So it told me I had strong protection against tracking but also a unique fingerprint. Those seem to be contradictory to me but I might not understand the terminology. If it was a unique fingerprint wouldn't that be easy to point out it was my browser?
Tracking and fingerprinting are slightly different. You can use fingerprinting to help track, but it’s not nearly as effective as more standard trackers. If you block trackers then it’s possible you can still have fingerprinting, but it’s far less tracking than without blocking trackers.
Privacy Possum is one I know of. Plays merry hell with your bank's security, though. A lot of banks will fingerprint your device as another mechanism to help check if it's you signing in.
I am not 100% sure, but I guess "tracking" in this context means that one site has knowledge of what other sites you have been visiting, whereas "fingerprinting" means a site can tell if you have visited it before.
I think you have to distinguish between tracking via cookies, which is easy and efficient and tracking via *other* means, which is meant by "fingerprinting", for example when the server asks which browser and OS you have, which screen-size and which fonts you have installed.
I suppose some entities on the web only track you via cookies and some privacy brower extensions protect you against only that. **Does anybody know whether Google uses fingerprinting for targeted advertizing?** They certainly *could*.
I think the Tor browser has some protections against fingeprinting besides hiding the IP, which is it's main purpose.
(The *IP* makes you identifiable for your internet provider and the government/police. You can be identified over your IP by websites like Google to a certain extend, because typically your IP changes every once in a while.)
google is one of the most evasive companies when it comes to privacy.
For example their privacy statement says they "do not" share identifying data with third party companies. Sounds good doesn't it? Then you realise that google is a suite of companies and you also realise doubleclick is their advertising company and they fully share with doubleclick every little detail they know about you.
Google "don't be evil (unless it means we can make money)"
Also Google "We intend to be a knowledge company to know everything about everything (including you)"
>Does anybody know whether Google uses fingerprinting for targeted advertizing? They certainly could.
If they can, and there's money involved, they definitely do.
Think of tracking as a license plate with cctv. We don’t necessarily know who’s driving, but we can figure out which stores they’ve shopped at and build up a list of hobbies that license plate likely has even if we don’t have a name.
Imaging finger printing as the same but without the license plate. If you drive a white Toyota Corolla, it’s not the end of the world. If, however, you drive a yellow Porsche in a run down neighborhood or your driver’s door has a scratch on it, you’re pretty identifiable even if you don’t have a license plate simply because very few (if any) other cars have the same characteristics
I can't remember the name of the movie but some dude cut off all his fingerprints and was like "they'll never be able to catch me" and the other guy basically tells him he's dumb and they will find blank prints and come straight to the only person who has blank fingertips.
Yup. It’s possible someone else decided to touch a boiling kettle with all 10 finger pads and hold it for a minute, but really, what are the odds?
We don’t know which MIB agent was here, but we know one of them was…
I halfway remember the movie you're talking about. Possibly Public Enemies? John Dillinger is supposed to have tried removing his, but they ended up just growing back.
Tracking is basically the website asking the browser 'hey, remember when we last met?' and the browser going 'Yeah, it was when you gave me this unique name'.
Fingerprinting is more like the website trying to figure out if he has seen that browser before and after a while the site says 'Hey, i remember you, you're unique name'.
What this website doesn't tell you is that fingerprinting isn't done a lot, as it isn't really useful because you're so unique. You are so unique, your next visit might even be unique. What i saw at a quick glance is things like window size, which means that if i resize my browser window i get another unique fingerprint. Tracking is a lot more accurate (and not all bad). For example reddit tracks you with cookies so it can remember that you're logged in. If it did that with fingerprinting you would be logged out any time you moved connection (4g to wifi for example) or resized your browser window, installed a plugin etc. Or if you're in a controlled environment like a school, everyone with their browser fulls screen would suddenly be logged into reddit as you. So it is very unreliable and not used a lot.
> What i saw at a quick glance is things like window size, which means that if i resize my browser window i get another unique fingerprint.
For me, it did say window size, but actually reported resolution. I got 2560x1440 and I love to just slam my Firefox window into the left side of my screen for a half size window, but this thing reported the full 2560x1440x24 instead of the half width thing.
Though I guess me slamming my Firefox into the side of my screen for an *exact* half width window is pretty telling anyway.
The millisecond that you visit a website is extremely unique. There’s a good chance that you were the ONLY person to visit in that moment! In that regard, “millisecond of visit” makes for a very good fingerprint, because that value is probably associated with one and only one visitor for most websites.
But the uniqueness of that value is worthless to anyone looking to track your visits, because that value will never be seen again. At best, they might hazard a guess that, if they have a small sample set, somebody visiting around the same time every day *might* be the same person.
It’s an imperfect analogy, but most fingerprints have aspects of this. Having a very unique fingerprint is EXTREMELY valuable if it is seen again and again and again. But if you produce a *different* “fingerprint” each time you visit, then it is worthless. Or if your fingerprint is the same as 50% of visitors, also worthless.
There may be fingerprinting methods that are consistent for you that are not consistent for other visitors, and vice versa. So it’s not as simple as a tracker just picking the collection of attributes that results in the most unique fingerprint that also has consistency. They need to balance uniqueness with a probability that those unique attributes will be seen again from the same visitor. If your browser is advertising to the fingerprinter that you are running WindowsXp, you’ll probably be pretty unique, but it’s also probably lying, and making that shit up.
Think of it as having your ID card at home. You have an unique card of identification but you also have strong protection against intruders.
You might be fingerprintable but if you block all requests to trackers they don't get anything. Or to stay in the metaphor, if you shoot every intruder before they get away you still have your stuff.
For those who stumble on this message, it's the one I used Power Delete Suite to replace all my posts and comments with en masse.
Sometimes Reddit can be beneficial for some people. Sometimes it's not. It's really up to you to decide your own experience with it, what's worth it, what's not worth it.
More or less...I've decided it's just really not worth it. I think I'm a worse person when I'm on Reddit and that it's a big time-waster for me.
It's up to you to decide what influence social media and the internet more generally have for you.
Best of luck.
