Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Site Checks Your Browser's Fingerprint

Posted by EditorDavid on from the unique-identifiers dept.

"Does your web browser have a unique fingerprint? If so your web browser could be tracked across websites without techniques such as tracking cookies..." warns a new site created by the University of Adelaide and ACEMS, adding "the anonymization aspects of services such as Tor or VPNs could be negated if sites you visit track you using your browser fingerprint." AnonymousCube contacted Slashdot about their free browser fingerprinting test suite: On the site you can see what data can be used to track you and how unique your fingerprint is. The site includes new tests, such as detecting software such as Privacy Badger, via how social media buttons are disabled, and CSS only (no JavaScript or flash) tests to get screen size and installed fonts.
If you're serious about privacy, you might want to test the uniqueness of your browser's fingerprint.

104 comments

  1. "if you're serious about security" by Anonymous Coward · · Score: 5, Informative

    you've known that browser fingerprinting is real and beimg used for years.

    1. Re:"if you're serious about security" by Mikkeles · · Score: 1

      Yes; the only real value to such a new site is if they informed us as to what can be done to defeat it.

      To my mind, it would be better for a server to tell us what it supports rather than for us (the client) to tell what we support.

      --
      Great minds think alike; fools seldom differ.
    2. Re:"if you're serious about security" by Joce640k · · Score: 2

      Noscript works.

      Enabling noscript switches my browser from 'unique' to 'one in 24'.

      --
      No sig today...
    3. Re:"if you're serious about security" by Hylandr · · Score: 1

      Browse the web through a VirtualBox instance running from an image downloaded daily from Github that is shared by thousands or millions.

      Done.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    4. Re:"if you're serious about security" by GNious · · Score: 1

      Make a plugin, that randomizes some of the tracked values?
      Sometimes it reports an extra font, sometime removes a font from the list, sometimes add a random plugin's name, perhaps occasionally change the reported OS ...

    5. Re:"if you're serious about security" by Z00L00K · · Score: 1

      And the site seems to be slashdotted now.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    6. Re:"if you're serious about security" by Anonymous Coward · · Score: 0

      Random Agent Sppofer FireFox plugin FTW.

      Been using it for years with few problems.

      You do, however, have to disable it to get your bank to not lock you out of their web portal. (I learned this the hard way.)

    7. Re:"if you're serious about security" by Anonymous Coward · · Score: 0

      That is a very naive thing to assume.

      With Noscript off, it's even easier to identify your browser because yours will be the only one tripping the "noscript" tag identifying the browser as "that one guy who thinks the site is broken"

    8. Re:"if you're serious about security" by vux984 · · Score: 1

      Yes. But then you need to agree on such a virtual image, the browser, the addons, the settings of the browser. Do they use adblock plus or ublock origin?

      Then you need to run it through a proxy or tor.

      And then you have to not log in anywhere.

      And then you have the problem that the fingerprinting folks can if they wish, detect this one particular configuration, and display the page as a 'An error has occurred. Your browser configuration is not compatible with this site." And in the process nuke the utility of the image.

    9. Re:"if you're serious about security" by mrchaotica · · Score: 1

      Yes. But then you need to agree on such a virtual image, the browser, the addons, the settings of the browser. Do they use adblock plus or ublock origin?

      What we need is a service that allows participating sites to publish the trailing most common configuration in real time, coupled with a browser extension that forges the reporting of your settings (regardless of what they actually are) to match.

      Obviously, the fact that the "participating sites" will not include the most popular sites (which are heavily invested in tracking and thus not sympathetic to the cause -- or trustworthy anyway) means that we'd end up mimicking the most common configuration among privacy nuts instead of among the public as a whole, but even that is better than nothing!

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    10. Re:"if you're serious about security" by Anonymous Coward · · Score: 0

      Most of the browser fingerprinting uses JavaScript. With it off, most the the browser information is from the UserAgent. With JavaScript on, a website can get another 20* bits of information about your browser, what are the odds that someone has all 20 bits of information the same as you? And compare that to the odds someone else not using Javascript with the same user agent as you. It is far more likely that someone with the same User Agent string will be using NoScript to disable Javascript than have all the other variable bits match you with Javascript enabled.

