Interesting that this one doesn’t detect my battery (says it’s blocked) but the one OP posted can see it
hopesdead@startrek.website
on 08 May 20:29
collapse
It seems to be based on how the website is interpreting the browser. I got mine correct but with the battery mentions Firefox and a removed API. I wasn’t using Firefox.
Could you explain why it would be in any way relevant if that was the case?
shrek_is_love@lemmy.ml
on 08 May 20:18
nextcollapse
I’m interested in the people that make the stuff I consume. When I read something or enjoy a piece of art, much of the enjoyment is imagining why the artist made the decisions they did. If it was made by AI, the answer is much less interesting.
This is not a piece of art, it’s a piece of educational material showing people what information websites collect about them. But it’s also fascinating how you could enjoy something if you didn’t know how it was produced, and then the act of knowing would remove the enjoyment you were deriving from it.
Dirt_Possum@hexbear.net
on 08 May 23:15
nextcollapse
it’s also fascinating how you could enjoy something if you didn’t know how it was produced, and then the act of knowing would remove the enjoyment you were deriving from it.
Would you feel differently about, say a book you read and somewhat enjoyed if you later learned it was written by a fascist? It sure would make a difference to me. Have you never consumed any sort of media that you later felt was tainted by who created it, or used a product that you later decided not to use again after learning how it was produced? There’s even a colloquialism referring to this very thing, about “knowing how the sausage is made.”
Sure, because it would be tainted by another individual with goals and intentions different from my own. Being upset that something was made using a particular tool is quite different from that. Also, do you get upset looking at a beautiful sunset just because no human designed it intentionally?
Dirt_Possum@hexbear.net
on 09 May 00:07
nextcollapse
I was taking the statement about what you found “fascinating” in isolation because it was phrased as such. You were surprised that the other commenter could find enjoyment in “something” not knowing how it was produced then feel less enjoyment after learning more. That is a silly thing to be “fascinated” by because it is something that the vast majority of us are keenly familiar with. But because that commenter has qualms about AI which you don’t, you suddenly can’t understand how later information about something can alter one’s enjoyment of it? It’s an absurd thing to say. As is your sunset question. I don’t get upset looking at most AI slop either, but I absolutely do place it in a different category than either a natural phenomenon or something I know was made by human expression and if you can’t understand or recognize that difference, I don’t know that anything I could say could help you with that.
Last I checked, LLMs have no will or agency of their own. Literally everything they produce is an artifact of a human expressing themselves. The argument is regarding how much effort a human is expected to put in and what tools they use to express themselves. Apparently, when a certain arbitrary threshold is reached, then it’s no longer human responsible for producing something.
Yeah I guess it was human expression that confidently insisted superglue was a safe ingredient to put on my pizza to hold the cheese on it. I don’t even give much of a shit about LLM slop on the occasions it’s accurate, it was your bad faith and absurd response to the other commenter that I was calling out which you ignored in order to shift the discussion to philosophical arguments about AI that make you sound like the entrepreneur genius Sam Altman or the other tech bro capitalists trying to keep that bubble from popping.
Yeah, because we didn’t have stuff like flat earthers before LLMs. That’s totally a new phenomena never ever observed in humans. All these arguments are bullshit, and you all know this deep down. LLMs are just a tool, it’s another form of automation, there’s nothing magical about these things. And people are just losing their shit over it, and it’s frankly tiresome.
If intelligently designed sunsets were an option, I’d probably like those more. You raise a good point, we might just like all these “natural beauties” because we haven’t anything else.
Or perhaps the beauty is in the eye of the beholder. We are able to appreciate things that look interesting without them having been designed, and they can trigger emotions and ideas within our own minds that are meaningful to us. Even with human created artifacts, we do not know what the artist was thinking vast majority of the time, or what they were actually trying to convey. We interpret the work using our own thoughts and experience. So, even with the most meticulously human generated art, it is the viewer projecting their own meaning onto it.
LeeeroooyJeeenkiiins@hexbear.net
on 09 May 07:25
collapse
The enjoyment includes the feeling of reaching out to another person’s mind. Finding out there is no mind is like expecting stairs where there are none and stepping into emptiness.
That’s just complete misunderstanding of how people use these tools. The intention still comes from somebody’s mind. Somebody had an idea and they used the tool to execute it.
I came across this post the other day, and this person has put into words what I have simply failed to.
In short; AI makes the world feel empty and hollow. Many people enjoy the process behind the things we create or encounter, even if it wasn’t us to go through that process. Replacing it with AI removes the human touch/connection that made that thing interesting. I don’t want to know about the faceless algorithm that spat out what I’m seeing; I want to know about the person that created this and their experiences that brought them here.
I mean that’s fine, but plenty of things in our modern life are mass produced, and utilitarian. Everything doesn’t need to be art. For example, I don’t need my toothbrush to be crafted by an artisan, nor do I care if a website that shows stats collected by the browser was artisanally coded or not.
Darkassassin07@lemmy.ca
on 08 May 21:24
nextcollapse
True; however many of the current use cases for AI aren’t utilitarian, but are instead forcibly replacing artists while stealing their work to do so. Ontop of this, the infrastructure behind/supporting these tools is destructive and measurably making a significant amount of peoples lives worse.
These factors have jaded people against AI as a whole; as support for AI is seen as support for the destruction and instability it’s brought with it.
And the rest of us are just tired of people braying about AI in every single thread. People just have to learn how to deal with their personal issues without spamming about their feelings everywhere. I see far more people screeching about AI than actual AI generated content at this point. These tantrums add absolutely nothing to any discussion, and they’re just noise.
I’m tired of people screeching about slop in every thread about any subject. Please try being tired of slop quietly in your own head. Or make a community where people who enjoy hearing other people screech about slop can yell at each other how much you all hate slop.
yes, you’re perfectly fine being part of an obnoxious crowd of people flooding every thread to prevent any meaningful conversation from happening with your slop
Nobody made you the arbiter of what’s welcome. I don’t find your noise welcome. If you choose to be obnoxious don’t expect people to agree with the message you’re trying to deliver.
You’re getting enough opposition from enough people to be annoyed by it. You may safely assume that the community has decided what’s welcome and what isn’t.
And you’ll just continue harassing other people. The problem with you lot is that you declare something to be LLM generated, without any actual evidence I might add, then derail the whole thread so you can bray about how much you hate AI. You are far more obnoxious than any AI generated content I’ve seen.
Weird, it’s as if you haven’t read a thing I’ve written.
You will continue to be told to remove the AI slop. Get with the times or be left behind because opposition against AI slop is here to stay. It is much better for your mental health to stop resisting. Not everybody is born privileged with a talent for spamming communities with unwanted content. Opposing AI slop is democratising access to people’s attention.
You can stomp your feet all you like, but all you add is noise and toxicity. You’re basically like an annoying mosquito hovering around conversations people are trying to have.
I’m actually going to make a separate point from my other comment:
Art is a matter of perspective.
Maybe you don’t care about how your toothbrush was designed; but someone somewhere sat down and made decisions about how to best shape it, what materials to use, what kind/how many/what thickness of bristles, how to color it, etc. Those were decisions made from experiences that person had which they chose to factor into their designs.
Someone else out there is interested in what led to those design choices, perhaps to design their own with improvements or changes, perhaps just out of curiosity. They can’t ask an algorithm why it made the choices it did and have a discussion about the details; but they could with a person.
What some find disinteresting, others immerse themselves in. AI destroys those opportunities for human connection. Human connection we already struggle to find as a species.