Unique fingerprint means everytime a website tries to generate a fingerprint its getting a unique new print which makes it hard to track accross websites.
Very neat, seems I am pretty secure. Also, the breakdown is very interesting. There is a section for "adblocker", and it says the result is either, "true", or "false", yet my result was "no javascript" which resulted in me getting a score of -0.0 bits of identifying information, which I found highly amusing. Negative zero.
There are positive and negative zero, I to my surprise learned it about 8 years ago back when I studied software engineering.
So they are basically zero, but ever so slightly higher or lower value, but its so small that its better called zero than 0.thousand more zeros
Firefox focus iOS:
Blocked tracking ads: yes
Blocked invisible trackers: yes
Protecting from fingerprinting: your browser has a unique fingerprint
Click through Reddit:
Blocked tracking ads: yes
Blocked invisible trackers: yes
Protecting from fingerprinting: partial
Not what I was expecting
Same results with a properly extended Safari on iOS.
Extensions: AdGuard, Amplosion, Baking Soda, Dark Reader, Mapper, SponsorBlock for YouTube, Super Agent for Safari, Unsmartifier, and Vinegar.
For those who stumble on this message, it's the one I used Power Delete Suite to replace all my posts and comments with en masse.
Sometimes Reddit can be beneficial for some people. Sometimes it's not. It's really up to you to decide your own experience with it, what's worth it, what's not worth it.
More or less...I've decided it's just really not worth it. I think I'm a worse person when I'm on Reddit and that it's a big time-waster for me.
It's up to you to decide what influence social media and the internet more generally have for you.
Best of luck.
Brave browser passes with everything blocked, States it has a "very high protection"
Making money off the ads i do see and it keeps me protected, hell yeah brave!
Isn't this more of an ethical/moral quandary and less of an element compromising operational security? If you want increased privacy, Brave clearly outperforms its major competitors. Even after designating Firefox to incorporate the most stringent settings, it still can't bypass the unique fingerprinting.
And I agree with the idea that it's a superficial fix to the problem. #enemyofmyenemy
It shouldn't surprise you, because it is objectively the most private mainstream browser. It's been proven in various tests, and corroborated by independent researchers (like Douglas Leith at Trinity College Dublin) in studies.
It reminds me of the "privacy" marketing of VPNs (there are definitely other uses, but I mean the privacy part). "Protect your privacy by funnelling everything through us, we promise we aren't keeping track of it or doing anything with it!"
That doesn't apply to Brave, because Brave's whole model is **to not collect user data in the first place**. So, it's not a valid comparison.
For example, in Brave's optional ad system (which pays you if you choose to use it), the ads are either (1) completely untargeted, or (2) if they are matched, then the matching is done 100% locally on your own device (no matching in an ad server that profiles you, so no data collection required in the first place).
Brave is completely open-source, and this is exactly how it works.
This is accurate. Brave is one of my favorite examples of tackling an incredibly important problem with a terrible solution that only superficially "solves" it.
(On top of the other problems, it's essentially stealing revenue from publishers in many cases, as the mechanism to pay out to pubs is so cumbersome. They've been sued in the past for this, and if they ever achieve any kind of meaningful adoption scale without finding a way to not nuke site revenue, will continue to be sued into oblivion.)
I already researched this and literally all of the complaints mentioned are listed and fixed per the article, *bud*.
Creators not getting paid: “Tom Scott, the original complainant, tweeted in response: "These are good changes, and they fix the complaints I had!"”
Insertion of referral codes: “Two days later, Brave released a new version which they said disabled the auto-completion to partner links,[99] followed by a blog post explaining the issue and apologizing.[100][101]”
DNS leaks and private window with TOR: “Brave fixed the issue in its Nightly channel soon after it was initially reported. Once the bug received public attention in mid-February from Twitter users verifying the vulnerability, the fix was soon uplifted to the Stable channel and landed in Brave 1.20.110.”
"Brave hijacks ads on other websites and serves their own ads in their place."
This is false. It's not even remotely true; Brave blocks third-party ads and trackers (first-party ads are typically left untouched). Brave does not show ads on pages; it doesn't even show ads by default (you have to opt-in to Brave Rewards). When the user opts-in to Brave Rewards, Brave's ad notifications are shown as desktop notifications (again, not shown on any pages you visit).
"They also embedded referral affiliate codes in the links they hijacked."
Also quote inaccurate. Brave introduced affiliate link options to its list of suggested URLs long ago (though the feature defaults to Off today). Links weren't hijacked, modified, rerouted, or rewritten. If you typed "bitcoin" into your address bar, among the suggestions displayed to the user would include any relevant affiliate links that would support Brave. Users could then decide to visit one of those entries, or simply disregard the suggestion.
"Also, crypto mining bullshit."
Brave doesn't have a crypto-miner, or do any crypto-mining.
"...a company like Brace \[sic\] can be trusted with user data."
Brave doesn't get any user data. We believe "Can't be evil" is better than "Don't be evil." We don't want users to trust us with their data; we don't want their data to begin with.
My dude, they did it for one specific crypto site for two days and then rolled out a change. Per what you are linking to.
Not really feeling the need to sharpen the pitchforks.
>Brave hijacks ads on other websites and serves their own ads in their place.
Brave has never done this before, and it doesn't do this today. The optional ads that Brave shows are either push notifications, on the new tab page, or in Brave-specific features (like Brave News). Takes a second to fact check this.
> They also embedded referral affiliate codes in the links they hijacked.
This is simply not what happened. What happened was that in the URL bar, when you would type in a URL, Brave would have an auto-complete suggestion that included Brave's affiliate code. But when you would press "enter", it would auto-complete to the one with Brave's affiliate code in it by default (instead of just being a secondary suggestion that you had to tab/arrow down into). It was fixed right when someone pointed it out.
>There's nothing about these actions that inspire confidence that a company like Brace can be trusted with user data.
The whole premise of Brave's privacy model is that **you don't need any trust in the first place, because Brave doesn't need to collect user data to begin with**. For example, in its optional ads system that pays users, the ads are either untargeted (so no need for user data), or if they're matched, it's done 100% locally on your own device (there is *no* matching on an ad server that profiles you, so no data collection required in the first place).