      But don't take my word for it, look at the data and do the sums yourself.

      *Probably not actual figure

    11. Re:"if you're serious about security" by Mike+Van+Pelt · · Score: 1

      I use NoScript on Linux, and got "Your browser fingerprint appears to be unique among the 13,318 tested so far." It'll be interesting to see how unique that stays after a larger number of samples are collected, but that's fairly impressive.

    12. Re:"if you're serious about security" by Anonymous Coward · · Score: 0

      The site is worthless. It detected my user agent (or at least the user agent I have my browser set to return) and it detected the resolution of one of my monitors (1920x1080, ooh that's a highly uncommon and suspect resolution!). Everything else just says "No JavaScript".

  2. well by Anonymous Coward · · Score: 1

    i don't ise a browser, i use telnet and type all of my headers by hand.

    1. Re:well by houstonbofh · · Score: 1

      So that is a very unique fingerprint. :) Truly secure behavior would be very unusual, and narrow it down to a very small group. For true anonymity you need something that is confusingly similar to a lot of others. Like the TAILS boot cd.

    2. Re:well by arth1 · · Score: 2

      Fortunately or unfortunately, this site doesn't even work with non-graphical browsers with images enabled by default. They use a CAPTCHA that has no fallback method, so they just won't capture those who use browser that won't download the CAPTCHA by default.

      [...]

            a a a a a a a a a a a a a a a a a a

            Please type the letters from the image into the box below.

            CAPTCHA was incorrect. Please try again.

    3. Re:well by AHuxley · · Score: 1

      Just looking for some software gets a user on a list :)
      "Whether you're a regular user of Web privacy tools like Tor and Tails, or you've just checked out their websites, the NSA could be tracking your online movements, a new investigation reveals."
      http://www.cnet.com/news/nsa-l... (4 July 2014)

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:well by Mashiki · · Score: 1

      Telnet? Filthy hipster. Real people use a combination of finger and gopher.

      --
      Om, nomnomnom...
    5. Re:well by Z00L00K · · Score: 1

      Seems like the site needs some work since all I get is "CAPTCHA was incorrect. Please try again" even when filling in the captcha.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  3. FTFY by QuietLagoon · · Score: 5, Funny

    ...If you're serious about privacy, you might want to test the uniqueness of your browser's fingerprint. ...

    If you're not serious about privacy, you might want to register your browser's fingerprint with that site. :)

    1. Re:FTFY by jeepies · · Score: 1

      Doesn't really matter whether your register it or not. Any website you visit is capable of recording it.

    2. Re:FTFY by KiloByte · · Score: 1

      And they do record it. Try for example browsing with Canvas Blocker with notifications on. Pretty much every major site will trigger it.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    3. Re:FTFY by Anonymous Coward · · Score: 0

      and yet pretty much all sites work just fine with the canvas blocked

    4. Re:FTFY by Anonymous Coward · · Score: 0

      That's because the average site doesn't use Canvas, or uses it for something trivial (eg rotating an image), most uses of Canvas are non-flash ads.

      That said, there are specific sites (eg games, comics, comixology) that implicitly use canvas, and blocking it will get you no site at all.

    5. Re:FTFY by Anonymous Coward · · Score: 0

      Yeah. I know most reader of Slashdot are old school, retired IT professionals, but the new generation loves games like diep.io, slither.io, agar.io etc. All use canvas. :) And I've made it to the highscore board of all of them.

    6. Re:FTFY by KiloByte · · Score: 1

      Dp they use Canvas for drawing or for reading what they've drawn? It's hard to come up with a valid reason for reading, while it's use for fingerprinting is ubiquitous (due to being included in some bloat.js library).

