Previous thread: >>55382147
http://browserprint.info/
http://panopticlick.eff.org/
http://ip-check.info
http://browserleaks.com/
Fingerprinting is a new way of tracking you across websites, it's not theoretical, it's being done right now by companies like Google.
Because unlike cookie based tracking you can't defeat it just by disabling cookies.
There is currently NO FOOLPROOF DEFENCE against fingerprinting (except quitting the Internet).
Attempts have been made but the technology is just too new.
Google releases limited hangout of how much they know about you:
https://news.slashdot.org/story/16/06/29/2038257/googles-my-activity-reveals-how-much-it-knows-about-you
>Oh, they're just remembering what YouTube videos I watched, nothing creepy about that, I already knew they were doing it!
>I guess all those people who fear tracking really are just conspiracy theorists!
ReCAPTCHA probably contains fingerprinting code:
https://archive.is/9K5gs
This means that the majority of 4chan users could be being fingerprinted, and Google might know about your shitposting habits.
To fix this you can get a pass (which allows you to be tracked by 4chan in a different way), or run 4chan with the no JavaScript CAPTCHA (use 4chan X to make 4chan without JS bearable).
Note: The no JavaScript CAPTCHA is broken for a lot of people.
Daily reminder to do all your Amazon / eBay / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
It's currently the ONLY way to truly defend against fingerprint tracking.
Double points if you have each browser running in a different VM with a different OS.
Triple points if you have each browser's VM configured with a different VPN.
The Tor Browser Bundle is still susceptible to many fingerprinting attacks that can uncover your true OS and browser.
Spoofing your user-agent may work, in the short term, provided you use a different user-agent for EVERY site.
Don't expect this to work forever, it may not even work now.
>>55413135
>Daily reminder to do all your Amazon / eBay / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
Or better yet, not having an amazon, ebay, LinkedIn, Facebook, etc account at all.
>>55413370
or better yet, throwing your computer out the window.
>>55413135
How hard would it be for Google to do a timing attack on 4chan to correlate the captchas being submitted with posts appearing on the boards for the people using the noscript Captcha?
>>55413450
kek
>>55415541
Their recaptcha service gives them a post number and IP for every post made on 4chan, and their data is for sale. If you mean how hard would it be for AddThis or some other competitor, nearly impossible since they don't have code running on 4chan pages, and some of the necessary steps would constitute industrial espionage.
>>55415541
Probably not that hard if they could work out which board the post was going to first.
Otherwise probably pretty difficult since 4chan gets a lot of posts as a whole
>>55416678
The CAPTCHA really gives them the post number?
Have you read the code?
>>55416678
>Their recaptcha service gives them a post number
Sauce?
>>55416678
>Google knows everything I've said about jews and blacks on 4chan
>>55416732
And you thought they never replied to your job applications because your resume wasn't impressive enough...
>>55413370
>not using Amazon
Where am I going to buy shit now faggot?
>>55416732
The piece of shit gives me trump videos recommended on youtube just cause of this shithole and /pol/, i got gstatic and analytics blocked everywhere else.
Don't underestimate jewgle and the captcha.
https://www.savenetneutrality.eu
>again
>>55416780
Try using private browsing mode or clear out cache/cookies. I never get trump videos unless I search for it myself.
>>55416823
Nah, i got firefox set up to to run on ram and delete dom storage after i close it apart from self destructing cookies.
If i go on jewtube after starting firefox i only get the mainstream trash, i only get recommended trump videos after a few hours of shitposting and doing captchas.
>>55416780
Might give this a shot and see if I can make an infographic about it if it works
>>55416881
Strange. I don't get the trump videos, I still get whatever medicore movie hollywood is coming out with, the latest John Oliver shit, and some mainstream shit.
>>55416732
Better hope someone doesn't start a business out of buying google's 4chan and online application page data, correlating it, and selling the results to background check services used by employers, or you're pretty boned.
>>55416823
The point of this thread is that fingerprinting methods exist that makes such measures ineffective, and that's a bad thing. We want more people mad about it, so someone who can actually fix this for us might have a reason to.
>>55416946
Click on a few videos non related to trump or 4chan, then start looking at the videos to the right that are next in line for playing.
Obviously do this after solving a few captchas and with 4chan threads open alongside.
