
Looks like the demo is open source: https://github.com/fingerprintjs/blog-nojs-fingerprint-demo
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
So a prettier and minimal version of https://coveryourtracks.eff.org/ ?
I'm glad it acknowledges explains the impacts of anti-fingerprinting measures. I've seen some others assume that a random canvas is unique rather than one of the many people randomising it the same way, leading to a false "unique" assessment.
Your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work. The substitution is itself distinctive.
Your browser masked your graphics processor. Firefox and Safari have started returning generic strings — "Mozilla", "Apple", "or similar" — instead of the real renderer. The fact that yours did so tells us, with reasonable confidence, which browser you are running. The mask is also a fingerprint.
I definitely have misleading information on there, which is great, but I probably need more.
I found it interesting that it knows my battery level and current orientation of the phone.
I can understand the latter since it might want to render differently, but why does it need to know the battery level?
This volume requires JavaScript. That is part of the point — your browser is what is being read.
Looks like I'm safe
Well then I am glad that it got most of it wrong. I don't even put thaat much emphasis on fingerprinting countermeasures. Apparently, using Firefox in a private tab is enough.
Time to start installing and uninstalling random fonts everyday.
And then you become even more identifiable cause you're part of the 10 madmen in Google's database who do it
In reality hes the only madmen but switches IPs in between
Opend it in Tor Browser inside a Whonix dispVM inside Qubes OS it got nothing on me
Scary
Welp, my user agent switcher is successfully purporting to be a different operating system.