You might not care how this site was created, but some do. The use of an LLM has made it impossible to discuss the choices made, because there weren’t any decisions, just an algorithm spitting out letters one after another…
That’s just a complete straw man that stems from having utter lack of understanding how people actually use LLMs. Here’s one example for you from Terence Tao mathstodon.xyz/@tao/115855840223258103
BeliefPropagator@discuss.tchncs.de
on 08 May 21:56
nextcollapse
AI generated is just a stand in for hollow & over-dramatized here. Probably I could enjoy AI generated content if it wasn’t shit. The claims on the site reminiscent of 14y/o skids trying to scare each other: “uhhh I got your IP I will hack you now!1!1”, except now you have access to some chatbot subscription to make it sound like it’s a big deal.
It is a big deal how much the browser shares about you without people realizing. No one thinks about these things.
If you use a VPN on Spain you might think you’re safe but then your timezone is saying you’re in Ireland. You thought you were fooling them buy you really aren’t. You can’t outsmart fingerprint and I wish people made a bigger deal about this so actual solutions get implemented.
Sites like these raise awareness which is quite important.
yeah your point was easily understood the first time, mine was that there’s no reason to go out of your way to make the problem worse by constantly shitting out slop everywhere
but you seem to greatly enjoy your garbage so whatever
The website says it uses templates, but they were written by “Matt”. Not sure if that’s an LLM, but it’s at least not using LLMs each time a user visits
WalrusDragonOnABike@reddthat.com
on 08 May 20:02
nextcollapse
Got me to disable sendrefererheader. We’ll see if that breaks anything…
principalkohoutek@hexbear.net
on 08 May 20:12
nextcollapse
Ty for sharing
gary_host_laptop@lemmy.ml
on 08 May 20:17
nextcollapse
Yeah it had 21 data points on me, and all of them except for “Browser Language: English” were incorrect. Which I guess means my setup is doing okay lol.
Collatz_problem@hexbear.net
on 09 May 06:09
collapse
Doesn’t matter if it is incorrect if it is always incorrect in tge same way.
Good point! Now I have to figure out some way to randomize my browser nonsense…
Darkassassin07@lemmy.ca
on 08 May 20:39
nextcollapse
The only thing in there I find surprising is the battery info. I’m not sure what legitimate use a website would have for that one. And perhaps that the gyro isn’t behind a permission. There’s pages that use it for 360 video for example, but you should have to allow that one.
Your IP address is a fundamental part of communication over the Internet, obviously the servers you speak to are going to need to know where to send their replies. There are ways to mask that ofc; proxies, vpns, etc.
Timezone+Language are needed for localization.
Display information and preferences, to render things correctly/as desired. Desktop web pages look like crap on a mobile display (and what type of mobile? Tablet, or phone?), plus they can’t (well, shouldn’t) show things in darkMode unless you tell them that’s what you want…
Cookies: it does say 0mb stored by others for me, but that’s not entirely true. Sites are typically given independent storage so they can’t read eachothers cookies, but they can work together to have one site read its own cookies and pass that on to the site you’re currently visiting, on request, all embedded in the original page you were viewing. Just because they can’t read eachothers storage directly doesn’t necessarily mean thay can’t get the data. 10gb per site seems like an absurdly high limit for this though. You could store whole movies in that space.
Visibility is one I’ve known but never really liked. The only ‘legitimate’ use for that I’ve seen is pausing media when it leaves your screen (or waiting to start media until its entered view), but half the time that’s undesirable anyway. Why should a site know if, when, and how long I’ve looked at a particular portion of the page?
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you’re unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
I don’t know. But it’s random, which gives sites a “false sense of fingerprintability” each time.
brbposting@sh.itjust.works
on 10 May 07:26
collapse
EFF updated their site since last check months ago, seeming to confirm theory
<img alt="Our tests indicate that you have strong protection against Web tracking. IS YOUR BROWSER: Blocking tracking ads? Yes Blocking invisible trackers? Yes Protecting you from fingerprinting? ◕ your browser has a randomized fingerprint" src="https://sh.itjust.works/pictrs/image/20346b70-5794-498f-9bd9-ae2a54310eba.png">
that’s pretty comprehensive, and similarity ratios show how easy it is to create a unique fingerprint for somebody if you hash a few of these metrics together for example.
It sounds like an Android/Google issue. The website told me that it could not read my gyroscope because I’m on iOS and Apple has not allowed websites to read it since 2019.
Well, it got my internet provider and where I lived wrong and everything else was technical stuff that would make sense for a website to know to serve me a website.
Programman4233@lemmy.dbzer0.com
on 08 May 21:07
nextcollapse
Programman4233@lemmy.dbzer0.com
on 09 May 09:19
collapse
I don’t anything about web development, so I assumed websites told browsers: ‘Hey type this text in X font.’ If the machine didn’t have that font the browser would fall back to another font.
that would be a sensible way to do it, but turns out the browser leaks a lot of this information to the site because reasons
TherapyGary@lemmy.dbzer0.com
on 10 May 02:40
collapse
That is how it works, but that fall back tells the website what is and isn’t available. Websites don’t get a list provided by your browser- this website tests a big list of them:
/* Fonts — measured via width comparison; the device names what it carries */ const testFonts = ['Helvetica Neue','Georgia','Courier New','Comic Sans MS','Impact','Trebuchet MS','Palatino','Garamond','Futura','Gill Sans','Verdana','Tahoma','Lucida Console','Cambria','Consolas','Menlo','Monaco']; const installed = []; const probe = document.createElement('span'); probe.style.cssText = 'position:absolute;left:-9999px;font-size:72px;visibility:hidden'; probe.textContent = 'mmmmmmmmlli'; document.body.appendChild(probe); probe.style.fontFamily = 'monospace'; const baseW = probe.offsetWidth; testFonts.forEach(f => { probe.style.fontFamily = '"' + f + '",monospace'; if (probe.offsetWidth !== baseW) installed.push(f); }); document.body.removeChild(probe);
I use a custom font on one of my websites with the font files hosted on my server, which it offers to the browser, but it can be overridden by user accessibility settings
Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique — like a fingerprint made of letters
What the fuck why is my browser telling random websites what fonts I have installed? Shouldn’t that be completely irrelevant to everyone except me and my particular device?
Dirt_Possum@hexbear.net
on 08 May 23:01
nextcollapse
It should be, yes. But browsers like Chrome are literally made by the company that stands to profit from fingerprinting you, so they’re always going to be made to make it easy to do just that. Firefox at least has “resist fingerprinting” option which apparently can limit font visibility to only base system fonts rather than fonts you installed and language-pack fonts. LibreWolf has this on out of the box.
The site could also be set to display whatever font it wants but also set to list standard fonts that also work which the browser can then choose from on the user’s end if the user doesn’t have the first choice font. That way you the user don’t have to worry about it and there is no way to fingerprint by the browser just handing out an entire list of fonts installed on the user’s system. There are plenty of ways to make things like this work, but the incentive is to keep them as they are or to increase uniqueness so people can be more easily fingerprinted.
The browser knows and shares way more than this… One of the worst offenders is the list of installed fonts. Pretty sure I stick out so hard just on that.
This specific website only shows information that the browser is freely offering. Basically you open the page, and without the website even asking for anything, that’s the information it’s getting. It’s not querying any data points, or trying to tie any of them together. This is just your browser saying “Hi, we just met, so here’s a bunch of stuff you may want to know about me.”
If they want to know more, they can just ask and the browser will give more information. If there’s information the browser doesn’t want to share, the website can infer a bunch more information.
akunohana@piefed.blahaj.zone
on 08 May 23:26
nextcollapse
Quite fear mongering and not very educative. Throws around a lot of terms whose meanings are not explained, nor are there links to further descriptions. This doesn’t help people who need to know about this stuff. If you already know about this stuff, it doesn’t really add any value.