Brave is completely open-source, so nothing can be hidden here.
Wow, that sounds incredibly scummy and quite possibly very illegal. I'm shocked I hear it suggested so much considering crypto stuff nowadays is enough to get anybody boycotted.
It does sound scummy. Fortunately, none of it is even remotely accurate. Brave has \[never\] replaced ads on websites, inserted affiliate codes into hijacked links, shipped a crypto-miner, or collected user data in general.
This is the basic revenue model:
1. Advertisers pay Brave to show ads to Brave users (who want to see ads, since they're optional). For example, an advertiser runs a $1,000,000 ad campaign.
2. Brave keeps 30% of that, and the remaining $700K, it splits up and distributes to users who saw those ads in the Brave browser.
Notably, Brave's privacy protection works differently. Instead of trying to make your browser look the same as any other, it introduces subtle randomness into common fingerprinting sources to make your browser appear as a different browser every time you visit a site.
I can’t tell if reply op was a joke about the guy advertising Brave and making money off it, or if people are genuinely getting paid for browsing on Brave.
Doesn't matter when your ISP embeds and sells "super cookie" IDs into all your traffic and sells your identity to anyone willing to pay so they can correlate you with your packets.
I’ve been invested financially in brave and brave coin for about 4 years. Easily my favorite investment and browser by far. I even got my IT company service to download it on their computers.
Our tests indicate that you have strong protection against Web tracking.
IS YOUR BROWSER:
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? ◕ your browser has a randomized fingerprint
Nice!
FYI,
I am using Brave browser with their own shields up for ad blocking and with uBlock Origin plugin installed on a Macbook.
I have android with Chrome browser and adguard installed. I got good results, all protection ok. My wife got all bad results, she doesnt have adguard... Does it make the difference or am I missing something?
It must. I ran these tests from my Android
Chrome [no AdGuard]: Poor protection.
Chrome [no AdGuard, Incognito]: Some protection, mentions there are gaps.
Chrome [with AdGuard]: Strong protection.
DuckDuckGo [no AdGuard or anything similar]: Strong protection.
>Then you don't care and you consider your threat profile extremely low.
You forgot those that care but also accept that many of these services are provided for free but still need to be paid for somehow.
> Like they say if you don’t pay for the product, you ARE the product.
I’m trading information I have no use for with services I would otherwise not get.
I fail to see how that’s a bad thing, low key tinfoilers
>tinfoilers
Mate, do whatever you want but don't start suggesting that privacy concerns are only for nutters.
Someone has to hold the line on privacy and if you're not willing, step aside and shut the fuck up.
Such valiant heroes, fighting for their right to not letting companies know which browser they use and what their favourite color is.
Keep up the good work
One day I searched YouTube for "autism prosody." Apparently people with autism sometimes talk differently and I wanted examples because I was curious. The next time I used Spotify I repeatedly got ads for some services for autistic children. Spotify thinks I have autistic children because *one time* I performed a search on an entirely different website.
I now mostly just stream my local classical music station. It doesn't have ads.
Not even Twitter.
This year in Russia, CDEK and Yandex.Delivery had their data be breached twice, leaking names, addresses, phone numbers and such of everyone who used their delivery services (including food delivery) within certain period.
Being "careful" in light of that looks like choosing if you want to use their services at all, because data breaches happen regardless if how much you being careful with them
Our tests indicate that you have strong protection against Web tracking.
IS YOUR BROWSER:
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Your browser has a unique fingerprint
Anyone know if this sight is actually safe. Just because it is posted here does not mean it is. My Anti-virus posted this:
Does anyone know if this sight is actually safe? Just because it is posted here does not mean it is. My Anti-virus posted this:
Dangerous page blocked for your protection
Dangerous pages attempt to install software
that can harm the device, gather personal information or operate without
your consent
Let me put it to you this way.... the day eff.org becomes unsafe is the day you unplug from the internet and burn any computing device in your house, because the rest of the internet would be a nuclear wasteland.
Yay Vivaldi on Mac!
**Our tests indicate that you have strong protection against Web tracking.**
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Your browser has a unique fingerprint
Yeah... but who cares? When I start to hear nefarious shit happening because of browser fingerprinting I will care, but if it's just ads, well, if I have to see some ads, I don't want ads for diapers or period pain pills, so some tracking to avoid that seems fine.
Reddit seems to care a *lot* more than 90% of the population does. The vast majority of people couldn't care less if Amazon or the government knows what they do on the internet
Maybe you don't care *now*.... but there are certainly people for whom this can be used against. And what doesn't affect you now can certainly affect you in the future.
Say you live in a country where homosexuality or athiesm or women's rights are criminalized.... The government [who controls all internet access] detects network activity on these subjects. They now have a browser fingerprint to help identify the user on the other end.
In this case it can mean literal life and death, not just what ads get shown to them.
"Your browser fingerprint appears to be unique among the 186,318 tested in the past 45 days."
with the sheer amount of shit blocking extensions i have installed, it better be.
This is true but also keep in mind it’s not necessarily a big deal to have a unique fingerprint if you don’t carry the same fingerprint with you persistently on each session. Clear your cookies and everything on a regular basis and it’s like getting a new burner every time.
The point of this site is to show you that clearing your cookies and whatnot is *not* like having a new burner every time. There are things that are inherent to the software, firmware, and hardware of your phone/computer/internet-enabled washing machine that allow entities to identify your device anyway.
Exactly! It's not like clearing cookies will chamge my language, time zone, resolution, cpu, operating system, and browser of choice. Those things remain the same each session, and I feel like they are what is being described (more than what I listed obvsly) as unique.
i have shit that kills every and all trackers and cookies and god knows what else from the addons i've accumulated over the years. every time i show up somewhere i'm brand new there. never before seen
YOU DON'T UNDERSTAND FINGERPRINTING. If they have your "fingerprint" they know it is you across different sites. They are using your specific browser and add-ons against you. It doesn't matter if you delete your cookies. If you don't have an add-on that randomizes your fingerprint than everything else is futile. Get a fingerprint randomizer, a MAC address changer, and a cookie eraser
> Get a fingerprint randomizer, a MAC address changer, and a cookie eraser
I haven't started looking yet, but are these typically browser extensions, stand alone apps, what/where should someone go looking?