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  4. Utility and deviance of the User Agent by hcs_$reboot · · Score: 1

    The User Agent sent by my browser (Chrome) gives the web server enough information to adjust the page to my device, would it be a desktop, a mobile phone, or the kind of browser... But my UA gives, among others: 1) exact version of the (Mac) OS a.b.c, 2) exact version of chrome a.b.c.d which is IMO too much info. The OS and Chrome should be limited to 2 numbers a.b. We all remember the infamous IE6 ... with only ONE number the web server had enough information to understand it has to deal with a crappy browser.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
    1. Re:Utility and deviance of the User Agent by houstonbofh · · Score: 1

      It is not just a refer. How about if it queries what fonts you support? Any of them not standard? How about media support? What java and flash are you on? What is your screen resolution? Browser window size if not full screen? There is a lot to catch...

    2. Re:Utility and deviance of the User Agent by NotAPK · · Score: 4, Informative

      "It is not just a refer. How about if it queries what fonts you support? Any of them not standard? How about media support? What java and flash are you on? What is your screen resolution? Browser window size if not full screen? There is a lot to catch..."

      HTTP is request based. The client asks for what it needs: the server does not push out what it thinks the client needs.

      Font support: the server has no need to know about my fonts. The CSS should suggest the preferred fonts, but if I don't have their preferred font installed then my browser will substitute. The server never needs to know this.

      Media: my browser will ask for the media it wants to display. If it can't display media it won't ask for it. If it asks for something complex, like a movie file (for example) and the file downloads and then it is unable to handle the file, then surely this should have been managed my correctly identifying the MIME type of the file. The browser can then terminate the download, knowing that it won't be able to play it. Yes, I appreciate codecs make this trickier than it has to be: HTML5 should have fixed this. Comments?

      Screen Resolution: none of the server's business.

      Window Size: again, none of the server's business. If your website is so crappy that it must autosize in some stupid [yes, there are **few** caveats] way then this should be done using local JavaScript.

      So, provided I haven't pissed everyone off: assuming all clients implement the HTTP standards correctly and uniformly, please remind me why the server needs to know anything about the client?

    3. Re:Utility and deviance of the User Agent by telchine · · Score: 0

      my UA gives, among others: 1) exact version of the (Mac) OS a.b.c, 2) exact version of chrome a.b.c.d which is IMO too much info. The OS and Chrome should be limited to 2 numbers a.b.

      I would have thought that the more numbers in the version number then the more frequently it'll change which makes fingerprinting (slightly) harder over time?

    4. Re:Utility and deviance of the User Agent by houstonbofh · · Score: 2

      Window Size: again, none of the server's business. If your website is so crappy that it must autosize in some stupid [yes, there are **few** caveats] way then this should be done using local JavaScript.

      This is now used in html5 websites extensively to decide if you will have a menu bar or a hidden menu. It is the desktop vs mobile for websites thing that Google actually looks for and grades you on. The rest is also very common in the "rich web experience" that is common now and most browsers support this. Go to the panopticon page and see. It will show your screen resolution.

    5. Re:Utility and deviance of the User Agent by houstonbofh · · Score: 1

      Oops. https://panopticlick.eff.org/

    6. Re:Utility and deviance of the User Agent by Actually,+I+do+RTFA · · Score: 1

      Well, for the media, I can imagine cases where I have the same asset in a variety of formats (because I really want you to see ti if you're on my page) and I want to make sure you get it in a format you can use.

      --
      Your ad here. Ask me how!
    7. Re:Utility and deviance of the User Agent by Bite+The+Pillow · · Score: 1

      Several popular toolkits generate fancy charts and graphs as images, server side, and provide them as images. And for testing, it is useful to know the most common browser sizes. Because CSS and HTML in general let things flow and get cocked up.

      Finally, the client and servers both need to reflect standards completely and accurately, which is a huge assumption. Much better to control your fingerprint, because your vision of reality is just not going to happen. Or preach to the choir if you really need to vent.

    8. Re:Utility and deviance of the User Agent by Anonymous Coward · · Score: 0

      HTTP is request based. The client asks for what it needs: the server does not push out what it thinks the client needs.