There are links and more info when you get to the bottom, you can click on sources. It gives you info and what to do about it, with links to sites like EFF.
akunohana@piefed.blahaj.zone
on 09 May 07:01
collapse
Shouldn’t that be the provenance of the device itself though. My phone already allows me to set a threshold when it should go to night mode for example. The system can tell the browser to switch rendering to night mode. There’s no real reason for the browser then to report to the site.
I tried it with Tor browser on a standard OS, hoping I’d get a similar result to what you got using Tor on Whonix, etc. It fed me a line about how my information was still shared but because javascript is turned off, it can’t tell me what that information is. More like it won’t tell me, because amiunique.org and other sites like this do so just fine. I know I can turn js on and reload, but part of the point would be to see the difference in info shared with it on vs off but this place can’t test that.
Honestly I would rather they fingerprint compared to running random code from websites.
floquant@lemmy.dbzer0.com
on 09 May 02:47
collapse
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
Interesting, I wonder how unique the fingerprinting is though, they don’t give you any specific stats.
Is it really possible to identify me with like 1/100 precision for example, if you don’t have my real IP, real country, no trackers, and all you have is a list of fonts, my graphics card, and the browser info?
blargh513@sh.itjust.works
on 09 May 02:23
nextcollapse
That’s the magic of fingerprinting. They don’t need what we would consider are the “real” signals like IP address anymore.
They can create a composite value based on boring stuff like the things you mentioned, plus a few others. They can pull fun stuff like the details of your TLS handshake OS, browser, versions of various plugins/addons, etc. Given 20+ signals they can fingerprint you pretty well. They store it and just profile you, follow you around.
VPNs, privacy addons are just more signals to use to fingerprint you. You stand out even more when you try to hide. It’s been this way for a while now.
I don’t understand why this should be inherently impossible. If you buy a separate device, and use that exclusively for one thing and do not cross-contaminate, that should work to avoid fingerprinting right? And this is all information that your computer is voluntarily providing, and is I assume possible to change independently from the hardware. So why not?
brbposting@sh.itjust.works
on 09 May 06:46
collapse
The way and what you type, how you move your mouse, when you browse…
Think we can make things more difficult, but just assume tracked everywhere. Won’t know about browser privacy 0days either for who knows how long.
Some stuff has to be reported accurately for stuff to work well, like screen size. Other stuff can be and is faked, even by Apple out of the box I’m pretty sure.
Some stuff has to be reported accurately for stuff to work well, like screen size
Ah yes, CSS, the famously serverside technology
brbposting@sh.itjust.works
on 09 May 09:09
collapse
CDNs serve different sizes accordingly I thought? Sometimes. Deliver pages faster without noticeable image compression. Don’t some large sites do this all the time? Based on viewport size
I don’t know but I want a browser layer that lies about it and then renders the page in a way that doesn’t send back more information, and I think it would probably work and only be slightly buggy.
brbposting@sh.itjust.works
on 09 May 20:44
collapse
Yes, I want to appear to be using the same device as like anyone. Think that’s rather Tor’s philosophy.
megaman@discuss.tchncs.de
on 09 May 13:38
collapse
The separate computer would be fingerprinted. Unless you mean a separate computer every time you go on the web.
Yeah, I kinda wish the site generated a hash or something because I’ve got an extension that fakes the canvas results, but the site says those identifiers are unique for me… But are they the same unique (which indicates the extension isn’t doing anything) or different each time (which might even make the others less useful if it aggregates everything?
I did notice earlier today that the YouTube recommendations were all actually related to the video I was currently watching instead of it trying to get me to go down a rabbit hole I’ve already been down even logged out, like it does on my desktop where I haven’t installed that extension.
tristynalxander@mander.xyz
on 09 May 01:09
nextcollapse
I definitely have misleading information on there, which is great, but I probably need more.
colourlessidea@sopuli.xyz
on 09 May 09:40
collapse
Does it matter for fingerprinting if the information is misleading? Unless it’s changing dynamically I guess it’s still helps in identifying a user
tristynalxander@mander.xyz
on 09 May 15:33
collapse
Yeah, I think there are two problems. One issue is that they profile users both for ads and manipulative algorithmic content, and I’d like them to profile me incorrectly in most cases (except like they are less likely to try to sell people on linux things, that’s a great thing I’d like to keep in the profile). The other issue is that they follow individual users using this fingerprinting, again this can be used both to sell things and to manipulate, but it’s a tad creepier since it tracks how you’re unique even compared to people superficially similar to you.
Ideally, I’d like some extension where I can look at values and either keep them, set them, or randomize them.
TherapyGary@lemmy.dbzer0.com
on 09 May 01:32
nextcollapse
Can’t trust vibecoded website tbh cause they’re just saying BS there, as longest the javascripts off, it wouldn’t be able to obtain the obvious data of your devices
iglou@programming.dev
on 09 May 11:20
nextcollapse
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
If you’re referring to browser user agent, then yes it’s trackable but other than that it is useless with no JS cause it can’t access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don’t use “most browser” like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
That’s a cool project but most websites are using JavaScript for tracking, and I doubt most website have the afford to even use CSS just to track someone who doesn’t have JS on.
ShowSuperb9281@thelemmy.club
on 09 May 19:16
collapse
How do I turn off JavaScript?
RememberTheApollo_@lemmy.world
on 09 May 05:04
nextcollapse
I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.
Well then I am glad that it got most of it wrong. I don’t even put thaat much emphasis on fingerprinting countermeasures. Apparently, using Firefox in a private tab is enough.
DornerStan@lemmygrad.ml
on 09 May 05:43
nextcollapse
It’s been a few years since I was invested in this topic, but I think the “meta” for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.
Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.
Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.
Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don’t want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.
For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a “blocks JavaScript flag” is just a single unique identifier.
Sandboxing and siloing can also mitigate some of the risk, and is relatively painless once implemented.
All of it comes down to threat model and motivation. You can probably get like 70% better privacy/security for 20% of the work, which is a good standard for a typical usecase/person. Install ublock, disable some of the higher risk and less useful tracking (websites don’t need my fucking battery and gyroscope).
Diminishing returns start to hit hard, in part due to the passive fingerprinting / active tracking tension, due to cloudflare, due to everyone around you that doesn’t give a shit. Anything on the other end of the risk spectrum should just be done without a smartphone in the vicinity, if possible.
The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
Bane_Killgrind@lemmy.dbzer0.com
on 09 May 19:36
nextcollapse
I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??
Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose
Bane_Killgrind@lemmy.dbzer0.com
on 09 May 20:15
collapse
Well maybe fingerprint duplication, some secure proxy provides a profile to follow/ plugin to install and all their customers look identical. Still gets your traffic pegged as a customer of that service.
The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.
Ironfacebuster@lemmy.world
on 09 May 22:30
nextcollapse
Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!
Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.
I’ve never heard of that kind of network, is that a US thing? I can’t imagine having my traffic routed, as the person I replied to said, to the other side of the country before being routed to the proper destination. That is so incredibly inefficient and unnecessary. Not to mention the single point of failure.
