This is an EFF project that allows you to understand how easy it is to identify and track your browser based on how it appears to websites. Anonymous data will be collected through this site.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    35
    ·
    1 year ago

    The EFF site is great, it tells you how many bits of information are identifiable.

    If you think you have good protection, go to http://fingerprint.com and see if they can track you across multiple visits. This is a commercial fingerprinting company, on their homepage they have a tracking widget to demonstrate how good they are. So it’s always useful to use fingerprint.com to get an empirical test of if you’re trackable.

    • beetus@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Visited on my mobile this morning while commuting and no VPN and it geo located me 1000 miles away.

      Visited again connected to a WiFi network and it got me right. Fun stuff

        • beetus@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Yep, it’s got both visits recorded. Idk why my ip on mobile networks was geolocated so far away.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 year ago

            Thats pretty common for cellular data. Your IP is based on the exit of the mobile network, not the tower you connect with, but the data center of your provider. Which could be thousand of miles away

    • random65837@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Good find, 5 checks, 5 first visits! That’s with Brave. With Vanadium and Fennec it figures me out though.

      • varsock@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        7 visits with brave, 7 times identified as the same. I’m using the default options of a fresh brave install

        how did you have such success?

        • random65837@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Not sure honestly, I’m always behind a VPN, which I was changing servers, as if it were actually able to fingerprint me that wouldn’t have mattered so I didn’t want a false positive from making it too easy, I do run GrapheneOS so not sure if the OS is either not sending or randomizing OS info on top of that, that it would normally get. Been a while but the only thing I changed from default in Brave was changing fingerprinting to strict. For the sites I visit its still fine 95% of the time so I leave it that way. I’ve read from others and their browsing habits it breaks a ton of sites. So e YMMV there.

          • varsock@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            using the settings you described ( minus the VPN ) I was not able to cloak myself over the past several days

  • downpunxx@kbin.social
    link
    fedilink
    arrow-up
    18
    ·
    1 year ago

    My impression is the thing with modern day ad tracking, selling information to spammers, and hackers is, even if you secure your browser tighter than a drum, any one of your browser extensions, which we’ve given permission to read all site data on every site you visit and interact with, could be keeping extensive logs on your activity and selling that away to the highest bidder. Am I understanding that right?

  • privacybro@lemmy.ninja
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    I have been doing fingerprint research for several years. I’ve done countless builds with various browsers, configurations, extensions, and strategies. (Yes i have too much time for this).

    Here is what I’ve concluded. I hope this helps someone.

    CoverYourTrack is crap, plain and simple. Your best option will always be to randomize. Always. You will not “blend in”. I don’t care if you run Google Chrome on Windows 10 or Safari on iOS, JavaScript exposes way too much info, you will always have a unique fingeprint. Just go play around with fingerprint.com on some normie browser/os setups and you will see what i mean.

    You must randomize all the values that you see on sites like browserleaks.com. canvas, audio context, webgl hash, clientrects, fonts, etc etc. I’d also make sure you are proxifying all your browsers and using random locations. You can do this with Brave somewhat, which has some randomization stuff in it. You can do this with browser extensions as well. Ungoogled chromium also has some randomization for canvas and clientrects i think

    There are only a couple options outside of this that I recommend, in the realm of “generic fingerprint” solutions. TOR browser (they have been on the front lines of this for many years). And also Mullvad browser, which, despite its generic fingerprint goal, seems to also defeat fingerprint.com.

    Tldr, if you want the best experience out of the box that is also very usable, just use Mullvad Browser. They are basically the browser i wished for for like a decade.

      • LostXOR@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Huh, it says I’m leaking DNS servers and WebRTC IPs, but I don’t have secure DNS enabled, and I’m not really sure why WebRTC leaking my IP is a problem considering I’m already “leaking” my IP just by visiting a website.

        • mateomaui@reddthat.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          In my case I had reset a device and didn’t disable IPv6. Once I fixed that the bottom two tests still say I’m “leaking”, but all three show only one IP each, for my VPN’s servers (maybe different IPs, but one for each.)

          If I were actually leaking, IPs shown would be for a local DNS, or my residence, etc.

    • deranger@lemmy.world
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      1 year ago

      You should post the # of bits of identifying info it was able to derive. Best I’m able to do is 15 bits or so. Never seen it below 14, meaning you’re able to be nearly uniquely fingerprinted everywhere.

      • auf@lemmy.mlOP
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Your Results Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 94902.5 browsers have the same fingerprint as yours. Currently, we estimate that your browser has a fingerprint that conveys 16.53 bits of identifying information.

        It seems that my Safari does not have very strong tracking protection.

        • mateomaui@reddthat.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Nvm, I got the same result you did with Firefox and Safari, I realized I was testing on my wifi with a pihole… switched to mobile network only and protection dropped to partial.

        • mateomaui@reddthat.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Do you need to turn an option on or off in Safari? I got a strong protection result, same as for Firefox.

  • mateomaui@reddthat.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    Using Firefox on iPhone

    edit: Nvm previous result, I got the same result OP did with Firefox and Safari, I realized I was testing on my wifi with a pihole… switched to mobile network only and protection dropped to partial.

    edit2: but Firefox Focus still has strong protection:

    https://i.imgur.com/qeeuHKJ.jpg

    • Cyborganism@lemmy.ca
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Yeah I got the same result.