      I'd love to still live in that world. Unfortunately, JavaScript was commandeered by the UI/UX and advertising people who think they know best. So now if you have JavaScript enabled, the server gets to know all of this about you and more. I would LOVE a browser that would, out of the box, allow me to enable or disable every JavaScript capability on a per-function basis, disallow my fonts to be enumerated, disallow canvas, etc. without having to install 10 different extensions to accomplish this. Unfortunately the trend is going the other way, and browsers are intentionally making it harder to avoid these fingerprinting techniques. For example Firefox used to have a plugins.enumerable_names preference so you could control whether or not a website could figure out which addons and extensions are installed (a big source of fingerprinting data). But they removed the preference last year and now every website gets to sniff your plugins again.

    9. Re:Utility and deviance of the User Agent by UnderCoverPenguin · · Score: 1

      For example Firefox used to have a plugins.enumerable_names preference so you could control whether or not a website could figure out which addons and extensions are installed (a big source of fingerprinting data). But they removed the preference last year and now every website gets to sniff your plugins again.

      That's called "Kissing the hand that feeds you." Mozilla received a lot of money from Yahoo. And Google before that.

      --
      Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
  5. On (Cron) FrontPage.Post.FireHose.getLatestTrend() by dknj · · Score: 0

    I, for one, support our new automated news curated Slashdot overlords

    -dk

  6. Re:On (Cron) FrontPage.Post.FireHose.getLatestTren by Anonymous Coward · · Score: 1

    You don't need to sign everything you write. That little coloured bar above your post has your name on it. Idiot.

  7. Is there a reason to stop using panopticlick? by Anonymous Coward · · Score: 1

    panopticlick.eff.org for anyone who hasn't heard of it yet, though I really can't imagine there's a whole lot of people on Slashdot who haven't heard of it...

    1. Re:Is there a reason to stop using panopticlick? by houstonbofh · · Score: 1

      They added some new audio testing that may defeat things like TAILS for uniqueness.

  8. Old site also checks your browser's fingerprint by wonkey_monkey · · Score: 5, Informative

    https://panopticlick.eff.org/

    --
    systemd is Roko's Basilisk.
    1. Re:Old site also checks your browser's fingerprint by houstonbofh · · Score: 2

      That link is on the webpage of the test mentioned as well.

    2. Re:Old site also checks your browser's fingerprint by Anonymous Coward · · Score: 1

      this submission reeks of being paid for, though. editors of /. SHOULD know that there is absolutely nothing "new" about a web site that can evaluate your browser for this... and i look at .INFO domains as being worthless, scammy and malware infested by default.. because odds are, they are... so no visit from me, tyvm, take your browser and ip sniffing and data compiling site and gtfo.

    3. Re:Old site also checks your browser's fingerprint by Anonymous Coward · · Score: 1

      It totally doesn't, though. At least, not if you have JS and redirects disabled. One notable thing about the new test is that it still works with damnear everything except css/images disabled.

    4. Re:Old site also checks your browser's fingerprint by BitterKraut · · Score: 1

      In fact, browserprint.info looks exactly like the panopticlick.eff.org site I used to know, while the latter now shows much less info than it used to. Am I getting senile, or what's going on here?

    5. Re:Old site also checks your browser's fingerprint by Anonymous Coward · · Score: 0

      This new one defeats the Tor browser, even if you're making your life worse by sticking to the default window size as recommended.

    6. Re:Old site also checks your browser's fingerprint by Anonymous Coward · · Score: 0

      It totally doesn't, though. The "new test" didn't reveal anything more than the things that panopticlick did, with firefox and some browser extensions installed to block a lot of that crap.

      You sound like a possibly bitter developer, possibly plugging a fork of a popular project with what you _believe_ are enhancements upon the original...but I'm sure that's just a coincidence.

    7. Re:Old site also checks your browser's fingerprint by Anonymous Coward · · Score: 1

      The old information is there, but it's now buried in an "advanced" link below the test results.

    8. Re:Old site also checks your browser's fingerprint by Pinkbunnyman · · Score: 1

      If it fails to run on my browser do I fully pass?

  9. I'll wait for a plugin by Anonymous Coward · · Score: 0

    That randomizes these aspects and injects false data so that every query results in a seemingly random fingerprint.