Edit: And it makes hosting a public facing server at home a nightmare… I see no benefit to this except not having to get a large IP range to properly assign them to your customers, which sounds like capital efficiency rather than decent user experience. Did I get it right, is this a US thing? :D
Edit 2: And there are a lot of systems IP-banning abusers (it is, in fact, one of the most basic recommendations), meaning that if someone sharing that public IP gets IP banned, the entire customer group sharing the IP is troubled. Even worse if it ends up on a shared blacklist…
What the website see is the current IP of the used ISP server in this moment. In the last check it was Madrid, several hundreds km from my real home. The public IP isn’t the same as my user IP, which only know my ISP and I (and the police by the ISP, if exist a court order). The public IP don’t show your real location, the website only can use your GPS data if you have it activated or if it appears in your account data (Google, Google Maps).
The public IP location is not precisely your location because your IP address does not convey that information at all. Services that locate an IP guesstimate based, mostly, on what range your IP is a part of, and what public data is available about that range.
I’m not sure about Spain (pretty confident it is the same, only a capitalist hellhole would do what you suggest), but in France and the Netherlands at least, your IP (the one a website sees) is always yours and yours only, not the IP of some ISP server.
If you can open your ports in your router and access them from the internet, then your public IP is yours. Most people can (even with a dynamic IP). If it was an ISP server, you wouldn’t be able to.
The thing a european ISP usually do is assign a dynamic IP, so that while your IP is assigned to your home router and yours only at a moment in time, it will likely change the next day, and will always change on a reboot of your router. But it still is your router’s IP at that moment in time, not a random ISP server. IPs are not physically assigned to a device
My home IP is mine, fixed, and I can verify that it is indeed my router. Yet the location of it according to locators is the other side of the country. The location locators give you for your IP being different to your actual location is not a proof that your public IP is not your actual home IP at all. And that is because an IP is not tied to a location and only your ISP can tell the location of their IPs.
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
neon_nova@lemmy.dbzer0.com
on 09 May 11:38
nextcollapse
How can you tell that it was vibe coded? Genuine question.
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
neon_nova@lemmy.dbzer0.com
on 09 May 15:38
nextcollapse
Thanks! I’ll have to keep an eye out for those things.
Bane_Killgrind@lemmy.dbzer0.com
on 09 May 19:28
nextcollapse
You know it’s just counting the change in acceleration in your phone’s gyroscope chip or whichever it is. If you are typing something the phone “moves” twice with each swipe.
This page is just putting numbers it’s collecting from your phone into a template paragraph.
TranquilTurbulence@lemmy.zip
on 10 May 05:13
collapse
LLMs always write with a very dramatic tone. I really hate that high impact language now.
AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn’t necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
How many points of identification are needed to positively ID you? Something like 35 IIRC according to Cover Your Tracks/EFF? Might be remembering wrong 🤔
I have 7 3dof fullbody trackers for vrchat (cough cough !VRChat@sh.itjust.works cough cough) and they’re so damn inconsistent and need to constantly be ready to be calibrated to line up with what your body is actually doing. Having 1 3dof device can definitely detect walking or swinging, no shot it can tell if you’re in bed or on a couch
It told me I was likely sitting while I was sitting at my dining table. I assume if your phone is angled more towards the ground it would say you’re in bed.
fingerprint.com is an actual tracking company, while the front page doesn’t show what it knows it shows weather it has seen you before.
You can setup browsers to randomize fingerprints (tor does this automatically) so while your browser fingerprint is almost always unique you can see if it changes enough so it doesn’t recognise you across accesses.
WorldsDumbestMan@lemmy.today
on 10 May 08:19
nextcollapse
It already got my location very wrong.
luciferofastora@feddit.org
on 10 May 08:31
nextcollapse
It identified my many-years-old phone with “360x760 pixels rendered at 3x density” screen as “recent, high-end display”. Bitch, this wasn’t even high-end when I bought it. It was small, it was cheap, it was barely “recent” when I bought it.
Thanks for sharing, I was already using a decent anti-fingerprinting browser (Fennec) but the fact that it gave away my timezone made me research a bit more and I’m now on IronFox, which has a toggle to spoof it, and reports a fake screen resolution. Great! I’m now unique on coveryourtracks though
threaded - newest
Scary
Really interesting and slightly scary, thanks for sharing!
Very well done site!
So a prettier and minimal version of coveryourtracks.eff.org ?
Kinda like they feed Cover Your Tracks to an LLM’s template so you can experience the data in narrative form
(No LLM used when you visit the site, just when they built it, is what I’m guessing here)
This is a much more detailed, less “fear mongering AI” version of the other website. Thanks for sharing!
I prefer www.deviceinfo.me
Interesting that this one doesn’t detect my battery (says it’s blocked) but the one OP posted can see it
It seems to be based on how the website is interpreting the browser. I got mine correct but with the battery mentions Firefox and a removed API. I wasn’t using Firefox.
iOS and the browser I use block a lot of stuff from being visible, interesting!
I get a blank page?
Site feels very LLM generated - in particular the writing just feels off
Could you explain why it would be in any way relevant if that was the case?
I’m interested in the people that make the stuff I consume. When I read something or enjoy a piece of art, much of the enjoyment is imagining why the artist made the decisions they did. If it was made by AI, the answer is much less interesting.
This is not a piece of art, it’s a piece of educational material showing people what information websites collect about them. But it’s also fascinating how you could enjoy something if you didn’t know how it was produced, and then the act of knowing would remove the enjoyment you were deriving from it.
Would you feel differently about, say a book you read and somewhat enjoyed if you later learned it was written by a fascist? It sure would make a difference to me. Have you never consumed any sort of media that you later felt was tainted by who created it, or used a product that you later decided not to use again after learning how it was produced? There’s even a colloquialism referring to this very thing, about “knowing how the sausage is made.”
Sure, because it would be tainted by another individual with goals and intentions different from my own. Being upset that something was made using a particular tool is quite different from that. Also, do you get upset looking at a beautiful sunset just because no human designed it intentionally?
I was taking the statement about what you found “fascinating” in isolation because it was phrased as such. You were surprised that the other commenter could find enjoyment in “something” not knowing how it was produced then feel less enjoyment after learning more. That is a silly thing to be “fascinated” by because it is something that the vast majority of us are keenly familiar with. But because that commenter has qualms about AI which you don’t, you suddenly can’t understand how later information about something can alter one’s enjoyment of it? It’s an absurd thing to say. As is your sunset question. I don’t get upset looking at most AI slop either, but I absolutely do place it in a different category than either a natural phenomenon or something I know was made by human expression and if you can’t understand or recognize that difference, I don’t know that anything I could say could help you with that.
Last I checked, LLMs have no will or agency of their own. Literally everything they produce is an artifact of a human expressing themselves. The argument is regarding how much effort a human is expected to put in and what tools they use to express themselves. Apparently, when a certain arbitrary threshold is reached, then it’s no longer human responsible for producing something.
Yeah I guess it was human expression that confidently insisted superglue was a safe ingredient to put on my pizza to hold the cheese on it. I don’t even give much of a shit about LLM slop on the occasions it’s accurate, it was your bad faith and absurd response to the other commenter that I was calling out which you ignored in order to shift the discussion to philosophical arguments about AI that make you sound like the entrepreneur genius Sam Altman or the other tech bro capitalists trying to keep that bubble from popping.
Yeah, because we didn’t have stuff like flat earthers before LLMs. That’s totally a new phenomena never ever observed in humans. All these arguments are bullshit, and you all know this deep down. LLMs are just a tool, it’s another form of automation, there’s nothing magical about these things. And people are just losing their shit over it, and it’s frankly tiresome.
If intelligently designed sunsets were an option, I’d probably like those more. You raise a good point, we might just like all these “natural beauties” because we haven’t anything else.