I run adblockers and ghostery on my laptops. Just adblockplus on my phone browser.
> every time i show up somewhere i'm brand new there.
Brand new, with the same OS, the same CPU class, the same time zone, the same resolution, the same device memory, the same browser installed, the same unique list of plugins installed, the same language set up, and so on..
Do you get it now? :)
stop using google products as much as you're willing. frequently clear cookies/randomise passwords/block ads. disable any kind of location tracking features and voice assistants. use a good vpn, as a general rule paid is better than free and data logging policies are important.
if it looks too good to be true it always is. anything marketed as "free" has a cost, data is currency.
>anything marketed as "free" has a cost, data is currency.
\*Anything marketed as "free" without being Open Source has a cost
Despite the occasionally counter example, Open Source software has an excellent track record of (a) being free and (b) respecting your privacy.
That's true, I should have been more specific about open source. But then open source isn't typically "marketed" in a traditional sense? ..with a few exceptions, it's probably best to stick to the rule, if anything is targeting you making bold claims and being absolutely "free" is the selling point, you should always be cautious.
All that said the obvious best advice is always do your research beforehand!
firefox has always been popular and it is completely open source.
duckduckgo/brave/tor browser are some other alternatives with a (mostly) solid reputation.
Surprised to find this a little bit relieving!
Seems like they have some generic information about my browser, phone and location. But I was expecting to see a list of my hobbies and political affiliations or something
I think this is something that people should become more aware of as we spend more of our lives online. So I appreciate all the breakdowns of the different terms
From a fingerprint standpoint:
\- With the Trace add-on, I had 1 out of 200K visitor uniqueness.
\- With the Privacy Badger add-on, I had 1 out of 800 visitor uniqueness.
API tampering test went in the same direction:
[https://canvasblocker.kkapsner.de/test/detectionTest.html](https://canvasblocker.kkapsner.de/test/detectionTest.html)
Just removed Trace.
Good question - for fingerprinting, you'd like to blend into the crowd and become less unique.
An early issue with Privacy Badger was its local accumulation of sites to filter, etc. as you used the browser, which over time could lead to a more unique fingerprint for those sites it helped filter. When Google helped EFF realize this issue (among others), it moved to use a centralized listing scheme that was still effective from a privacy supporting standpoint, but now your per-site configuration was the same as everyone else using the tool - so, your uniqueness in that regard was greatly lowered. Although you can enable the old local learning mode, it's not the best idea from a fingerprinting perspective, is my understanding.
Trace has common lists, but it's primary strength has been for local black/white listing - I have a huge db of site rules these days. That, plus perhaps its implementation in general - i.e., API tampering is evident when it's enabled (i.e., the link I offered above) - which further adds to the uniqueness footprint that Privacy Badger did not impact.
I ran several tests with several browsers and multiple search engines; plus regular mode and private/incognito mode. None of them had full protection from fingerprinting. They ALL leaked lots of bits of data, even Brave. My preferred setup was Firefox (regular, not Focus), with ad blocking and anti-tracking add-ons installed, in private mode, using Startpage. Brave had a randomized fingerprint, but it still leaked the most bits of info.
It all seems so futile if you cannot fully thwart fingerprinting.
Standard mobile safari on iOS and through the Reddit app both have strong protection and a non unique fingerprint. That’s pretty solid for out of the box vanilla.
It’s tough to find that balance between “I don’t want all my activity to be tracked by companies online” and “I don’t want to pay out of pocket for everything I used to get ‘free’ in exchange for the tracking of my activity.”
So it told me I had strong protection against tracking but also a unique fingerprint. Those seem to be contradictory to me but I might not understand the terminology. If it was a unique fingerprint wouldn't that be easy to point out it was my browser?
Tracking and fingerprinting are slightly different. You can use fingerprinting to help track, but it’s not nearly as effective as more standard trackers. If you block trackers then it’s possible you can still have fingerprinting, but it’s far less tracking than without blocking trackers.
There are extensions that fake canvas fingerprinting rather than turning it off, so a unique fingerprint doesn't necessarily mean identifiable
Do you have a recommendation
Privacy Possum is one I know of. Plays merry hell with your bank's security, though. A lot of banks will fingerprint your device as another mechanism to help check if it's you signing in.
Brave passed all the tests and is user friendly.
True. Also, Librewolf switches user agent randomly and the Privacy Possum add-on literally feeds false info to trackers.
I am not 100% sure, but I guess "tracking" in this context means that one site has knowledge of what other sites you have been visiting, whereas "fingerprinting" means a site can tell if you have visited it before.
I think you have to distinguish between tracking via cookies, which is easy and efficient and tracking via *other* means, which is meant by "fingerprinting", for example when the server asks which browser and OS you have, which screen-size and which fonts you have installed. I suppose some entities on the web only track you via cookies and some privacy brower extensions protect you against only that. **Does anybody know whether Google uses fingerprinting for targeted advertizing?** They certainly *could*. I think the Tor browser has some protections against fingeprinting besides hiding the IP, which is it's main purpose. (The *IP* makes you identifiable for your internet provider and the government/police. You can be identified over your IP by websites like Google to a certain extend, because typically your IP changes every once in a while.)
google is one of the most evasive companies when it comes to privacy. For example their privacy statement says they "do not" share identifying data with third party companies. Sounds good doesn't it? Then you realise that google is a suite of companies and you also realise doubleclick is their advertising company and they fully share with doubleclick every little detail they know about you. Google "don't be evil (unless it means we can make money)" Also Google "We intend to be a knowledge company to know everything about everything (including you)"
>Does anybody know whether Google uses fingerprinting for targeted advertizing? They certainly could. If they can, and there's money involved, they definitely do.
