Web fingerprinting is worse than I thought \ stacker news ~bitcoin

Web fingerprinting is worse than I thought www.bitestring.com/posts/2023-03-19-web-fingerprinting-is-worse-than-I-thought.html

578 sats \ 15 comments \ @shadowymartian 21 Mar 2023 bitcoin

view all related items

110 sats \ 1 reply \ @om 21 Mar 2023

I think there needs to be more use of gemini:// browsers exactly because of this crap.

0 sats \ 0 replies \ @franzap 21 Mar 2023

Very interesting

10 sats \ 7 replies \ @franzap 21 Mar 2023

Must haves:

Decent browser with some fingerprinting resistance
Decent VPN (ivpn, mullvad, proton)
libredirect extension (though ideally the Alexa top 500 should have proxied non-JS version)
VMs for private browsing (at least some of the time)

0 sats \ 6 replies \ @shadowymartian OP 21 Mar 2023

any suggstions for the browser?

1 sat \ 4 replies \ @bataroot 21 Mar 2023

LibreWolf might be a good option.

https://librewolf.net/

0 sats \ 3 replies \ @kepford 21 Mar 2023

librewolf is great. Basically hardened Firefox

0 sats \ 2 replies \ @franzap 21 Mar 2023

Install Librewolf and Firefox. Visit fingerprint.com on both (I'm getting the exact same fingerprint across these browsers, yes with resistFingerprinting=true on both)

I don't know what hardened means anymore.

10 sats \ 1 reply \ @kepford 21 Mar 2023

Interesting, thanks for sharing your experience. Did the same test and have different fingerprints. I wasn't even using a VPN. Its an arms race though. These ad companies are constantly trying to defeat privacy tools.

Are you on Linux btw?

10 sats \ 0 replies \ @franzap 21 Mar 2023

That's interesting. Maybe it depends on the OS?

It's definitely an arms race. Those sneakerbots are some sophisticated shit to constantly get around fingerprinting and bot detection.

I'm hoping that the value-for-value movement will help end this fiat ad monster: https://dergigi.com/2022/12/18/a-vision-for-a-value-enabled-web

0 sats \ 0 replies \ @franzap 21 Mar 2023

Use different browsers (Brave, Firefox, ungoogled chromium) if possible also in disposable VMs, on a VPN with custom DNS to remove trackers.

Have a browser for KYC browsing/logins exclusively.

1 sat \ 2 replies \ @franzap 21 Mar 2023

It's terrible and not taken seriously enough.

Remember that privacy is like a chain, one broken link breaks the whole chain. A history of detectable fingerprints and one single KYC login and your whole history is exposed.

Even when the fingerprint.com demo shows different IDs they can run some basic heuristics and detect manipulated params (in the same way chain analytics companies do with coins). Who knows, they might have private APIs for "special" clients.

An interesting one is https://abrahamjuliot.github.io/creepjs/ , try it out in a regular window and in a private window with resistFingerprinting=true.

Unfortunately two of the most promising anti-fingerprinting approaches seem abandoned now:

https://github.com/freethenation/DFPM
https://github.com/abrahamjuliot/privacy-cat (from the author of creepjs)

Regular web browsing these days (because of the browser APIs increasing attack surface) requires far more trust than what it seems. It's like calling a plumber to fix the toilet but he enters the house with a GoPro on his head and records your living room.

We visit a website for one purpose but we have no idea what purposes they have and by the nature of the web it's practically impossible to verify releases like with an open source desktop program.

A good browser is necessary, a VPN as well, but it's definitely not enough.

22 sats \ 1 reply \ @l0k18 24 May 2023

I hate web browsers. They are the "throw a handfull of darts one is sure to hit the bullseye" philosophy of software engineering, that leads to a steady bloat of features and security vulnerabilities multiply upon each other.

In general, if there is a dedicated app, choose that, don't use a web browser. Unfortunately people make too many mobile apps and not enough desktop apps for my needs. I don't use the web for much other than searching for programming info and shopping but it pains me every time I see an EU mandated cookie message.

0 sats \ 0 replies \ @franzap 24 May 2023

More gemtext less HTML :)

Agreed, more desktop apps are needed: easier to verify releases, no cookies or fingerpints (?), easier to block or inspect outgoing traffic, much better offline support.

0 sats \ 0 replies \ @l0k18 22 Mar 2023

There is countermeasures in some browsers, Brave has it built in. But the web browser all singing all dancing everything application platform is so friggin complex that leaking data around is basically impossible to completely avoid. It's a total dumpster fire of a security model. Give me open source, signed releases and native applications on all platforms from one codebase!!!!!1

0 sats \ 0 replies \ @astronaut 21 Mar 2023

Check the following list https://privacytests.org/