Or perhaps the beauty is in the eye of the beholder. We are able to appreciate things that look interesting without them having been designed, and they can trigger emotions and ideas within our own minds that are meaningful to us. Even with human created artifacts, we do not know what the artist was thinking vast majority of the time, or what they were actually trying to convey. We interpret the work using our own thoughts and experience. So, even with the most meticulously human generated art, it is the viewer projecting their own meaning onto it.
I’ll still eat that slop
The enjoyment includes the feeling of reaching out to another person’s mind. Finding out there is no mind is like expecting stairs where there are none and stepping into emptiness.
That’s just complete misunderstanding of how people use these tools. The intention still comes from somebody’s mind. Somebody had an idea and they used the tool to execute it.
They’re the client, not the artist. There is no artist and no artist’s mind to connect to.
In the same way a photographer is a client of the camera.
I cannot begin to explain the misunderstandings in this statement.
That’s because there is no misunderstanding in this statement. It’s just that your argument happens to be incoherent.
piefed.social/…/i-ve-finally-understood-what-my-b…
I came across this post the other day, and this person has put into words what I have simply failed to.
In short; AI makes the world feel empty and hollow. Many people enjoy the process behind the things we create or encounter, even if it wasn’t us to go through that process. Replacing it with AI removes the human touch/connection that made that thing interesting. I don’t want to know about the faceless algorithm that spat out what I’m seeing; I want to know about the person that created this and their experiences that brought them here.
I mean that’s fine, but plenty of things in our modern life are mass produced, and utilitarian. Everything doesn’t need to be art. For example, I don’t need my toothbrush to be crafted by an artisan, nor do I care if a website that shows stats collected by the browser was artisanally coded or not.
True; however many of the current use cases for AI aren’t utilitarian, but are instead forcibly replacing artists while stealing their work to do so. Ontop of this, the infrastructure behind/supporting these tools is destructive and measurably making a significant amount of peoples lives worse.
These factors have jaded people against AI as a whole; as support for AI is seen as support for the destruction and instability it’s brought with it.
And the rest of us are just tired of people braying about AI in every single thread. People just have to learn how to deal with their personal issues without spamming about their feelings everywhere. I see far more people screeching about AI than actual AI generated content at this point. These tantrums add absolutely nothing to any discussion, and they’re just noise.
“I’m tired of listening to people complain about their or their friends lives being uprooted and my indifference to those problems”
Good, it’s working. People are shying away from creating/posting AI content, knowing it’s very vocally unwanted.
Not really, people are just tired of your spam.
People are tired of slop.
I’m tired of people screeching about slop in every thread about any subject. Please try being tired of slop quietly in your own head. Or make a community where people who enjoy hearing other people screech about slop can yell at each other how much you all hate slop.
I’m perfectly fine here in this community of people telling you to take the slop elsewhere.
yes, you’re perfectly fine being part of an obnoxious crowd of people flooding every thread to prevent any meaningful conversation from happening with your slop
We’re not the root cause of the disruption.
Yes, you literally are. Your slop is distracting from meaningful conversations.
The root cause is people posting AI slop where it’s not welcome. If they could at least take that somewhere else, discussions could continue in peace.
Do you complain about people asking you to take a shower or leave because they don’t like to smell you?
Nobody made you the arbiter of what’s welcome. I don’t find your noise welcome. If you choose to be obnoxious don’t expect people to agree with the message you’re trying to deliver.
You’re getting enough opposition from enough people to be annoyed by it. You may safely assume that the community has decided what’s welcome and what isn’t.
both of you must be very proud
If it’s only two people including me, it should be very easy to block us and continue on your merry way.
And you’ll just continue harassing other people. The problem with you lot is that you declare something to be LLM generated, without any actual evidence I might add, then derail the whole thread so you can bray about how much you hate AI. You are far more obnoxious than any AI generated content I’ve seen.
Weird, it’s as if you haven’t read a thing I’ve written.
You will continue to be told to remove the AI slop. Get with the times or be left behind because opposition against AI slop is here to stay. It is much better for your mental health to stop resisting. Not everybody is born privileged with a talent for spamming communities with unwanted content. Opposing AI slop is democratising access to people’s attention.
You can stomp your feet all you like, but all you add is noise and toxicity. You’re basically like an annoying mosquito hovering around conversations people are trying to have.
And yet you find it impossible to ignore us.
yes, like annoying mosquitoes, being an annoyance is not something most people are proud of, but clearly you’ve set your standards low
Right back atcha.
I’m not the one sealioning into your threads
I’m actually going to make a separate point from my other comment:
Art is a matter of perspective.
Maybe you don’t care about how your toothbrush was designed; but someone somewhere sat down and made decisions about how to best shape it, what materials to use, what kind/how many/what thickness of bristles, how to color it, etc. Those were decisions made from experiences that person had which they chose to factor into their designs.
Someone else out there is interested in what led to those design choices, perhaps to design their own with improvements or changes, perhaps just out of curiosity. They can’t ask an algorithm why it made the choices it did and have a discussion about the details; but they could with a person.
What some find disinteresting, others immerse themselves in. AI destroys those opportunities for human connection. Human connection we already struggle to find as a species.
You might not care how this site was created, but some do. The use of an LLM has made it impossible to discuss the choices made, because there weren’t any decisions, just an algorithm spitting out letters one after another…
That’s just a complete straw man that stems from having utter lack of understanding how people actually use LLMs. Here’s one example for you from Terence Tao mathstodon.xyz/@tao/115855840223258103
AI generated is just a stand in for hollow & over-dramatized here. Probably I could enjoy AI generated content if it wasn’t shit. The claims on the site reminiscent of 14y/o skids trying to scare each other: “uhhh I got your IP I will hack you now!1!1”, except now you have access to some chatbot subscription to make it sound like it’s a big deal.
It is a big deal how much the browser shares about you without people realizing. No one thinks about these things.
If you use a VPN on Spain you might think you’re safe but then your timezone is saying you’re in Ireland. You thought you were fooling them buy you really aren’t. You can’t outsmart fingerprint and I wish people made a bigger deal about this so actual solutions get implemented.
Sites like these raise awareness which is quite important.
So, just say that. You think site is hollow and over dramaticized.
because if you lack the ability to discern whether or not something is actual useful feedback or hallucinated AI garbage then it’s worthless
“knowing” something wrong is arguably worse than not knowing anything at all
Oh boy, if you think humans are never wrong and trust human generated content implicitly, prepare to be surprised.
rank condescension aside
if you are somehow incapable of realizing that leaning on AI only exacerbates the problem you’re talking about then idk what to tell you
The point here is that we already lived in a world where you can’t just take things on faith. The AI changes fuck all about that.
yeah your point was easily understood the first time, mine was that there’s no reason to go out of your way to make the problem worse by constantly shitting out slop everywhere
but you seem to greatly enjoy your garbage so whatever
I scrolled “103% of the way down”
I had scrolled 32% when I reached the end.
The website says it uses templates, but they were written by “Matt”. Not sure if that’s an LLM, but it’s at least not using LLMs each time a user visits
Got me to disable sendrefererheader. We’ll see if that breaks anything…
Ty for sharing
it didnt catch much stuff and a lot was wrong lol
switch timezone to same as yours but different country, use vpn, obfuscate fonts in browser,obfuscate language used, only gpu is exposed unavoidably
Mine said gpu was hidden, Firefox mobile
It got my GPU completely wrong tho, it showed it was many generations older than it really is.
Yeah it had 21 data points on me, and all of them except for “Browser Language: English” were incorrect. Which I guess means my setup is doing okay lol.
Doesn’t matter if it is incorrect if it is always incorrect in tge same way.
