Domain: browserleaks.com
Stories and comments across the archive that link to browserleaks.com.
Comments · 9
-
Re:Great
Except there are literally hundreds of additional data points which allow websites to uniquely identify you.
The point isn't just to identify you as unique but for you to both be unique the first time AND recognizable the next time you come back. This seems like a much easier problem to solve. Just change as many of the settings as you can each time you visit a website. If you had a browser capable of randomly tweaking settings at each page load it should be able to add enough noise that browser fingerprinting would become worthless. As an added bonus, not only would it protect your browser, the noise would add a touch of herd immunity and help other people with stock browsers as well. The goal shouldn't be to lock down a browser so that nothing is leaked but rather to leak so much random crap that it becomes worthless.
-
Great
Except there are literally hundreds of additional data points which allow websites to uniquely identify you. The best you could do without too much hassle is to run the English version of Google Chrome under the latest release of Windows 10 without any extensions or additional fonts installed. But even that is not enough since you still expose your time zone, WebGL extensions and then there are evercookies, mouse tracking, canvas fingerprinting, etc. etc. etc.
It surely looks like the WWW was built with tracking in mind. Not intentionally of course.
-
Re:Facebook
Because every website that has a Facebook Like button on it is sending information about you back to Facebook. Because every website that loads Facebook Javascript is sending information about you back to Facebook.
There are dozens of other companies on the Internet which collect your information without your consent. Facebook is not the worst offender and if everyone's so concerned, we must enact the laws which make information gathering illegal in general vs. persecuting Facebook alone.
Also, just also, the way the web was designed in the first place makes it very difficult to evade such kind of tracking, so this issue must be solved at the web browser level as well. I've solved it by using session only cookies, having NoScript installed and disabling web browser disk cache. But that's not nearly enough unfortunately since your web browser leaves dozen of fingerprints which are very difficult to hide unless you switch to the Tor browser.
Let's be honest: tracking on the Internet is a serious issue and it's not just Facebook which abuses it to its advantage.
-
What for?
Why would people use VPN with a web browser which is leaking tons of information and makes your fingerprint totally unique even if you're browsing in incognito mode? Changing your IP address in this case is simply futile and inconsequential.
Maybe for Netflix/Hulu? But they've long implemented technical measures which makes using them via VPN impossible. I can only think of pr0n/shady websites you don't want your ISP to know about but that's less than 0.1% of people in the world. And those will most likely use Tor browser with VPN.
-
Re:Do this
It's probably reporting all this to JavaScript. If you think about an application running on your device, does it make sense it should be able to query for what fonts are installed locally?
Heck, look at this. Measuring the size of each glyph?
-
Re:For other platforms...
If you aren't already, you should be using SafeScript which allows you to block lots of fingerprinting stuff. If you think you don't need it then you should check out BrowserLeaks to see how horribly wrong you are.
:)And how! Early on in using NoScript I did an inventory of what was blocked. Facebook was the champ of tracking scripts, and a lot of those addresses the scripts reported to were obscured - ie not obviously facebook. And there were several FB trackers on most the sites that had them. Google had a number of scripts - at least they had the decency to make that clear. several ad providers, the font trackers, and a few I never figured out. My biggest haul for one page was over a hundred scripts.
And this was some years ago, long before I had to have a Facebook account for some projects I was working.
Which is why I have told people for years that Facebook is tracking everyone, not having an account does not stop them from tracking anyone.
-
For other platforms...
If you aren't already, you should be using SafeScript which allows you to block lots of fingerprinting stuff. If you think you don't need it then you should check out BrowserLeaks to see how horribly wrong you are.
:) -
Re:Javascript exploit
Then how does this WebRTC know your intranet IP even when you are behind a firewall?
-
Another PoC of this
huh!
Last 3 months I developed my tiny web-coding sandboxie, and it was my first work:
http://www.browserleaks.com/chrome
Same idea, but it more visual demo, cos it uses apps icons detection.
By some reason I didn't try to use manifest, and write huge parser to collect 10k db... :)