  10. Fingerprint Randomizer by crow · · Score: 4, Insightful

    People have talked about browser fingerprints for years, but I haven't heard any solid reports of sites making use of them. For example, news sites that limit you to a few free articles before paywalling you are easily viewed in a private window or with self-destructing cookies.

    If this becomes a real issue, then a browser extension that sanitizes and randomizes the fingerprint would defeat the process. Some aspects might be harder to sanitize or randomize than others, but with a bit of effort, fingerprints could be rendered useless.

    Maybe this should be the next extension offered by the EFF.

    1. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 1

      Really want to drive them nuts?

      An extension that sets your fingerprint data to be the exact same as everyone else. That would be amusing.

      Browser do leak way too much information, though. For example, why does my browser expose monitor contrast level? Why is my user agent a long string of crap and not just "Chrome/51"? Why does it expose the fonts that I have installed?

      And really, given that web standards have become so standard, why does the server need to know my user agent at all? Wasn't XHTML+CSS+Responsive Design supposed to solve the problem of rendering the same content on different platforms and screen sizes?

    2. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 3, Interesting

      > I haven't heard any solid reports of sites making use of them.

      I installed CanvasBlocker which has a setting to alert me every time the fingerprint is queried.

      So far I've noticed it on every page of github.com, the front page of pof.com, every page on medium.com, accounts.firefox.com - there are probably lots more, but I disable javascript by default so most sites don't even get a chance to fingerprint me.

      Canvasblocker randomizes on every page load. I think that makes you stand out more. I use task-specific profiles in firefox (e.g. banking profile, facebook profile, gmail profile, etc) and in most of those profiles I use Canvas Defender which lets you manually generate a new fingerprint and then keep it indefinitely but it doesn't warn you when a site is trying to take your fingerprint.

    3. Re:Fingerprint Randomizer by houstonbofh · · Score: 2

      But most of this fingerprinting is actually supported settings and are needed to display things correctly. Yes, you could set for least common denominator, but that means no video compression, and mp3 only audio.

    4. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 4, Interesting

      > An extension that sets your fingerprint data to be the exact same as everyone else. That would be amusing.

      It would be ineffective unless a TON of people were using it. Until then it would just make you stand out more because they could easily recognize you as having that extension installed and then combined with all your other info (ip address, user agent, timezone, screen size, list of installed fonts, etc) you'd still be trackable.

      > For example, why does my browser expose monitor contrast level?

      It doesn't. YOU exposed it. When you filled out that captcha. The image in the captcha has a character that is invisible on low contrast monitors. So they discriminate your monitor contrast based on whether or not you typed in that character.

    5. Re:Fingerprint Randomizer by Zocalo · · Score: 3, Interesting

      Or you could be a little selective and just reduce the number of things that help make your fingerprint unique. That's the biggest failing in these fingerprinting sites so far; they don't really help you figure out how to do that, and what the effects on your fingerprint's uniqueness might be if you did to help you decide whether it's worth the effort or not. What I'd like to see is each parameter have a way of telling me right there what the common value options for that parameter are, they effect on your fingerprint of setting it to that value, and some suggestions as to how to go about doing that, especially where it's something as simple as downloading the US-English version of a browser intead of the UK-English one.

      --
      UNIX? They're not even circumcised! Savages!
    6. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 1

      You mean like BlendIn? Yeah, I've been using that for years and given the multitude of factors that go into fingerprinting browser requests, it doesn't do shit. All it does is falsely drive up the amount of Windows 7 hits in log files, because I appear to be a win7 user and not a lunix (gentoo) user. The issue isn't the user agent string, it's everything else.

      Even using something that's supposed to be homogeneous like the tor browser is actually very fingerprintable in many cases.

      You are right about web standards, though. Man, they really have become so standard lately.

    7. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 0

      Because your privacy is no part of Google's business model. Quite the reverse. Next question.