Good point! Now I have to figure out some way to randomize my browser nonsense…
The only thing in there I find surprising is the battery info. I’m not sure what legitimate use a website would have for that one. And perhaps that the gyro isn’t behind a permission. There’s pages that use it for 360 video for example, but you should have to allow that one.
Your IP address is a fundamental part of communication over the Internet, obviously the servers you speak to are going to need to know where to send their replies. There are ways to mask that ofc; proxies, vpns, etc.
Timezone+Language are needed for localization.
Display information and preferences, to render things correctly/as desired. Desktop web pages look like crap on a mobile display (and what type of mobile? Tablet, or phone?), plus they can’t (well, shouldn’t) show things in darkMode unless you tell them that’s what you want…
Cookies: it does say 0mb stored by others for me, but that’s not entirely true. Sites are typically given independent storage so they can’t read eachothers cookies, but they can work together to have one site read its own cookies and pass that on to the site you’re currently visiting, on request, all embedded in the original page you were viewing. Just because they can’t read eachothers storage directly doesn’t necessarily mean thay can’t get the data. 10gb per site seems like an absurdly high limit for this though. You could store whole movies in that space.
Visibility is one I’ve known but never really liked. The only ‘legitimate’ use for that I’ve seen is pausing media when it leaves your screen (or waiting to start media until its entered view), but half the time that’s undesirable anyway. Why should a site know if, when, and how long I’ve looked at a particular portion of the page?
re: visibility Some sites have heavy visual effects that are paused when you tab out, which is a good use of the feature.
This ones my fave: amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you’re unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
Yay, I’m completely unique! I won!
Wait a minute
Attribute number 1 already says 0%. We’re done here.
They basically asked for your name, birth date, and mother’s maiden name, and your browser just gave it to them and offered even more.
TIL LibreWolf randomizes some fingerprinting targets.
Yes and it will appear unique every time because every visit is using a different combination.
You’ll be unique be less trackable.
i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i’m ultra unique:
Somehow safari on an iPhone is also unique.
Check next week or in a new private tab now, prob be unique then too—think Apple’s fuzzing/reporting some noise/junk data for us.
Canvas:
<img alt="" src="https://sh.itjust.works/pictrs/image/30a12712-dcee-4038-9b59-fef353bc2b05.png">
& WebGL:
<img alt="" src="https://sh.itjust.works/pictrs/image/dc867989-1109-4310-9f36-ad2381533ef0.png">
gotta be noisy, here’s hoping!
Look at my epic WebGL render: <img alt="" src="https://lemmy.today/pictrs/image/5a3e54f4-84a0-49ff-b51d-c9bb2fa98204.png">
How exactly is this rendering artifact generated?
I don’t know. But it’s random, which gives sites a “false sense of fingerprintability” each time.
EFF updated their site since last check months ago, seeming to confirm theory
<img alt="Our tests indicate that you have strong protection against Web tracking. IS YOUR BROWSER: Blocking tracking ads? Yes Blocking invisible trackers? Yes Protecting you from fingerprinting? ◕ your browser has a randomized fingerprint" src="https://sh.itjust.works/pictrs/image/20346b70-5794-498f-9bd9-ae2a54310eba.png">
Nice (& I’m unique again on AmIUnique)
The percentage of, normally, privacy-aware people
that’s pretty comprehensive, and similarity ratios show how easy it is to create a unique fingerprint for somebody if you hash a few of these metrics together for example.
Is there no add on, for Firefox, for example, to stop or confuse fingerprinting?
Any suggestions?
For Android.
You can enable RFP on Firefox Android with about:config. Or just install IronFox/WebLibre, they’ll do it for you.
About:config doesn’t work on my android Firefox.
I should switch.
My Mum always said I was unique.
Now I have proof!
Just being in Australia, and setting the timezone correctly gets you to below 0.6%
😒
dang, even with vanadium on graphene i am very uniquely identified. I suppose it can’t be helped these days.
I am unique cause I set language to EN-GB :D I guess their dataset is us centric
I like clickclickclick.click
I am a unique signiture but it also got my OS wrong and couldn’t get my time zone
Y’all I think I won privacy
what does “You are unique among the 5119710 fingerprints …” mean?
Funny how websites can read the gyroscope. It can also be used as a microphone. crypto.stanford.edu/gyrophone/
Madness! This should entire shit show should incur a stalking charge. It’s disgusting this is even allowed.
It sounds like an Android/Google issue. The website told me that it could not read my gyroscope because I’m on iOS and Apple has not allowed websites to read it since 2019.
Well, it got my internet provider and where I lived wrong and everything else was technical stuff that would make sense for a website to know to serve me a website.
why would my browser share a list of fonts?
so the site knows what it can render
I don’t anything about web development, so I assumed websites told browsers: ‘Hey type this text in X font.’ If the machine didn’t have that font the browser would fall back to another font.
that would be a sensible way to do it, but turns out the browser leaks a lot of this information to the site because reasons
That is how it works, but that fall back tells the website what is and isn’t available. Websites don’t get a list provided by your browser- this website tests a big list of them:
/* Fonts — measured via width comparison; the device names what it carries */ const testFonts = ['Helvetica Neue','Georgia','Courier New','Comic Sans MS','Impact','Trebuchet MS','Palatino','Garamond','Futura','Gill Sans','Verdana','Tahoma','Lucida Console','Cambria','Consolas','Menlo','Monaco']; const installed = []; const probe = document.createElement('span'); probe.style.cssText = 'position:absolute;left:-9999px;font-size:72px;visibility:hidden'; probe.textContent = 'mmmmmmmmlli'; document.body.appendChild(probe); probe.style.fontFamily = 'monospace'; const baseW = probe.offsetWidth; testFonts.forEach(f => { probe.style.fontFamily = '"' + f + '",monospace'; if (probe.offsetWidth !== baseW) installed.push(f); }); document.body.removeChild(probe);I use a custom font on one of my websites with the font files hosted on my server, which it offers to the browser, but it can be overridden by user accessibility settings
Further, why are the fonts unique? Why doesn’t every phone of the same model with the same languages have the same fonts enabled?
Wildly inaccurate for me.
What the fuck why is my browser telling random websites what fonts I have installed? Shouldn’t that be completely irrelevant to everyone except me and my particular device?
Thats part of how you’re fingerprinted.
It should be, yes. But browsers like Chrome are literally made by the company that stands to profit from fingerprinting you, so they’re always going to be made to make it easy to do just that. Firefox at least has “resist fingerprinting” option which apparently can limit font visibility to only base system fonts rather than fonts you installed and language-pack fonts. LibreWolf has this on out of the box.
So it can know which fonts it can use and your device would be able to display them?
Why doesn’t it just let the site display whatever it wants and let me worry about the issue of whether they display properly
The site could also be set to display whatever font it wants but also set to list standard fonts that also work which the browser can then choose from on the user’s end if the user doesn’t have the first choice font. That way you the user don’t have to worry about it and there is no way to fingerprint by the browser just handing out an entire list of fonts installed on the user’s system. There are plenty of ways to make things like this work, but the incentive is to keep them as they are or to increase uniqueness so people can be more easily fingerprinted.
The browser knows and shares way more than this… One of the worst offenders is the list of installed fonts. Pretty sure I stick out so hard just on that.
List of fonts is in there.
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
Enable the kill switch in the VPN settings of Android
lolno
Both recent and high end are rather flexable terms, open wide to interpretation.
So it doesn’t mean anything and only sounds scawwy, cool.
Looks like it doesn’t know shit about me. Just that I am on an iPhone and my general location from the IP. Not surprising at all.
Maybe this is more thrilling for android users?
