Previous thread: >>55413135
http://browserprint.info/
http://panopticlick.eff.org/
http://ip-check.info
http://browserleaks.com/
Fingerprinting is a new way of tracking you across websites.
It's being done right now by companies like Google.
Because unlike cookie based tracking you can't defeat it just by disabling cookies.
There is currently NO FOOLPROOF DEFENCE against fingerprinting (except no Internet).
Google's privacy policy states
>Other technologies are used for similar purposes as a cookie on other platforms where cookies are not available or applicable
https://www.google.com/intl/en/policies/privacy/key-terms/#toc-terms-cookie
ReCAPTCHA probably contains fingerprinting code:
https://archive.is/9K5gs
This means that the majority of 4chan users could be being fingerprinted, and Google might know about your shitposting habits even if cookies are disabled.
To fix this you can get a pass (which allows you to be tracked by 4chan in a different way), or run 4chan with the no JavaScript CAPTCHA (use 4chan X to make 4chan without JS bearable).
Note: The no JavaScript CAPTCHA is broken for a lot of people.
Google releases limited hangout of how much they know about you:
https://news.slashdot.org/story/16/06/29/2038257/googles-my-activity-reveals-how-much-it-knows-about-you
>Oh, they're just remembering what YouTube videos I watched, nothing creepy about that, I already knew they were doing it!
>I guess all those people who fear tracking really are just conspiracy theorists!
Daily reminder to do all your Amazon / eBay / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
It's currently the ONLY way to truly defend against fingerprint tracking.
Double points if you have each browser running in a different VM with a different OS.
Triple points if you have each browser's VM configured with a different VPN.
The Tor Browser Bundle is still susceptible to many fingerprinting attacks that can uncover your true OS and browser.
>Google experimenting with fingerprinting technology
>2013
http://www.usatoday.com/story/tech/2013/09/17/google-cookies-advertising/2823183/
>Google has tracking code in 80% of the top 1 million sites
https://yro.slashdot.org/story/16/05/19/232216/google-is-a-serial-tracker
Someone said I shouldn't use uMatrix's 'Spoof User Agent' and I should use 'Blender' instead because it would look suspicious if the same IP kept connecting to a site using a variation of X amount of User Agents and all the same other data a site can pick up even with Javascript turned off (Screen dimensions, etc)
Thoughts?
>>55432219
>experimenting
They have it deployed. They're just waiting for a court order to finally reveal they're using it.
http://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2
>>55433562
It's things like fonts and identifying e-tags that can be picked up without JS. Rotating user agents is basically useless if you can't also spoof or at least randomize all the other stuff that can potential;ly be fingerprinted, which is a huge amount of browser features spanning several APIs.
>>55433562
It's true to an extent.
If someone is looking through their traffic and they see someone using their site but their useragent keeps changing they're going to be suspicious.
I don't think that's easy to detect in an automated fashion though, although I admit I've never done automated traffic analysis
>>55433764
Sounds like the easiest thing in the world to test. Compare a stored user agent for anIP/profile/fingerprint/whatever's last access, and on a new request compare the new user agent stream with the last one starting at the end. If it's different at all, then something is fishy.
>>55433562
Looking at blender it seems to take the TBB approach to defeating tracking, which is blending into a crowd.
It uses common settings that it will share with many other browsers.
The problem with this approach is that generally more advanced fingerprinting techniques can defeat it.
The other approach is to have a different fingerprint for every domain.
It's kinda the polar opposite because you really don't care about blending in, you just want everybody to know you by a different name.
I think most of us tend to favor this approach, although I don't think there's much software implementing it yet
When spoofing fingerprint data do you think it's a requirement that the spoofed data be from a real fingerprint?
It seems like it'd be something that's nice, but not actually required.
It certainly increases the amount of work required to develop spoofing software exponentially.
>>55434562
NoScript, ScriptSafe and random-agent-spoofer all have some minor fixes for the most well known, high entropy exploits for the features they cover already.
https://github.com/ghostwords/chameleon
https://pet-portal.eu/blog/read/533/?set_language=eng
These used to work when they were updated, but both stopped development under mysterious circumstances.
>>55434930
I'm almost certain it would require a patch to ScriptMonkey and Gecko's CSS code to even expose the controls necessary for an effective self tuning anti fingerprinting extension using lying profiles to be written. HTTP can probably already be done.