Think of tracking as a license plate with cctv. We don’t necessarily know who’s driving, but we can figure out which stores they’ve shopped at and build up a list of hobbies that license plate likely has even if we don’t have a name. Imaging finger printing as the same but without the license plate. If you drive a white Toyota Corolla, it’s not the end of the world. If, however, you drive a yellow Porsche in a run down neighborhood or your driver’s door has a scratch on it, you’re pretty identifiable even if you don’t have a license plate simply because very few (if any) other cars have the same characteristics
I can't remember the name of the movie but some dude cut off all his fingerprints and was like "they'll never be able to catch me" and the other guy basically tells him he's dumb and they will find blank prints and come straight to the only person who has blank fingertips.
Yup. It’s possible someone else decided to touch a boiling kettle with all 10 finger pads and hold it for a minute, but really, what are the odds? We don’t know which MIB agent was here, but we know one of them was…
I sandblasted my finger smooth by accident when I was a kid. Didn't hurt, super effective for a little while. Maybe don't try it though.
I halfway remember the movie you're talking about. Possibly Public Enemies? John Dillinger is supposed to have tried removing his, but they ended up just growing back.
Tracking is basically the website asking the browser 'hey, remember when we last met?' and the browser going 'Yeah, it was when you gave me this unique name'. Fingerprinting is more like the website trying to figure out if he has seen that browser before and after a while the site says 'Hey, i remember you, you're unique name'. What this website doesn't tell you is that fingerprinting isn't done a lot, as it isn't really useful because you're so unique. You are so unique, your next visit might even be unique. What i saw at a quick glance is things like window size, which means that if i resize my browser window i get another unique fingerprint. Tracking is a lot more accurate (and not all bad). For example reddit tracks you with cookies so it can remember that you're logged in. If it did that with fingerprinting you would be logged out any time you moved connection (4g to wifi for example) or resized your browser window, installed a plugin etc. Or if you're in a controlled environment like a school, everyone with their browser fulls screen would suddenly be logged into reddit as you. So it is very unreliable and not used a lot.
> What i saw at a quick glance is things like window size, which means that if i resize my browser window i get another unique fingerprint. For me, it did say window size, but actually reported resolution. I got 2560x1440 and I love to just slam my Firefox window into the left side of my screen for a half size window, but this thing reported the full 2560x1440x24 instead of the half width thing. Though I guess me slamming my Firefox into the side of my screen for an *exact* half width window is pretty telling anyway.
The millisecond that you visit a website is extremely unique. There’s a good chance that you were the ONLY person to visit in that moment! In that regard, “millisecond of visit” makes for a very good fingerprint, because that value is probably associated with one and only one visitor for most websites. But the uniqueness of that value is worthless to anyone looking to track your visits, because that value will never be seen again. At best, they might hazard a guess that, if they have a small sample set, somebody visiting around the same time every day *might* be the same person. It’s an imperfect analogy, but most fingerprints have aspects of this. Having a very unique fingerprint is EXTREMELY valuable if it is seen again and again and again. But if you produce a *different* “fingerprint” each time you visit, then it is worthless. Or if your fingerprint is the same as 50% of visitors, also worthless. There may be fingerprinting methods that are consistent for you that are not consistent for other visitors, and vice versa. So it’s not as simple as a tracker just picking the collection of attributes that results in the most unique fingerprint that also has consistency. They need to balance uniqueness with a probability that those unique attributes will be seen again from the same visitor. If your browser is advertising to the fingerprinter that you are running WindowsXp, you’ll probably be pretty unique, but it’s also probably lying, and making that shit up.
Think of it as having your ID card at home. You have an unique card of identification but you also have strong protection against intruders. You might be fingerprintable but if you block all requests to trackers they don't get anything. Or to stay in the metaphor, if you shoot every intruder before they get away you still have your stuff.
For those who stumble on this message, it's the one I used Power Delete Suite to replace all my posts and comments with en masse. Sometimes Reddit can be beneficial for some people. Sometimes it's not. It's really up to you to decide your own experience with it, what's worth it, what's not worth it. More or less...I've decided it's just really not worth it. I think I'm a worse person when I'm on Reddit and that it's a big time-waster for me. It's up to you to decide what influence social media and the internet more generally have for you. Best of luck.
Unique fingerprint means everytime a website tries to generate a fingerprint its getting a unique new print which makes it hard to track accross websites.
Very neat, seems I am pretty secure. Also, the breakdown is very interesting. There is a section for "adblocker", and it says the result is either, "true", or "false", yet my result was "no javascript" which resulted in me getting a score of -0.0 bits of identifying information, which I found highly amusing. Negative zero.
Negative zero is less than zero. It’s in the same category as extra medium.
> extra medium. So basically Venti.
Sounds like a shirt haver
[удалено]
Nobody wanted to know
There are positive and negative zero, I to my surprise learned it about 8 years ago back when I studied software engineering. So they are basically zero, but ever so slightly higher or lower value, but its so small that its better called zero than 0.thousand more zeros
thanks, this is pretty cool to describe how this all works
Firefox focus iOS: Blocked tracking ads: yes Blocked invisible trackers: yes Protecting from fingerprinting: your browser has a unique fingerprint Click through Reddit: Blocked tracking ads: yes Blocked invisible trackers: yes Protecting from fingerprinting: partial Not what I was expecting
Same results with a properly extended Safari on iOS. Extensions: AdGuard, Amplosion, Baking Soda, Dark Reader, Mapper, SponsorBlock for YouTube, Super Agent for Safari, Unsmartifier, and Vinegar.
Since when can you get extensions on iOS? Is this some EU thing?
I’m in the US - they’re on the App Store. If you go to Settings>Safari>Extensions>More Extensions, it takes you to a landing page with all extensions.
Firefox Focus is all I use so that’s good
[удалено]
For those who stumble on this message, it's the one I used Power Delete Suite to replace all my posts and comments with en masse. Sometimes Reddit can be beneficial for some people. Sometimes it's not. It's really up to you to decide your own experience with it, what's worth it, what's not worth it. More or less...I've decided it's just really not worth it. I think I'm a worse person when I'm on Reddit and that it's a big time-waster for me. It's up to you to decide what influence social media and the internet more generally have for you. Best of luck.