Nothing exceptional here, except it did know I was on an android. Guess its time to change all my passwords lol.
This specific website only shows information that the browser is freely offering. Basically you open the page, and without the website even asking for anything, that’s the information it’s getting. It’s not querying any data points, or trying to tie any of them together. This is just your browser saying “Hi, we just met, so here’s a bunch of stuff you may want to know about me.”
If they want to know more, they can just ask and the browser will give more information. If there’s information the browser doesn’t want to share, the website can infer a bunch more information.
Quite fear mongering and not very educative. Throws around a lot of terms whose meanings are not explained, nor are there links to further descriptions. This doesn’t help people who need to know about this stuff. If you already know about this stuff, it doesn’t really add any value.There are links and more info when you get to the bottom, you can click on sources. It gives you info and what to do about it, with links to sites like EFF.
Well, don’t I have egg on my face.
I almost missed it myself! The site doesn’t make it as clear as they could.
I found it interesting that it knows my battery level and current orientation of the phone.
I can understand the latter since it might want to render differently, but why does it need to know the battery level?
Potentially to activate battery-saving features? Like AMOLED-black mode if your battery is <15 % or something (and your screen is AMOLED)
Shouldn’t that be the provenance of the device itself though. My phone already allows me to set a threshold when it should go to night mode for example. The system can tell the browser to switch rendering to night mode. There’s no real reason for the browser then to report to the site.
So that Uber will charge you a higher rate when the battery is low
I don’t even know it it’s /s anymore
certainly how making your battery level available to apps is getting used I’m sure
On Firefox android both the battery level and graphics card information were not available. But it was described as another data point regardless.
It got my phone’s orientation wrong
Same tbh
Well. That’s horrifying. Thanks, I guess.
Opend it in Tor Browser inside a Whonix dispVM inside Qubes OS it got nothing on me
I tried it with Tor browser on a standard OS, hoping I’d get a similar result to what you got using Tor on Whonix, etc. It fed me a line about how my information was still shared but because javascript is turned off, it can’t tell me what that information is. More like it won’t tell me, because amiunique.org and other sites like this do so just fine. I know I can turn js on and reload, but part of the point would be to see the difference in info shared with it on vs off but this place can’t test that.
all trackers hate this one trick
<img alt="" src="https://slrpnk.net/pictrs/image/1e63d405-64d2-4d6a-99d4-497d1feaf6ef.png">
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
Nothing makes you more unique than being one of the few people who disable java script
Better a known locked door than inviting them into your home
Honestly I would rather they fingerprint compared to running random code from websites.
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
Welp, my user agent switcher is successfully purporting to be a different operating system.
So uh… By using fennec and sometimes a VPN. Am I making myself more unique and fingerprint able?
Should I be using something that sends randomised bogus data instead?
Here I thought I was private but some of these 1% figures makes it look like I’m very unique and easily tracked.
Mine is sending that my primary language is English, but that I know other languages (I don’t), but it’d be nice to have a tool messes with them more.
Interesting, I wonder how unique the fingerprinting is though, they don’t give you any specific stats.
Is it really possible to identify me with like 1/100 precision for example, if you don’t have my real IP, real country, no trackers, and all you have is a list of fonts, my graphics card, and the browser info?
That’s the magic of fingerprinting. They don’t need what we would consider are the “real” signals like IP address anymore.
They can create a composite value based on boring stuff like the things you mentioned, plus a few others. They can pull fun stuff like the details of your TLS handshake OS, browser, versions of various plugins/addons, etc. Given 20+ signals they can fingerprint you pretty well. They store it and just profile you, follow you around.
VPNs, privacy addons are just more signals to use to fingerprint you. You stand out even more when you try to hide. It’s been this way for a while now.
Is there any way to browse the web without being fingerprinted, short of literally using a separate computer
Really?
No.
It’s been this way for a while. At best, you can use some techniques to provide plausible deniability from a legal perspective.
Not that laws matter anymore.
The best you can do is try to blend in.
I don’t understand why this should be inherently impossible. If you buy a separate device, and use that exclusively for one thing and do not cross-contaminate, that should work to avoid fingerprinting right? And this is all information that your computer is voluntarily providing, and is I assume possible to change independently from the hardware. So why not?
The way and what you type, how you move your mouse, when you browse…
Think we can make things more difficult, but just assume tracked everywhere. Won’t know about browser privacy 0days either for who knows how long.
Some stuff has to be reported accurately for stuff to work well, like screen size. Other stuff can be and is faked, even by Apple out of the box I’m pretty sure.
Not my area of expertise :)
Ah yes, CSS, the famously serverside technology
CDNs serve different sizes accordingly I thought? Sometimes. Deliver pages faster without noticeable image compression. Don’t some large sites do this all the time? Based on viewport size
I don’t know but I want a browser layer that lies about it and then renders the page in a way that doesn’t send back more information, and I think it would probably work and only be slightly buggy.
Yes, I want to appear to be using the same device as like anyone. Think that’s rather Tor’s philosophy.
The separate computer would be fingerprinted. Unless you mean a separate computer every time you go on the web.
Yeah, I kinda wish the site generated a hash or something because I’ve got an extension that fakes the canvas results, but the site says those identifiers are unique for me… But are they the same unique (which indicates the extension isn’t doing anything) or different each time (which might even make the others less useful if it aggregates everything?
I did notice earlier today that the YouTube recommendations were all actually related to the video I was currently watching instead of it trying to get me to go down a rabbit hole I’ve already been down even logged out, like it does on my desktop where I haven’t installed that extension.
I definitely have misleading information on there, which is great, but I probably need more.
Does it matter for fingerprinting if the information is misleading? Unless it’s changing dynamically I guess it’s still helps in identifying a user
Yeah, I think there are two problems. One issue is that they profile users both for ads and manipulative algorithmic content, and I’d like them to profile me incorrectly in most cases (except like they are less likely to try to sell people on linux things, that’s a great thing I’d like to keep in the profile). The other issue is that they follow individual users using this fingerprinting, again this can be used both to sell things and to manipulate, but it’s a tad creepier since it tracks how you’re unique even compared to people superficially similar to you.
Ideally, I’d like some extension where I can look at values and either keep them, set them, or randomize them.
<img alt="1000014440" src="https://lemmy.dbzer0.com/pictrs/image/0ff317f2-dbab-4035-8452-ff91009ad23c.webp">
And yet here they are showing me their webpage in darkmode 😒
Well they did say they don’t use the information 🤣
Well they tried
<img alt="" src="https://lemmy.world/pictrs/image/d839513b-e856-42b4-afa3-a58c71a2cdc2.jpeg">
Yeah that was the one part they were way off on for me
Great news. My VPN is working!
I’m not even on VPN and I was located half a country away in Europe
Well too bad! <img alt="" src="https://lemmy.zip/pictrs/image/c8a2b3bc-802f-4dbe-bc2b-a27341eee124.avif">
Whoops, I dunno why it’s formatted weirdly
Because it’s AI-slopped.
🗿
the data is still there tho
Can’t trust vibecoded website tbh cause they’re just saying BS there, as longest the javascripts off, it wouldn’t be able to obtain the obvious data of your devices
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
If you’re referring to browser user agent, then yes it’s trackable but other than that it is useless with no JS cause it can’t access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don’t use “most browser” like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
You can still fingerprint a user based on CSS features.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/#css
You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
Looks like the demo is open source: https://github.com/fingerprintjs/blog-nojs-fingerprint-demo
That’s a cool project but most websites are using JavaScript for tracking, and I doubt most website have the afford to even use CSS just to track someone who doesn’t have JS on.
How do I turn off JavaScript?
