I probably spend more time ragging on the TBB than it deserves.
It makes a good effort at protecting against fingerprinting, it's just the wrong approach.
Spoofing a different fingerprint for each site you visit is potentially a much more powerful approach

I've had the same IP address forever, why should I care.

>>55464729
IP address probably has some use for tracking, but it would be foolish to think all traffic that comes from one IP address is linked.
Most people have dynamic IPs which would mean their browsing habits would get linked to random strangers'.
And schools, businesses, and homes tend to have one IP that is shared by many.

>>55464803
>IP address probably has some use for tracking, but it would be foolish to think all traffic that comes from one IP address is linked.
Very true.
More than once 4chan has banned the IP of my ISP's cache server. 'Twasn't me!

I'd like to analyse Google's JavaScript but they did that obnoxious obfuscation thing all web devs seem to do to their scripts

>new

>>55466708
Well it may have been invented a while ago, but it hasn't quite caught on.

>>55464457
How can I set up DNSCrypt in Ubuntu?

>>55466776
How's this fingerprinting?

>>55466776
there should be a dnscrypt-proxy package that you configure according to the install notes. protip: it's slower so you can also use a caching resolver like unbound for 0ms subsequent lookups (point it at dnscrypt e.g on 127.0.0.1:40)

>>55466776
>>55467159
some dnscrypt servers also support dnssec validation which is 1 line uncommented in the unbound config

>>55466978
who cares? most fingerprinting is done by ad networks and you have host-based blocking right? the trouble is the googles and facebooks such as yandex

>>55466646
google closure compiler optimizes javascripts by minimizing the logic of the operations. 1337

>>55455003
>>55455003
>like looking at your IP and user-agent.
And CSS resource requests and unique HTTP e-tags. Don't forget to mention the most powerful, least easy to thwart exploits.

>>55455668
They do it too. And there are bots for them, so they don't even work.

>>55467235
>unique HTTP e-tags
Whut?
Is this a new attack I've never heard of?

>>55458844
>why cant this whole mechanism be fooled by receiving mutiple, random, opposite data, so the real pattern would be lost among flood?
Because no one has developed an extension to do so. Two were started, and mysteriously dropped, Chameleon and FoxGloves. It is a legitimate conspiracy.

>>55464535
It's also pretty easy to defeat. You detect when someone's data is randomized, and cause the site to silently never load or display a misleading error message about ad-blockers. Then you limit access to your servers to people who's data you can sell.

>>55466759
It has very much caught on. Several tracking companies are known to do it. We just don't have any effective tools to deal with it. Not even for a laugh. You can't not be fingerprinted if you use a browser to view any popular website.

>>55467300
How would you detect when someone's data is randomised if they used the same fingerprint for their entire session?
You don't randomise per request, you randomise per domain

>>55467324
Source?
According to a recent, highly publicized paper [1] canvas fingerprinting was only done on like 5% of the top Alexa 1 million websites.
Whereas tracking in general (which I guess means cookies) was pretty much ubiquitous.

[1] Online tracking: A 1-million-site measurement and analysis

>>55467261
There's nothing keeping a server from using unique e-tag identifiers for every single HTTP request. If you load another page in the same tracking network, chances are your browser will have been conned into presenting this identifier to the server again to verify if the cached copy of some file, like a tracking pixel or script file, is still valid. Without aggressively keeping no cached resources, or using some separate caching mechanism that checks for file modification time instead, it's an easy sneaky cookie.

>>55467329
>you randomise per domain
Too easy to defeat. Google, for instance, has code running on thousands of domains. If that code found a different fingerprint from your IP on youtube than gmail, for instance, it could stop working on you to make you submit to the botnet. Samae problem if you randomize by document with IFRAMEs and such. Random fingerprints should vary by tab instead, with a notion of child tabs gaining the same random values as it's parent to deal with stuff like the report function on 4chan, which uses new tabs and recaptcha.

>>55464803
>implying they don't packet sniff 24/7
Even if you encrypt, vpn and proxy you can still be traced.

>>55467381
E-tags... thanks, I learned something new.
Never heard of this before.
I'll look into it

>>55467378
>canvas fingerprinting
That is one exploit that is already addressed by several extensions.
>Source?
This data is 2 years old. It's probably much worse now.
https://web.archive.org/web/20160113141125/https://securehomes.esat.kuleuven.be/~gacar/sticky/index.html

>>55467469
I don't see how that's relevant to the discussion at all.

>>55467539
Thanks

File: finger-drawn.1187245207566.jpg (37 KB, 567x797) Image search: [Google]

37 KB, 567x797

I suggest the middle finger as the official emblem of this privacy epidemic.

>>55468757
Not exactly the most professional emblem

A link that should probably be added to OP
http://browserspy.dk/