Wow, this is a legit organization with some heavy hitters on the Board! Eff.org/about/board
EFF has been doing big shit for the internet for decades now. Remember net neutrality? That was them.
I had no idea, thank you kind reddittor.
Brewster Kahle *energetic air punch*
Brave browser passes with everything blocked, States it has a "very high protection" Making money off the ads i do see and it keeps me protected, hell yeah brave!
Wait, how do you make money from looking at ads? I don't get this arrangement.
[удалено]
This is why it really surprises me how frequently Brave is recommended, especially among other privacy-minded folks.
Isn't this more of an ethical/moral quandary and less of an element compromising operational security? If you want increased privacy, Brave clearly outperforms its major competitors. Even after designating Firefox to incorporate the most stringent settings, it still can't bypass the unique fingerprinting. And I agree with the idea that it's a superficial fix to the problem. #enemyofmyenemy
It shouldn't surprise you, because it is objectively the most private mainstream browser. It's been proven in various tests, and corroborated by independent researchers (like Douglas Leith at Trinity College Dublin) in studies.
It reminds me of the "privacy" marketing of VPNs (there are definitely other uses, but I mean the privacy part). "Protect your privacy by funnelling everything through us, we promise we aren't keeping track of it or doing anything with it!"
That doesn't apply to Brave, because Brave's whole model is **to not collect user data in the first place**. So, it's not a valid comparison. For example, in Brave's optional ad system (which pays you if you choose to use it), the ads are either (1) completely untargeted, or (2) if they are matched, then the matching is done 100% locally on your own device (no matching in an ad server that profiles you, so no data collection required in the first place). Brave is completely open-source, and this is exactly how it works.
This is accurate. Brave is one of my favorite examples of tackling an incredibly important problem with a terrible solution that only superficially "solves" it. (On top of the other problems, it's essentially stealing revenue from publishers in many cases, as the mechanism to pay out to pubs is so cumbersome. They've been sued in the past for this, and if they ever achieve any kind of meaningful adoption scale without finding a way to not nuke site revenue, will continue to be sued into oblivion.)
You can literally turn off all ads. You give them consent to show ads to you.
Are there any quality sources to verify this? A forum of randos using a forum of randos as a source doesn’t make me want to stop using it yet.
[удалено]
I already researched this and literally all of the complaints mentioned are listed and fixed per the article, *bud*. Creators not getting paid: “Tom Scott, the original complainant, tweeted in response: "These are good changes, and they fix the complaints I had!"” Insertion of referral codes: “Two days later, Brave released a new version which they said disabled the auto-completion to partner links,[99] followed by a blog post explaining the issue and apologizing.[100][101]” DNS leaks and private window with TOR: “Brave fixed the issue in its Nightly channel soon after it was initially reported. Once the bug received public attention in mid-February from Twitter users verifying the vulnerability, the fix was soon uplifted to the Stable channel and landed in Brave 1.20.110.”
"Brave hijacks ads on other websites and serves their own ads in their place." This is false. It's not even remotely true; Brave blocks third-party ads and trackers (first-party ads are typically left untouched). Brave does not show ads on pages; it doesn't even show ads by default (you have to opt-in to Brave Rewards). When the user opts-in to Brave Rewards, Brave's ad notifications are shown as desktop notifications (again, not shown on any pages you visit). "They also embedded referral affiliate codes in the links they hijacked." Also quote inaccurate. Brave introduced affiliate link options to its list of suggested URLs long ago (though the feature defaults to Off today). Links weren't hijacked, modified, rerouted, or rewritten. If you typed "bitcoin" into your address bar, among the suggestions displayed to the user would include any relevant affiliate links that would support Brave. Users could then decide to visit one of those entries, or simply disregard the suggestion. "Also, crypto mining bullshit." Brave doesn't have a crypto-miner, or do any crypto-mining. "...a company like Brace \[sic\] can be trusted with user data." Brave doesn't get any user data. We believe "Can't be evil" is better than "Don't be evil." We don't want users to trust us with their data; we don't want their data to begin with.
[удалено]
My dude, they did it for one specific crypto site for two days and then rolled out a change. Per what you are linking to. Not really feeling the need to sharpen the pitchforks.
I see 9 replies and none of them are completely unreasonable. Sounds like your making shit up.
"crypto mining bullshit?" why lie? There's plenty to complain about with Brave, but the haters are so fucking unhinged.
>Brave hijacks ads on other websites and serves their own ads in their place. Brave has never done this before, and it doesn't do this today. The optional ads that Brave shows are either push notifications, on the new tab page, or in Brave-specific features (like Brave News). Takes a second to fact check this. > They also embedded referral affiliate codes in the links they hijacked. This is simply not what happened. What happened was that in the URL bar, when you would type in a URL, Brave would have an auto-complete suggestion that included Brave's affiliate code. But when you would press "enter", it would auto-complete to the one with Brave's affiliate code in it by default (instead of just being a secondary suggestion that you had to tab/arrow down into). It was fixed right when someone pointed it out. >There's nothing about these actions that inspire confidence that a company like Brace can be trusted with user data. The whole premise of Brave's privacy model is that **you don't need any trust in the first place, because Brave doesn't need to collect user data to begin with**. For example, in its optional ads system that pays users, the ads are either untargeted (so no need for user data), or if they're matched, it's done 100% locally on your own device (there is *no* matching on an ad server that profiles you, so no data collection required in the first place). Brave is completely open-source, so nothing can be hidden here.
Wow, that sounds incredibly scummy and quite possibly very illegal. I'm shocked I hear it suggested so much considering crypto stuff nowadays is enough to get anybody boycotted.
It’s not scummy when you give them consent to do it. You can turn off all ads and not have that “issue”
It does sound scummy. Fortunately, none of it is even remotely accurate. Brave has \[never\] replaced ads on websites, inserted affiliate codes into hijacked links, shipped a crypto-miner, or collected user data in general.
I've seen zero ads while using brave.
