Previous thread: >>55364561
http://browserprint.info/
http://panopticlick.eff.org/
http://ip-check.info
http://browserleaks.com/
Fingerprinting is a new way of tracking you across websites, it's not theoretical, it's being done right now by companies like Google.
Because unlike cookie based tracking you can't defeat it just by disabling cookies.
There is currently NO FOOLPROOF DEFENCE against fingerprinting (except quitting the Internet).
Attempts have been made but the technology is just too new.
Google releases limited hangout of how much they know about you:
https://news.slashdot.org/story/16/06/29/2038257/googles-my-activity-reveals-how-much-it-knows-about-you
>Oh, they're just remembering what YouTube videos I watched, nothing creepy about that, I already knew they were doing it!
>I guess all those people who fear tracking really are just conspiracy theorists!
ReCAPTCHA probably contains fingerprinting code:
https://archive.is/9K5gs
This means that the majority of 4chan users could be being fingerprinted, and Google might know about your shitposting habits.
To fix this you can get a pass (which allows you to be tracked by 4chan in a different way), or run 4chan with the no JavaScript CAPTCHA (use 4chan X to make 4chan without JS bearable).
Note: The no JavaScript CAPTCHA is broken for a lot of people.
Daily reminder to do all your Amazon / eBay / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
It's currently the ONLY way to truly defend against fingerprint tracking.
Double points if you have each browser running in a different VM with a different OS.
Triple points if you have each browser's VM configured with a different VPN.
The Tor Browser Bundle is still susceptible to many fingerprinting attacks that can uncover your true OS and browser.
Spoofing your user-agent may work, in the short term, provided you use a different user-agent for EVERY site.
Don't expect this to work forever, it may not even work now.
>>55382147
>tfw will never get a job at Google because they know about my trap fetish
>>55382620
Nonsense. Google loves diversity.
You should start looking even gayer porn and animal porn and they'll probably hire you as soon as they find out.
#ProudToBe
Proof that Google was developing fingerprinting technology in 2013
http://www.usatoday.com/story/tech/2013/09/17/google-cookies-advertising/2823183/
>>55382147
> or run 4chan with the no JavaScript CAPTCHA (use 4chan X to make 4chan without JS bearable).
just read the 4chan X FAQ
> 4chan X is not a content blocker, and choosing Force Noscript Captcha does not stop botnet from running
also it's too bloated with crap stuff and bad defaults :(
>>55383525
Well ofcourse you need to block the scripts using NoScript or uMatrix or whatever as well.
If you block all scripts it should work to prevent fingerprinting JS.
>also it's too bloated with crap stuff and bad defaults :(
Yeah it's not great.
You'd probably get used to it after a while though.
4chan's defaults aren't good either, I always need to disable quick reply, it's so annoying.
>>55382147
Oh shit time to clear my cookies again
>>55382620
they hired moot
testing 4chan x
>>55382726
Well duh. That first paper came out in 2012.
>>55383589
There are enough HTTP and CSS exploits that disabling javascript on a page isn't enough. Something to sanitize, or preferably randomize your HTTP headers and control the behavior of your CSS rendering would be needed.
>>55367661
I wrote a proof of concept web application to test this works.
Seems for most browers all fonts are requested from the server every time.
It only works in Opera.
>>55385117
Wait disregard that.
It works in Chrome too.
Just doesn't seem to work in Firefox / IceCat
>>55385139
No wait.
Opera and Chrome do seem to request all fonts, it's just they'll fall back to local fonts if the src for the remote font 404's.
Yeah I have no idea how to get this test to work.
Maybe there's some magic key that I'm missing
>>55385264
Figured out where I was going wrong.
You need to explicitly tell it to look locally for the font before fetching it remotely.
>>55382424
Did this have something to do with footprint just curious
>>55385751
Nah it was just a bump to get the thread started.