      I wonder in the fingerprint is a spoof and the result is a false positive? Because Mozilla says there is fingerprint protection in Firefox.

      • mateomaui@reddthat.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        I seem to get that same result on iPhone for Firefox, Safari and Brave

        edit: see original reply

        Firefox Focus still has “strong” result.

        I get “Partial Protection” on Chrome and two generic named browsers, and a flat-out “No” for Opera Mini

        Before anyone asks “why” about anything listed here, I have to test webpages for compatibility across browsers. Having them installed is the only way to do that.

      • mateomaui@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        My results were skewed because I was testing through a pihole, switched to mobile and got OP’s result.

  • Melody Fwygon
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    I’ve got really good scores. I’m grading a bit on a curve due to mitigations/spoofs already in place for both browsers that fool the scripts effectively.

    4.45 bits from Firefox. [“System Fonts” is the worst score]

    4.47 bits from LibreWolf. [“AudioContext Fingerprint” is the worst score

    Some Measurements are Ignored; reasons within.

    User Agent - Flawed. This contains no personally identifiable information and spoofing this often causes compatibility and functionality issues. It is OK to spoof for -MORE- functionality if needed.

    WebGL Vendor & Renderer - Spoofed/Blocked Firefox spoofs this via CanvasBlocker and LibreWolf blocks this from being accessed at all. Spoofing allows some websites to feel “satisfied” they have some fingerprint that is otherwise patent nonsense and CanvasBlocker will present the same value to the website/script later if it’s loaded in the same Container/Context.

    Screen Size and Color Depth - Spoofed/Blocked Both Firefox and LibreWolf will spoof/randomize/standardize these viewport values back to scripts to preserve privacy. For functionality reasons my LibreWolf installation is my minimal plugin environment. This allows me to quickly and temporarily load a website I might NEED to use without compromising on Privacy while not being forced to troubleshoot which plugins might be preventing the site from loading in Firefox.

    System Fonts - LibreWolf Only Spoofed/Blocked Value is Randomized

  • wilberfan@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    Well that’s interesting. I’ve read more than one place the having uBlock Origin is “enough” and that adding Privacy Badger is overkill. I’ve also got AdGuard Home running on a Pi-4. I failed all three tests with Vivaldi Nightly and Arc Browser–both with uBO installed…

    Simply adding Privacy Badger to the existing setup, suddenly I had “strong web protection”.

    [edit] Firefox passed without having to add Privacy Badger.

    • MonkderZweite@feddit.ch
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      uBlock Origin + Canvas Blocker is it for me. And Total Cookie Protection enabled, wasm disabled, referer trimmed.

      • sendRefererHeader 1
      • referer.trimmingPolicy 2
      • referer.XOriginPolicy 1
      • referer.XOriginTrimmingPolicy 2
    • downpunxx@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      thanks for the tip, i’m already on firefox, but when run it said i had “some protection” for both blocking tracking ads, and blocking invisible trackers, added privacy badgers after reading your post, because why not, and now it says YES for both

      17.54 bits of identifying information tho :0

  • Karna@lemmy.ml
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    1 year ago

    OS: Ubuntu 23.10 | Browser: Firefox 119 | Add-on: No-Script | Misc: AdGuardHome on Raspberry Pi 4B

    Edit: Uploaded Full image for Comparison with Mullvad Browser.

  • swayevenly@lemm.ee
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Anyone know how I can get improved fingerprinting results on Firefox Android? Currently its at 16.56 bits and it says I have strong protection against web tracking. NoCanvas isn’t availble on Android devices.

    • WarmSoda@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      I found this looking around the site:

      In order to get this extra level of protection, your browser needs to have a fingerprint which is either:

      so common that a tracker can’t tell you apart from the crowd (as in Tor Browser), or

      randomized so that a tracker can’t tell it’s you from one moment to the next (as in Brave browser).

      Google’s Chrome browser does not provide protection against trackers or fingerprinters in Incognito Mode.

      • TWeaK@lemm.ee
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        Is there any way to provide randomised fingerprints in Firefox?

        • TerraNova@lemmy.ca
          link
          fedilink
          arrow-up
          8
          ·
          edit-2
          1 year ago

          Use the Canvas blocker extension. It will randomize your fingerprint. So the test will say you have a unique still, but it is random every time.

        • 👁️👄👁️@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Yes, you can do it manually by enabling resistFingerprinting, but the easiest way is to just install LibreWolf browser which is a fork of Firefox. Or Mull which is practically the same thing, but Android.

          • TWeaK@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            It doesn’t suit me personally, I want more extensions. In particular, I use uMatrix, as it gives a little more flexibility than uBlock Origin even in authormode. I’ve been able to bypass paywalls by targeting elements from a domain, rather than the domain itself. But also there are plenty of quality of life extensions I rely on, eg gestures.

            Mullvad is very good out of the box though, I’ll give it that. And I use Mull on Android quite happily (although this does allow more extensions, pretty sure the two aren’t affiliated).

  • Lodra@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I got the same as @mintycactus@lemmy.world using Firefox Focus on IOS. Which I’m rather pleased by