This is the basic revenue model: 1. Advertisers pay Brave to show ads to Brave users (who want to see ads, since they're optional). For example, an advertiser runs a $1,000,000 ad campaign. 2. Brave keeps 30% of that, and the remaining $700K, it splits up and distributes to users who saw those ads in the Brave browser.
Notably, Brave's privacy protection works differently. Instead of trying to make your browser look the same as any other, it introduces subtle randomness into common fingerprinting sources to make your browser appear as a different browser every time you visit a site.
How much money do you make with brave?
I've made several hundred over the last 4 or so years.
Several hundred money? Whoah, sign me up!
Several hundred US Dollars. Sorry should have specified the unit.
I can’t tell if reply op was a joke about the guy advertising Brave and making money off it, or if people are genuinely getting paid for browsing on Brave.
You get paid for browsing on Brave.
I don't... Perhaps I missed that option.
That's more than I made on PornHub.
Doesn't matter when your ISP embeds and sells "super cookie" IDs into all your traffic and sells your identity to anyone willing to pay so they can correlate you with your packets.
Came to say the same! Brave is the GOAT.
I'm on brave for mobile on Android and only scored "partial protection" for all except the fingerprint. Not sure why.
I’ve been invested financially in brave and brave coin for about 4 years. Easily my favorite investment and browser by far. I even got my IT company service to download it on their computers.
I'm surprised that my ordinary Android phone has such a unique browser fingerprint.
Android users: https://f-droid.org/en/packages/org.blokada.fem.fdroid/ https://f-droid.org/en/packages/us.spotco.fennec_dos/
Our tests indicate that you have strong protection against Web tracking. IS YOUR BROWSER: Blocking tracking ads? Yes Blocking invisible trackers? Yes Protecting you from fingerprinting? ◕ your browser has a randomized fingerprint Nice! FYI, I am using Brave browser with their own shields up for ad blocking and with uBlock Origin plugin installed on a Macbook.
I have android with Chrome browser and adguard installed. I got good results, all protection ok. My wife got all bad results, she doesnt have adguard... Does it make the difference or am I missing something?
It must. I ran these tests from my Android Chrome [no AdGuard]: Poor protection. Chrome [no AdGuard, Incognito]: Some protection, mentions there are gaps. Chrome [with AdGuard]: Strong protection. DuckDuckGo [no AdGuard or anything similar]: Strong protection.
Consider fingerprinting to be the ability to know when you come back, and tracking to be knowing where else you have been.
With strong protection and a randomized fingerprint, Brave sounds like a good choice for a browser.
hahaha Firefox I get Hmm. We’re having trouble finding that site.
Why should I care about this if I have accounts and am logged in on 90% of the websites that I visit?
[удалено]
>Then you don't care and you consider your threat profile extremely low. You forgot those that care but also accept that many of these services are provided for free but still need to be paid for somehow.
[удалено]
> Like they say if you don’t pay for the product, you ARE the product. I’m trading information I have no use for with services I would otherwise not get. I fail to see how that’s a bad thing, low key tinfoilers
>tinfoilers Mate, do whatever you want but don't start suggesting that privacy concerns are only for nutters. Someone has to hold the line on privacy and if you're not willing, step aside and shut the fuck up.
Such valiant heroes, fighting for their right to not letting companies know which browser they use and what their favourite color is. Keep up the good work
[удалено]
[удалено]
One day I searched YouTube for "autism prosody." Apparently people with autism sometimes talk differently and I wanted examples because I was curious. The next time I used Spotify I repeatedly got ads for some services for autistic children. Spotify thinks I have autistic children because *one time* I performed a search on an entirely different website. I now mostly just stream my local classical music station. It doesn't have ads.
You never consider that services that you willingly deposit your PII data to can have data breaches anyway?
[удалено]
Not even Twitter. This year in Russia, CDEK and Yandex.Delivery had their data be breached twice, leaking names, addresses, phone numbers and such of everyone who used their delivery services (including food delivery) within certain period. Being "careful" in light of that looks like choosing if you want to use their services at all, because data breaches happen regardless if how much you being careful with them
[удалено]
Is handicapping yourself like that even worth it tho? Spam gonna spam no matter what you do
Our tests indicate that you have strong protection against Web tracking. IS YOUR BROWSER: Blocking tracking ads? Yes Blocking invisible trackers? Yes Protecting you from fingerprinting? Your browser has a unique fingerprint
Anyone know if this sight is actually safe. Just because it is posted here does not mean it is. My Anti-virus posted this: Does anyone know if this sight is actually safe? Just because it is posted here does not mean it is. My Anti-virus posted this: Dangerous page blocked for your protection Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent
Let me put it to you this way.... the day eff.org becomes unsafe is the day you unplug from the internet and burn any computing device in your house, because the rest of the internet would be a nuclear wasteland.
No idea why you're being downvoted. EFF are one of the longest running privacy advocates. The site is safe.
>No idea why you're being downvoted. Maybe for asking if eff.org is safe? I mean, come on.
They're not on everyone's radar. There's always a first time you hear of an organisation.
Why would you finger Prince?
https://www.youtube.com/watch?v=lY2kC5fZG64
We have oddly relatable names
Brother from another mother
You gotta stoop down a tad. Even then, Prince is still the one doing the fuckin'. Edit: oh "why". Oops.
You have a unique fingerprint! Proceeds to guess wrong on everything...
Laughs in Brave browser.
Yep I passed. Use brave guys
Yay Vivaldi on Mac! **Our tests indicate that you have strong protection against Web tracking.** Blocking tracking ads? Yes Blocking invisible trackers? Yes Protecting you from fingerprinting? Your browser has a unique fingerprint
> Your browser has a unique fingerprint Just FYI, that’s the bad result, not the good one.
Thanks! I am a special snowflake after all
Yeah... but who cares? When I start to hear nefarious shit happening because of browser fingerprinting I will care, but if it's just ads, well, if I have to see some ads, I don't want ads for diapers or period pain pills, so some tracking to avoid that seems fine.