>>55384676
>CSS exploits
For the @font-face one that can check what fonts you have installed just set gfx.downloadable_fonts.enabled to false in your about:config. Only other one that I've seen on these fingerprinting demos determines your screen size but I'm not sure if the server can get that info without javascript or adding it to a link that your browser would send to the server (which could be eliminated by using an addon like Clean Links). Also, if you're still worried you can use an addon like uMatrix and disable CSS. The noscript capcha in 4chan X runs fine without it. Beyond that HTTP headers offer next to no variation to identify you based off of compared to the massive amount of potential identifiers they can get from all the javascript fingerprinting techniques or the @font-face CSS technique. You seem to have a rather defeatist attitude.
>>55387013
Yes screen size can be detected using only CSS.
Browserprint does this as one of its screen size tests.
And Clean Links doesn't strip out jsessionid from URLs, which can be used in the same way as a session cookie.
>>55387013
Potentially you could do the char sizes fingerprint test using CSS only too.
But that feels a little pointless, like the screen size one, since zooming in completely changes the results and there's no obvious way to reverse this that isn't blocked by browsers like TBB.
>>55387013
I can't imagine screen size really being a big give-away to your identity, right?
Inform me, anons.
>>55383721
Who?
>>55387336
It's not, mostly.
But you combine it with other features to get a really identifying fingerprint.
Some older browsers will return the screen size of all your monitors added together, which can be very identifiable though.
For instance I've got 3 monitors and an old version of Opera reports my screen size as 3600x1848, which is probably unique on the internet.
>>55387336
It depends on the screen you use.
>>55382147
>>Daily reminder to do all your Amazon / eBay / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
>It's currently the ONLY way to truly defend against fingerprint tracking.
>Double points if you have each browser running in a different VM with a different OS.
>Triple points if you have each browser's VM configured with a different VPN.
Well fuck. That's like Qubeos tier levels of tinfoil. Making each browser run seperate, and isolated from each other...
>>55382147
>Google releases limited hangout of how much they know about you:
>have to log in to google account to view it
nice try OP :^)
bump for autism awareness
Yall niggas should look up Canvas Fingerprinting.
This is the most evil shit. You'd be surprised how many websites use it.
Here's another website if you want to add
http://browserspy.dk
It's not a single one-click test but can still show quite a bit about what information your browser is giving away.
>>55390474
https://github.com/kkapsner/CanvasBlocker/
>>55390474
https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
>>55382147
is torbrowser the only one worth using
>>55390594
The Tor browser is still susceptible to a bunch of attacks.
They can detect your real OS (TBB pretends to be Windows).
They can use audio context fingerprinting.
And you can detect the version of TBB that's being used, which is rather telling considering they release a new version every other fucking day
> Triple points if you have each browser's VM configured with a different VPN
Are you kidding me? Changing your IP should be the first thing to consider.
Sure, Google cant identify you just by the IP, but you dont even know how deep this rabbithole goes.
Not only the operating systems (Mac/Win, install Gentoo btw :P) are full of spyware, the browers themself are just like a large API to track individual users.
JavaScript/Flash and whatever add more possibilities and every browser update can (maybe unintentionally) allow new "footprinting" methods.
There are even backdoors in encrypted SSDs, BIOS and even in the CPUs.
Just dont think you can flee the system that easy.
>>55391657
Great way to mix advertising profiles.
Everybody who goes to the same school / stays in the same dorm / uses the same ISP will have their profiles mixed because they share IPs
>>55387417
>not sure if serious or just bait
>>55391918
Exactly, the larger the number of users per IP, the better you can hide in their shadows.
But as i said, the IP is just a very small part of the footprint.
god damnit
>>55391657
This has a problem in that generally you set your IP address and then use that for everything for a time before switching (VPNs route ALL your traffic through the VPN).
For this to be effective you would have to change your IP address every time you wanted to take a break from shitposting on 4chan to check your facebook and vice versa.
That's an even bigger pain in the ass than using multiple isolated browsers.
>>55392184
Hahaha, wow, you're a degenerate
>>55392216
yea, well I got my dog dick pipe, you judgmental faggot.