    8. Re:Fingerprint Randomizer by AHuxley · · Score: 1

      How unique would a very average resolution, new OS and new browser be in a VM become?
      The problem then becomes how unique the user wants to be with other settings. No flash? Fonts used, Do not track set, blocking ads, like/share buttons blocked, WebGL Renderer..
      A default new browser, same OS every time from a VM? A browser that pools a lot of users real settings to present very random data back might be fun.
      How unique are countermeasures to the fingerprint issue :)
      Just the habit of a user to always install ad blocking or select one OS and hardware over another... the need to fix a list of defaults becomes tempting and telling.

      --
      Domestic spying is now "Benign Information Gathering"
    9. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 0

      People have talked about browser fingerprints for years, but I haven't heard any solid reports of sites making use of them.

      My employer (so posting anonymously) helps banks use browser fingerprinting as an additional factor for security and authentication.

      Note that it's usually used as a check for whether further tests are needed. If you're connecting to online banking from the same browser on the same device that you used the last seven times, it's probably not a Russian hacker. Unless you are a Russian hacker.

      If you use a new browser on a new device, that's a trigger to ask you for further validation.

      Bit like Steam knows you've logged into a new device, but a little more sophisticated.

    10. Re:Fingerprint Randomizer by houghi · · Score: 1

      I believe that Google uses them. I delete everything when I start browing on YouTube. I do not log in, yet the results are clearly influnced in previous searches and the like.
      I also block doubleclick and other sites as much as possible.
      As Google is all about getting data, why would they NOT use it?

      OTOH they are unable to read the prefered language of my browser and rather give me a language depending on location (Fun if you live in Belgium), so perhaps they ARE too stoopid to do so.

      --
      Don't fight for your country, if your country does not fight for you.
  11. Re:er, this is not a good idea by houstonbofh · · Score: 4, Informative

    It is a fork of https://panopticlick.eff.org/ and about the same thing with a few more tests. And I am unique on both.

  12. Bullshit by Anonymous Coward · · Score: 0

    I tested this using the same browser, on the same machine, a number of times. Sometimes using various proxies and other times just straight through. I got a different fingerprint every time.

  13. Re:er, this is not a good idea by Anonymous Coward · · Score: 1

    So they know exactly who you are.

    The goal is NOT TO BE UNIQUE.

  14. Re:er, this is not a good idea by Anonymous Coward · · Score: 1

    I still just don't trust it. The US makes me afraid lately. I don't care how much PR they pump into being 'the good guys' their evil as hell and I don't think the rest of the world would shed a tear if the whole place got turned into a glass desert.

  15. Re:On (Cron) FrontPage.Post.FireHose.getLatestTren by Fwipp · · Score: 4, Funny

    Pssh, like that can't be forged.

    -dk

  16. Spoof fingerprints the next thing by Wild_dog! · · Score: 1

    I suppose if peoples unique browser fingerprints will be able to be tracked then the next thing is randomized fake browser fingerprints.

    Technology always provides.

    1. Re:Spoof fingerprints the next thing by houstonbofh · · Score: 1

      Technology always provides.

      On both sides. Look at the old EFF one with no script, and it finds a LOT less. Look at the new one with no script and it still finds most things.

    2. Re:Spoof fingerprints the next thing by Wild_dog! · · Score: 1

      Yes Tech provides on both sides.... in an ongoing fashion.

      Not sure what you are referring to in terms of the "old EFF one with no script".
      Can you explain that reference to me in more detail. I fear I am ignorant on the subject to which you are referring.

      Thanks in advance.

    3. Re:Spoof fingerprints the next thing by houstonbofh · · Score: 1

      The noscript plugin blocks javascript from running in your browser. That is how the EFF page got most of it's data. So with noscript active, it has a harder time identifying you. The new site does not have this problem.

  17. EFF offered this years ago... by Anonymous Coward · · Score: 0

    No idea who is behind this "new" option...but the Electronic Freedom Foundation did (and possibly still does) offer this same service. Sorry- can't remember offhand what it is/was called- and I have no time at the moment. Nor do I have time to research who is behind this latest "service". Still- I would recommend checking EFF first before going with any unknown company...