>>55416990
Oh wait. You were talking about the recommended bar next to a video? I thought you were just talking about the frontpage of youtube. Yeah, I get recommended trump videos if I post on 4chan but don't search on 4chan related stuff on youtube.
>>55417007
yeah that's what i meant, not on the front page
pic related is the one that pops up every time
>>55417038
Could it be that it's detecting embedded youtube videos on /pol/ and adding those to your profile?
>>55417087
Nah impossible, i go to /pol/ like once every blue moon and besides i got third party frames blocked on ublock so embedded youtube videos don't even load.
Gstatic on the captcha probably relates 4chan to Trump and there's not much else to it.
>>55416704
It wouldn't be hard for them to get given the timestamp in the GET request they receive and this: https://a.4cdn.org/b/threads.json
Collecting user data is how they make money on all their free shit.
>>55413135
Someone needs to make a better fingerprinting website, in particular combine everything from browserleaks.com along with some of the things browserleaks.com doesn't include into a single page to show how unique you really are. Don't block Javascript? You are very likely unique given the ridiculous amounts of fingerprinting techniques. Block Javascript? How about CSS fingerprinting, have you considered how they can use the @font-face atribute to see what fonts you have (done by checking for fonts and downloading ones you don't have), view the your browser dimensions (which can change based on your screen layout, toolbars, tab orientation), and query your recent history with the CSS visited rule? How about your HTTP headers, have you taken care of those? Then there's TCP/IP fingerprinting, sure you may have taken every measure in the book to reduce your fingerprint (at the cost of your browsing experience being broken in many ways) but how many people in your city with your ISP have done so? Are you unique in that way? They can also determine your real OS with TCP/IP fingerprinting giving them yet another data point if it doesn't correlate with your user agent in your HTTP header. Now what if you use a VPN? Then you're connecting from a static IP address for them to correlate all this to.
It seems like the only real way to stay anonymous when browsing the web given what's possible now days is to at the very least use Tor for everything and for the times you aren't using Tor never connect to any websites that may try to fingerprint you. Any time you aren't doing that you should treat it like walking into a store run by an asshole who masturbates to 1984.
>>55417087
Assuming you aren't running their analytics scripts, their servers still see recaptcha requests for this domain and then youtube from the same IP.
>>55417552
>Someone needs to make a better fingerprinting website
Why don't you? You could put ads on it to pay for it.
>>55417552
>Then there's TCP/IP fingerprinting
The only conceivable method of combating that is running a OpenBSD based firewall box using pf's scrub.
>>55417566
Because I don't have the knowledge and learning all of that for a possibly rather complex first project (leaving plenty of room for me to mess up and not catch it) seem like a bad idea. Plus at the rate I've been getting through my current backlog of projects it'll probably be over a year before I could get to it. Ideally the EFF could just add it to their test.
>>55417552
TCP/IP fingerprinting.
That's... difficult.
Wouldn't it involve writing your own webserver or something?
>>55417552
I think Browserprint intends to implement as many tests as possible.
They seem to add tests every week, unlike other sites like Panopticlick which just use the tests that it had at their creation
Guys... the botnet is real.
Original content
>>55418846
JPG since I forgot to compress it.
>>55418846
Holy shit. I don't even allow cookies for anything Google. Gonna try again with the noscript captcha.
>>55418966
Didn't happen with the noscript captcha, but it also didn't happen again when I tried it with scripts again so maybe it detects that you're trying to mess with it.
>>55419408
Well hopefully that means using 4chan with no scripts is better.
Google would have to be pretty desperate to hide their tracking if they actually disabled it when people try to mess with it
>>55419500
Disabling it for 5 minutes each time would be sufficient.
>>55418966
I haven't been able to reproduce the results with 3rd party cookies disabled, sadly.
I'll try again in a couple days.
Even if Google isn't using fingerprinting yet other trackers definitely are, and it's only a matter of time before Google starts doing it too.
Their privacy policy explicitly says they can use non-cookie based tracking
>Other technologies are used for similar purposes as a cookie on other platforms where cookies are not available or applicable
https://www.google.com/intl/en/policies/privacy/key-terms/#toc-terms-cookie
And we know they've been experimenting with fingerprinting for a few years now
http://www.usatoday.com/story/tech/2013/09/17/google-cookies-advertising/2823183/
The /csg/ people might be interested to know that aliexpress is confirmed for fingerprinting via alicdn.com
Glad to see this thread gaining traction.