>>55392113
redditard thinking he spotted a newfag, you just spotted yourself.
>>>/r/4chan
>>55392306
Laughing my ass off.
Why the fuck would anybody want to smoke from a dog's dick?
Even a human dick is fucked up
>>55392367
reasons that may lead to more dangerous reasons.
>>55392306
Fucking canadians...
>>55392367
He wanted to finally be able to smoke cock. And you know how furfags are.
Interesting finding.
NoScript seems to block CSS font fingerprinting if scripts are disabled, despite it not relying on any JS.
>>55382147
>There is currently NO FOOLPROOF DEFENCE against fingerprinting (except quitting the Internet).
>Attempts have been made but the technology is just too new.
bullshit. you need to disable JS, clear all your cookies from time to time, blacklist some domain names, and enable "click-to-play" to stop flash files being run automatically
>>55396985
Foolproof defence for people who want to use the 90% of the internet that requires JS.
You can't expect normies to make such a big sacrifice.
Besides, it's pretty likely that while you've got an ad blocker installed you immediately start enabling scripts if a website doesn't work
>>55397107
>You can't expect normies to make such a big sacrifice.
They don't even care about removing Gapps from their phone and using non Google shit to keep the information on everything they do from being collected. The people who won't make changes will likely never change, will slowly become more accepting of any invasion of privacy they did have a slight problem with, and will come to terms with how they are just a whore selling themselves for what they consider to be convenient. The people who do care will enter the downward spiral and slowly become like the countless others considered to be extremely paranoid by the general populous.
>panopticlick now requires you to enable their javascript to work
>adelaide uni
fug the botnet is following me
>>55390485
>>55390489
So how is this supposed to work?
I installed it but panopticlick says I'm still unique.
>>55398577
Oh I got it, I set it to block everything and now the fingerprinting is blocked.
Kinda gay EFF wants me to unblock 3rd parties that "promise" to honor Do Not Track though.
>>55398360
????
>>55397778
Yeah.
I have no idea why they remade Panopticlick.
>>55382147
Hello where do I buy wife please?
>>55398710
how much does your pic cost?
>>55383910
testing by replying to your test
Any ideas how to get CanvasBlocker working with Pale Moon?
Addons site won't allow it (says it's an old version of firefox) and the browser won't let me install the xpi.
>>55382147
Can somebody make ff extension to constantly randomise user agent, like show as firefox but constantly change versions and shit, or change google cookies every 5-10 seconds
>>55399906
I'm told uMatrix has user-agent randomisation functionality.
What you really want is an extension that gives you a different user-agent for every domain you visit.
AFAIK the only extension that can do that is UAControl, but... it doesn't generate domain / user-agent mappings automatically, you need to do it by fucking hand.
These threads have been making me think about writing a few extensions but I don't have a clue where to start.
https://www.dephormation.org.uk/index.php?page=81
?
>>55398577
I guess eventually most people will have DNT enabled so might as well set it.
>>55399835
Stop playing around with your meme browser and install Firefox.
>>55399983
This is the current documentation for creating add-ons
https://developer.mozilla.org/en-US/Add-ons/SDK
I assume this might be more relevant since Mozilla intends to replace their old APIs with WebExtensions
https://developer.mozilla.org/en-US/Add-ons/WebExtensions
Maybe you can get some others from /g/ to help out although my guess is that after we get the logo done and a github account set up the project will die.
>>55400450
Oh... I also forgot to add the that new WebExtensions API probably will make some things impossible to change since it'll have less privileges than the current API. Thanks a lot, Google.
>>55400450
Seriously though, no memes here
I like Pale Moon because it has less bloat than firefox, no telemetry/health report, no "social", better defaults for security in about:config, and I like the UI better.
I'll make it work in Pale Moon.
If you have flash installed, edit your mms.cfg file to get rid of system font detection for Flash. It really brings your uniqueness down.
C:\Windows\SysWOW64\Macromed\Flash
Add DisableDeviceFontEnumeration=1 in Flash's mms.cfg file