I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.
That’s it.
Well then I am glad that it got most of it wrong. I don’t even put thaat much emphasis on fingerprinting countermeasures. Apparently, using Firefox in a private tab is enough.
It’s been a few years since I was invested in this topic, but I think the “meta” for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.
Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.
Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.
Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don’t want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.
For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a “blocks JavaScript flag” is just a single unique identifier.
Sandboxing and siloing can also mitigate some of the risk, and is relatively painless once implemented.
All of it comes down to threat model and motivation. You can probably get like 70% better privacy/security for 20% of the work, which is a good standard for a typical usecase/person. Install ublock, disable some of the higher risk and less useful tracking (websites don’t need my fucking battery and gyroscope).
Diminishing returns start to hit hard, in part due to the passive fingerprinting / active tracking tension, due to cloudflare, due to everyone around you that doesn’t give a shit. Anything on the other end of the risk spectrum should just be done without a smartphone in the vicinity, if possible.
Your finger moved 899 times… what???
What other tabs were open? 👀
It seems to count a swipe as a series of dozens of movements. Probably to show there’s a clear fingerprint even in how exactly you move your finger.
Websites don’t just get a “swipe” command. They know exactly where your finger is on the screen at any given moment.
When i looked at it there were zero swipes. Just a desktop browser.
GUESS AGAIN, IDIOTS! <img alt="undyne-joy" src="https://hexbear.net/pictrs/image/989ae91d-7b44-4dd0-8729-402431fe0c72.png">
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??
The opsec implications are severe.
Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose
Well maybe fingerprint duplication, some secure proxy provides a profile to follow/ plugin to install and all their customers look identical. Still gets your traffic pegged as a customer of that service.
The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.
Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!
Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.
depends on the isp, my router has its own adress on the iternet
couple of friends have a different isp that layers it users behind multiple nats so half the city would show the same ip on a website
I’ve never heard of that kind of network, is that a US thing? I can’t imagine having my traffic routed, as the person I replied to said, to the other side of the country before being routed to the proper destination. That is so incredibly inefficient and unnecessary. Not to mention the single point of failure.
Edit: And it makes hosting a public facing server at home a nightmare… I see no benefit to this except not having to get a large IP range to properly assign them to your customers, which sounds like capital efficiency rather than decent user experience. Did I get it right, is this a US thing? :D
Edit 2: And there are a lot of systems IP-banning abusers (it is, in fact, one of the most basic recommendations), meaning that if someone sharing that public IP gets IP banned, the entire customer group sharing the IP is troubled. Even worse if it ends up on a shared blacklist…
What the website see is the current IP of the used ISP server in this moment. In the last check it was Madrid, several hundreds km from my real home. The public IP isn’t the same as my user IP, which only know my ISP and I (and the police by the ISP, if exist a court order). The public IP don’t show your real location, the website only can use your GPS data if you have it activated or if it appears in your account data (Google, Google Maps).
The public IP location is not precisely your location because your IP address does not convey that information at all. Services that locate an IP guesstimate based, mostly, on what range your IP is a part of, and what public data is available about that range.
I’m not sure about Spain (pretty confident it is the same, only a capitalist hellhole would do what you suggest), but in France and the Netherlands at least, your IP (the one a website sees) is always yours and yours only, not the IP of some ISP server.
If you can open your ports in your router and access them from the internet, then your public IP is yours. Most people can (even with a dynamic IP). If it was an ISP server, you wouldn’t be able to.
The thing a european ISP usually do is assign a dynamic IP, so that while your IP is assigned to your home router and yours only at a moment in time, it will likely change the next day, and will always change on a reboot of your router. But it still is your router’s IP at that moment in time, not a random ISP server. IPs are not physically assigned to a device
My home IP is mine, fixed, and I can verify that it is indeed my router. Yet the location of it according to locators is the other side of the country. The location locators give you for your IP being different to your actual location is not a proof that your public IP is not your actual home IP at all. And that is because an IP is not tied to a location and only your ISP can tell the location of their IPs.
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
Thanks! I’ll have to keep an eye out for those things.
You know it’s just counting the change in acceleration in your phone’s gyroscope chip or whichever it is. If you are typing something the phone “moves” twice with each swipe.
This page is just putting numbers it’s collecting from your phone into a template paragraph.
LLMs always write with a very dramatic tone. I really hate that high impact language now.
AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn’t necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
What is a “psychosis company”?
Time to start installing and uninstalling random fonts everyday.
And then you become even more identifiable cause you’re part of the 10 madmen in Google’s database who do it
In reality hes the only madmen but switches IPs in between
Or you could use chameleon browser extension.
It changes your data every 5 minutes
I have ~2,000 fonts installed. I thought it would say something about it.
It shows me the time for Reykjavik after identifying the city and country correctly.
Looks like I’m safe
Turning off JS doesn’t protect you from being FPd
Sure helps a lot
How many points of identification are needed to positively ID you? Something like 35 IIRC according to Cover Your Tracks/EFF? Might be remembering wrong 🤔
“31 data points”
Hell yeah! i is ghost.
Why did it get my GPU wrong?
AI generated code will just substitute bullshit if it can’t get you the right answer
I wonder, do phones have 6dof tracking (space + rotation) or 3dof tracking (just rotations)
because if it’s 3dof I’m calling bullshit on some of this.
<img alt="" src="https://sh.itjust.works/pictrs/image/247a53d1-1506-4883-9c49-44bb2561ef01.png">
I have 7 3dof fullbody trackers for vrchat (cough cough !VRChat@sh.itjust.works cough cough) and they’re so damn inconsistent and need to constantly be ready to be calibrated to line up with what your body is actually doing. Having 1 3dof device can definitely detect walking or swinging, no shot it can tell if you’re in bed or on a couch
It told me I was likely sitting while I was sitting at my dining table. I assume if your phone is angled more towards the ground it would say you’re in bed.
Probably if its tilted to the side but still reporting a tall display.
Only 50% correct in my case (similar to Browserleaks), correct the OS, Screenresolution, Country but wrong site, wrong even the ISP
Site might be linked to the node of your ISP
Amiunique.org
fingerprint.com is an actual tracking company, while the front page doesn’t show what it knows it shows weather it has seen you before.
You can setup browsers to randomize fingerprints (tor does this automatically) so while your browser fingerprint is almost always unique you can see if it changes enough so it doesn’t recognise you across accesses.
It already got my location very wrong.
It identified my many-years-old phone with “360x760 pixels rendered at 3x density” screen as “recent, high-end display”. Bitch, this wasn’t even high-end when I bought it. It was small, it was cheap, it was barely “recent” when I bought it.
central europe, maybe its due to architecture the isp has wifi access points around the city and people connect to them
back when it was starting there wasnt even isolation between clients, we used to send random shit to printers on the network as kids
I hit it with Firefox and it gave 24 points. Firefox refused to disclose my battery level. But did give it my angular geometry.
I opened it in Brave and it lied about my screen resolution and colored up my fonts, my battery. It refused to give up my angular geometry.
Why the hell doesn’t firefox just include some of those white lies?
My jaw dropped when I read the what angle my device is being held at, how many times I scrolled and tapped, what my position is!!!
How is this even legal?!
I always thought they just took my location, my device name etc. I had no idea it’s this deep.
Thanks for sharing, I was already using a decent anti-fingerprinting browser (Fennec) but the fact that it gave away my timezone made me research a bit more and I’m now on IronFox, which has a toggle to spoof it, and reports a fake screen resolution. Great! I’m now unique on coveryourtracks though
Onion Browser with Orbot set to gold - site can’t see shit. So that works!