    1. Re:EFF offered this years ago... by houstonbofh · · Score: 2

      Oh for fucks sake! It is the University of Adelaide and it is in the fucking summery! And the EFF website for the same thing is on their page! And a tiny bit of effort would tell you that they have overcome the measures put in place to block a lot of the old tracking, like no script.

      Did you have nothing to add other then FUD in your post?

    2. Re:EFF offered this years ago... by destinyland · · Score: 1

      Here's a blog post on the University of Adelaide's web site linking to the browserprint.info URL, if there's any doubt...

      https://www.adelaide.edu.au/ne...

  18. 3D Secure - this looks familiar... by Anonymous Coward · · Score: 0

    That test at the "please wait" screen sure looks familiar. I've seen it each time I had to go through 3D Secure. They have a hidden Flash too. I think people have been doing this for a while now.

  19. So what can we do? by qintar · · Score: 1

    I see a lot of posts about how to measure the "uniqueness" of your signature. But what (if anything) can be done about it?
    Is this a standards issue? Or are there plug-ins that can mitigate some of this?

    1. Re:So what can we do? by houstonbofh · · Score: 1

      TAILS is a damn good start. Any Live CD will help. But this new system also tracks a lot of hardware, so it will be limited... Ideally, TAILS running in a VM on VirtualBox is probably going to be the most common thing.

    2. Re:So what can we do? by Actually,+I+do+RTFA · · Score: 1

      The EFF panopticon page not only measures your uniqueness, but it also identifies the most distinct parts of your signature. It offers some solutions to shrinking your fingerprint. https://panopticlick.eff.org/

      --
      Your ad here. Ask me how!
  20. Hold on a minute by fred911 · · Score: 1

    I "finger printed" my browser and the website reported two different fingerprints. I changed nothing. So the UUID the website says is my fingerprint (by itself) is basically useless for tracking this browser.

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    1. Re:Hold on a minute by Anonymous Coward · · Score: 0

      The site may have bugs.
      What aspect of your fingerprint changed?
      Font's (CSS)?

  21. Warning: Don't use it by Anonymous Coward · · Score: 0

    Ironically my privacy add-on uBlock Origin blocked 6 trackers and Ghostery an additional 3. Admittedly Slashdot is even worse.

  22. Re:er, this is not a good idea by houstonbofh · · Score: 1

    Neither do we! And it will get worse when one of those two bozos running becomes president. (And keep in mind that a people and a government are different. Some times VERY different.)

  23. Re:er, this is not a good idea by houstonbofh · · Score: 1

    I can be less unique if I need to be. More importantly, I can be a different unique person when I really need to be. The trick is remembering to never let unique person A access a forum used by unique person B.

  24. Re: On (Cron) FrontPage.Post.FireHose.getLatestTre by Anonymous Coward · · Score: 0

    Hey how did you do that?

    -dk

  25. Font detection issues? by Anonymous Coward · · Score: 0

    It seems that there is some issues with CSS font detection. If to make several fingerprinting attempts then they are all deemed unique. Only difference I see is with (CSS and system) font detection what does find different fonts on each run.

    1. Re:Font detection issues? by peawormsworth · · Score: 1

      Your question is good. I ran it on a tor-browser and the only real identifier was the CSS font list, which is said was unique.

      Does anybody know if this is a bug, or does is a tor-browser uniquely identifiable based on unique font lists per installation.

  26. If you're serious about privacy by Anonymous Coward · · Score: 0

    If you're serious about privacy, you've already been modifying your browser's fingerprint for many years.
    --- not to mention your OS and system identifiers.

  27. Slashdotted by Anonymous Coward · · Score: 0

    It's been a while since I've seen a site get slashdotted, I guess the death of slashdot is slightly exaggerated.

  28. Re: er, this is not a good idea by Anonymous Coward · · Score: 0

    Use a plugin to rotate the browser agent
    This really screws up this type of tracking

  29. I READ STORIES FROM BOTTOM TO TOP AND GOT THIS by Anonymous Coward · · Score: 0, Troll

    EditorDavid is mother fucking FBI.

    DO NOT CLICK that site in the summary or you just related your browser and ip in totality to the FBI.

