Fingerprinting thread go
https://browserprint.info/
http://panopticlick.eff.org/
Some kind anon in the last threads posted a link to a story that indicates Google is injecting fingerprint code into their CAPTCHAs.
That means you can't post on 4chan without being fingerprinted.
This means it's not paranoid to think Google knows about your shitposting habits.
https://archive.is/9K5gs
Daily reminder to do all your Google / Facebook / LinkedIn / botnet shit in a completely separate browser to your shitposting.
It's currently the ONLY way to truly defend against fingerprint tracking.
The Tor Browser Bundle is still susceptible to many fingerprinting attacks that can uncover your true OS and browser.
Spoofing your user-agent is counterproductive unless you use a different user-agent for every site, even if you rotate them every x HTTP requests.
I wish I could develop fingerprinting methods and then patent them so nobody can use them.
Shit is expensive though.
>>55197540
>flash
>javascript
why bother using a seperate browser if you are still going to be retarded
>>55197540
This should justify getting rid of google's captcha service, unless 4chan was a honeypot
>>55197985
You may not realise this but JavaScript is required for most sites these days, including 4chan.
And the reason flash isn't disabled in that fingerprint is because it's an old version of opera with no extensions, from before browsers disabled flash until explicitly enabled.
It's not my main browser, it's my 4th.
I enjoy /f/
>not using legacy captcha
Fagggggot
Good thing cripplechan axed Google captcha
if ever people used fingerprinting for bans, this will kill ban evaders.
With exception of virtual machines and browser that allow spoofing of information like CPU/GPU/HD/Fonts/etc. There is no such addon/extension available right now.
>>55197540
>injecting fingerprint code
ReCaptcha queries google servers to provide the authentication service. Their business model is to analyze all the traffic from their free services to gain profiles on groups and individuals based on what they do and believe and resell or exploit this information for targeted advertising or other market research. ReCaptcha on 4chan means they can correlate your post numbers (and thus contents) with your IPs and any other tracking they've managed to do on your machines and applications, like your browser. So google already knows and analyses the contents of your posts and associates them with who they think you are and your demographic(s) is/are. They do not need fingerprinting to do this. ReCaptcha does not work if their servers are not queried, even with 4chan Pass (you can verify this by monitoring the network activity of a post using the pass). There is currently no way to post on 4chan without being tracked and profiled.
>>55198424
Even the best methods are too prone to false positives. The current method of clearing all localstorage/cookies and changing IPs in an extremely generic browser like vanilla chrome appears identical to a new user showing up using vanilla chrome.
>>55198827
Yeah, thats why you use multiple sources and check a likely percentage. If done correctly, the likely hood of false positive decreases.
>>55198854
>done correctly
You have no idea what you're talking about.
>>55197540
God damn, my list of system fonts made me unique.
Who even has access to this info?
>>55200538
What info?
Is my browser being unique bad? Isn't the goal to make it seem as common as possible to blend in?
>>55200571
Like all this info from your browser and stuff. Who would even see it and what would they use it for. How would it identify me specifically?
>>55200636
>what would they use it for
To attack you in your sleep
>>55200618
Yeah, the more unique your browser is, the more it narrows down the possibilities of who you are on the fingerprint.
>>55198799
>ReCaptcha does not work if their servers are not queried
Doesn't that mean that pass owners are immune?
>>55200636
They'd use it to build a profile on you so they can sell you things, sell your information to people who would be interested in buying it, and to share with the government.
>>55198827
no, not really. my fingerprinting code has about 80 bits of real world entropy.
>>55201263
What fingerprinting code?
And how do you calculate that?
>>55201310
http://pastebin.com/eV8k25r2
>>55201330
Going to make a fingerprinting site or sell it to Google?
Are there really people who think that posting (or hell, even browsing) 4chan in your primary browser is a good idea? I've had it cordoned off in its own browser for years now
>javascript disabled
>only thing they can get is my http header and UA
>still this much identifying info
i don't really understand how but okay
>>55200716
No, a 4chan Pass doesn't exempt you from it. It still confirms the pass token with google servers with every post because that's how all captchas work, which puts your IP and a post number in google's logs. If you use any other website from the same browser or IP that knows your name (e.g. due to you being logged in) or uses any google service (like analytics, recaptcha, maps, etc), then google knows who you are and everything you post on 4chan. Someday, someone's gonna buy this information from them with tor purpose of identifying what a candidate for high political office has been doing online and find out they post shit from their secret flash drive in shota threads on /b/ or something. I really hope it happens sooner rather than later, so people get as scared about online privacy violations by AI as they should be.
>>55201330
That relies on local storage. B& evading requires clearing local storage. My point stands.
>>55197540
I'm a special snowflake, my fingerprint is unique on both sites.
>>55201451
WHY IS that a bad thing?
>>55198150
Google can still track you faggot
>>55201516
Best post on /g/ today.
>>55201550
first off (with the code i gave), the fingerprint is predictable... meaning clearing local storage doesnt do anything unless you change something about your browser. next time you generate the same exact fingerprint.
>moving on, and refering to the current state of my project...
theres a server side component as well.a lot of steps would have to be done all at once. clearing all local storage would be one thing, but changing your ip, screen, things about your browser, and potentially even removing stuff on devices that also frequent the website would all have to be done, all at the same time.
the code i gave you is like a year old... the client code doesnt ship back the md5 hash, it ships back each componant, and i try to cluster different metrics into single identities. if you have multiple devices on a single ip, i can use content types you look at to try and figure out that its really you on a computer and a cell phone, and not your parents. i can track what school you go to, what places you
metadata collection is very powerful. way more powerful then what most people realize.
i threw together a demo that i would frequent (set as a home page on my phone), as well as injected js into websites. within a few days, i had a map of related things to my day to day life. arround lunch time i saw that indian food was popular, as well as burgers (i normally eat at a burger palce, or go to an indian resturaunt / bar combo). computer parts were trending, especiall e5's since i was looking into a new server. heat maps of my movement... it was scary. and that was 90% from injected js, not even the server side stuff. oh, and i had my phone clearing local storage daily.... i was even in private browsing and it would get a link.
Without scripting
Within our dataset of 1405 visitors, your fingerprint has appeared 2 times.
One in 702 browsers have the same fingerprint as yours.
With scripting
Your browser fingerprint appears to be unique among the 1,406 tested so far.
As a linux user running no script I'm fairly certain I stick out like a sore thumb to anyone watching. As long as Google only wants money and ad serving they'll just be creepy. If they go forth with their world domination plans we are all doomed.
how do they actually get my fingerprint scanned without any optical scanning tool? i dont even have a cam in my room
>>55202194
I feel so naked. Do any browser extensions stop your thing cold?
>>55202194
Wait... what?
You created some fingerprinting code and then used it to track yourself?
>>55202462
I mean...if you install an extention, I can just track you better off that, or lump you into a group of people who have it installed and be extra evil / make whatever website your trying to use unusable (but, in all reality it would still be
You could try to fork the browser and randomize stuff. (font order, add fake non existing fonts and add-ons. Off by 1 the screen rez)
I don't think any big tech company is running something like I have. At least currently. I know some are working on it though.
>>55202648
Yes anon, one has to debug and develop code somehow.
>>55203226
How well does it work on Tor Browser?
>>55197540
You left out this one OP, it goes more into exactly what can be seen to fingerprint you from:
https://www.browserleaks.com/