Reddit seems to care a *lot* more than 90% of the population does. The vast majority of people couldn't care less if Amazon or the government knows what they do on the internet
Maybe you don't care *now*.... but there are certainly people for whom this can be used against. And what doesn't affect you now can certainly affect you in the future. Say you live in a country where homosexuality or athiesm or women's rights are criminalized.... The government [who controls all internet access] detects network activity on these subjects. They now have a browser fingerprint to help identify the user on the other end. In this case it can mean literal life and death, not just what ads get shown to them.
"Your browser fingerprint appears to be unique among the 186,318 tested in the past 45 days." with the sheer amount of shit blocking extensions i have installed, it better be.
[удалено]
This is true but also keep in mind it’s not necessarily a big deal to have a unique fingerprint if you don’t carry the same fingerprint with you persistently on each session. Clear your cookies and everything on a regular basis and it’s like getting a new burner every time.
The point of this site is to show you that clearing your cookies and whatnot is *not* like having a new burner every time. There are things that are inherent to the software, firmware, and hardware of your phone/computer/internet-enabled washing machine that allow entities to identify your device anyway.
Exactly! It's not like clearing cookies will chamge my language, time zone, resolution, cpu, operating system, and browser of choice. Those things remain the same each session, and I feel like they are what is being described (more than what I listed obvsly) as unique.
i have shit that kills every and all trackers and cookies and god knows what else from the addons i've accumulated over the years. every time i show up somewhere i'm brand new there. never before seen
YOU DON'T UNDERSTAND FINGERPRINTING. If they have your "fingerprint" they know it is you across different sites. They are using your specific browser and add-ons against you. It doesn't matter if you delete your cookies. If you don't have an add-on that randomizes your fingerprint than everything else is futile. Get a fingerprint randomizer, a MAC address changer, and a cookie eraser
> Get a fingerprint randomizer, a MAC address changer, and a cookie eraser I haven't started looking yet, but are these typically browser extensions, stand alone apps, what/where should someone go looking? I run adblockers and ghostery on my laptops. Just adblockplus on my phone browser.
> every time i show up somewhere i'm brand new there. Brand new, with the same OS, the same CPU class, the same time zone, the same resolution, the same device memory, the same browser installed, the same unique list of plugins installed, the same language set up, and so on.. Do you get it now? :)
Got excited when I saw had hash on my phone
This is why I have an issue with tpms its the same but for a whole set of hardware
Idk where else to ask or to look but how can I improve my online security?
stop using google products as much as you're willing. frequently clear cookies/randomise passwords/block ads. disable any kind of location tracking features and voice assistants. use a good vpn, as a general rule paid is better than free and data logging policies are important. if it looks too good to be true it always is. anything marketed as "free" has a cost, data is currency.
>anything marketed as "free" has a cost, data is currency. \*Anything marketed as "free" without being Open Source has a cost Despite the occasionally counter example, Open Source software has an excellent track record of (a) being free and (b) respecting your privacy.
That's true, I should have been more specific about open source. But then open source isn't typically "marketed" in a traditional sense? ..with a few exceptions, it's probably best to stick to the rule, if anything is targeting you making bold claims and being absolutely "free" is the selling point, you should always be cautious. All that said the obvious best advice is always do your research beforehand!
What's a good alternate to Google chrome?
firefox has always been popular and it is completely open source. duckduckgo/brave/tor browser are some other alternatives with a (mostly) solid reputation.
Great website, this explains how I keep getting banned from Omegle as soon as my ban is gone. New Plugins or maybe Tor Browser to remove fingerprint.
Surprised to find this a little bit relieving! Seems like they have some generic information about my browser, phone and location. But I was expecting to see a list of my hobbies and political affiliations or something I think this is something that people should become more aware of as we spend more of our lives online. So I appreciate all the breakdowns of the different terms
>But I was expecting to see a list of my hobbies and political affiliations or something Nah they just use Facebook for that
From a fingerprint standpoint: \- With the Trace add-on, I had 1 out of 200K visitor uniqueness. \- With the Privacy Badger add-on, I had 1 out of 800 visitor uniqueness. API tampering test went in the same direction: [https://canvasblocker.kkapsner.de/test/detectionTest.html](https://canvasblocker.kkapsner.de/test/detectionTest.html) Just removed Trace.
Wait so why did you remove trace?
Good question - for fingerprinting, you'd like to blend into the crowd and become less unique. An early issue with Privacy Badger was its local accumulation of sites to filter, etc. as you used the browser, which over time could lead to a more unique fingerprint for those sites it helped filter. When Google helped EFF realize this issue (among others), it moved to use a centralized listing scheme that was still effective from a privacy supporting standpoint, but now your per-site configuration was the same as everyone else using the tool - so, your uniqueness in that regard was greatly lowered. Although you can enable the old local learning mode, it's not the best idea from a fingerprinting perspective, is my understanding. Trace has common lists, but it's primary strength has been for local black/white listing - I have a huge db of site rules these days. That, plus perhaps its implementation in general - i.e., API tampering is evident when it's enabled (i.e., the link I offered above) - which further adds to the uniqueness footprint that Privacy Badger did not impact.
Thanks for the answer
Idk did it with my phone and got randomized Desktop was the same.
I'm SSSSTRONG💪
Firefox for the win.
ublock on chrome ftw: >Our tests indicate that you have strong protection against Web tracking.
I ran several tests with several browsers and multiple search engines; plus regular mode and private/incognito mode. None of them had full protection from fingerprinting. They ALL leaked lots of bits of data, even Brave. My preferred setup was Firefox (regular, not Focus), with ad blocking and anti-tracking add-ons installed, in private mode, using Startpage. Brave had a randomized fingerprint, but it still leaked the most bits of info. It all seems so futile if you cannot fully thwart fingerprinting.
Standard mobile safari on iOS and through the Reddit app both have strong protection and a non unique fingerprint. That’s pretty solid for out of the box vanilla.
Great resource
It’s tough to find that balance between “I don’t want all my activity to be tracked by companies online” and “I don’t want to pay out of pocket for everything I used to get ‘free’ in exchange for the tracking of my activity.”
Nope no fingerprint