    Check timestamps on similar comments.

    there are two legit browser fingerprint scanners, and of the two one of them doesn't require javascript.

    1) https://panopticlick.eff.org/
    2) browserspy.dk

    The first one is EFF and fine. No javascript required for basic test.

    The second one is sort of hackish, but you want to use NoScript to block gstatic and google-analytics because using browserspy.dk with javascript enabled (required) and not blocking google-analytics and gstatic... does the same thing as the link in this summary. It sends your fucking PC data ... browser fingerprint and IP... to the mother fucking US governmenet. Google is straight up Pentagon. Eric Schmidt is not their custodian.

    So.. back to fuck your mama's spies.

  30. Re:er, this is not a good idea by Anonymous Coward · · Score: 0

    It's not a fork, it's been written from scratch, it's just been designed to look similar and implement all the tests the old Panopticlick had.

  31. Re:er, this is not a good idea by AHuxley · · Score: 1

    AC they have via "GCHQ Created Spoofed LinkedIn and Slashdot Sites To Serve Malware" https://news.slashdot.org/stor...
    The way out is not be a very interesting person online.
    Visit the same news sites, run the same updates. Been repetitive to the same short list of news sites, sports, games is not interesting to the security services.
    They want to follow interesting people into newly formed sites, forums, chats, web 2.0 and then get back into their more secure computer usage or get admin rights over larger invite only online groups.
    The main issues is collection has to be online as thats all the gov's can collect from. Larger teams in shifts been detected wandering around getting overtime watching one person is an issue in very inward looking communities and many sections of cities.

    --
    Domestic spying is now "Benign Information Gathering"
  32. Re:er, this is not a good idea by Anonymous Coward · · Score: 0

    The goal is NOT TO BE UNIQUE.

    That's one way to approach the problem. Another way is to be unique on every http request . Did you spot the change-up? The trick is to use browser plugins to vary randomly or add entropy to information returned with each request. For example, randomized user agents, http accept headers, canvas data, plugin and font ordering etc. Any hashing is thus poisoned by spoofing.

  33. Test More Than Once by DERoss · · Score: 3, Interesting

    Visit the test Web site more than once. If subsequent visits indicate that you remain unique -- that you are the only one out of all visits including your own prior visits -- then you are somewhat safe from tracking. Even better is when it reports inconsistent results from several visits within a short period of time. I did that, and the report was that I was unique twice relative to HTTP_ACCEPT Headers. Also, the Monitor Contrast Level was not the same for two consecutive visits.

    I get this result by installing the Secret Agent extension from https://www.dephormation.org.u.... Panopticlick has similar problems characterizing my browser. And various Web sites that attempt geolocation have me all over the globe.

  34. Re:er, this is not a good idea by Anonymous Coward · · Score: 0

    Did you spot the change-up?

    No, I'm not clever enough. But you are. Why don't you explain it for us.

    The trick is to use browser plugins to vary randomly or add entropy to information returned with each request. For example, randomized user agents, http accept headers, canvas data, plugin and font ordering etc. Any hashing is thus poisoned by spoofing.

    Thank you. You are very clever.

  35. Restore VM snapshot by Anonymous Coward · · Score: 0

    Only started recently but I am now doing all my browsing in VM. At the end of the session I shutdown and restore to previous snapshot.

    No need to delete cookies or worry about plugins. Only thing to worry about is specific malware that targets and can escape a VM and there are very few of those, in fact most malware detecting a VM with simply shutdown functionality to thwart investigators.

    1. Re:Restore VM snapshot by allo · · Score: 1

      Always the same snapshot, always the same fingerprint.
      You at least need to share your vm with a lot of people to be secure.

  36. Re: er, this is not a good idea by Anonymous Coward · · Score: 0

    use a plugin to eliminate the user agent seems a better option

  37. Stop reducing the fingerprint, increase it by allo · · Score: 1

    Change so much on each visit, that you're unique every time. You will not eliminate all data, but if everything is zero except one identifier, i get you using this one. If everything always changes, i always think i identified somebody new.