It was at the Securedrop website. How did I end up there ? I read something about Sequoia and encryption and then wanted to see what Securedrop entailed.
Meanwhile I’ve raised the security settings. Still, today someone in this community (?) mentioned that Tor browser does not protect the remote to check for the OS, and now this. Color me surprised.
You must log in or register to comment.
That was probably me. You can check it here among other scary fingerprint stuff https://abrahamjuliot.github.io/creepjs/
Wow nice. Any opinions on how these fingerprinting evaluators compare?
CreepJS:
https://abrahamjuliot.github.io/creepjsEFF’s Cover Your Tracks:
https://coveryourtracks.eff.orgAm I Unique?:
https://amiunique.orgSad a pretty stock iPhone that’s blocking via some filterlists and using iCloud Private Relay (a “VPN”) is so detectable! Should be so many browsers appearing similar but there’s always this & that that mean I’m unique.
They renamed panopticlick to cover your tracks? It was such a good name!
Haven’t used amiunique but the EFF one I have seen people criticize because it only checks your uniqueness among people who opted in to take the test, so the results can be highly skewed.
The results aren’t going to be that skewed. They operate on a simple principle. There are many features available on a modern web browser with a high degree of variability. Even not having a feature is itself a piece of a fingerprint. The combination of those many, many features is going to produce a high degree of uniqueness for almost any browser.
I wasn’t trying to debate how the uniqueness is calculated, you’re absolutely right on that, and other sites like creepjs do the same, but I think where the eff site is a tad misleading is in how it presents their “just how unique AM I” part of the results, because they only have their own collected data to compare that against.
Sadly I think even disabling JS entirely would take away so much “blending in” that it still wouldn’t be hard to uniquely fingerprint a user without it. Even CSS (without JS) and standard HTML tags like “picture” can be used to fingerprint now.
Sadly I think even disabling JS entirely would take away so much “blending in” that it still wouldn’t be hard to uniquely fingerprint a user without it. Even CSS (without JS) and standard HTML tags like “picture” can be used to fingerprint now.
Right. I guess there’s also a difference between wanting to be as anonymous as possible and wanting to not be tracked too much by some sites.
In some browser profiles I do block JS completely for a few reasons.
- Let’s me read a lot of articles. Even articles with supposedly “paywalls”.
- Clutter free reading. Does it matter that the remote sites can recognize me based on a unique FP and build a profile ? I’m not too bothered. Should I ?
For other use cases I prefer Tor browser without any added extensions.
Thanks for the heads up. Yes, I tried CreepJS before and saw it found Linux as a result :/
But if it says Linux when you use windows then it doesn’t matter, right? The point is to make them all look the same
Tor browser useragent string pretends to be Windows on all platforms. CreepJS detects Linux in my case. A commenter mentions that Tor browser does not protect OS detection. That gives me mixed feelings about the goals of Tor browser.
There are many things you can do with JavaScript, and tor can only protect against so many without completely breaking many sites. Set your slider all the way to maximum and it will no longer detect windows, but it will very likely also no longer run.
This is interesting; what do I do with the information?
Btw, i have this error in Firefox console:
- audio failed creep.js:1:10246 - TypeError: document[U5(...)] is undefined Ww https://abrahamjuliot.github.io/creepjs/creep.js:14 xi https://abrahamjuliot.github.io/creepjs/creep.js:14 creep.js:14:1271
