this post was submitted on 15 Dec 2024
170 points (100.0% liked)

Privacy

32467 readers
470 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

On Librewolf i got 16.48 bits of information, on TOR browser 10.32 bits, but on Tails I managed to get only 9.3 bits.

https://coveryourtracks.eff.org/

top 50 comments
sorted by: hot top controversial new old
[–] Kidplayer_666@lemm.ee 55 points 1 week ago (1 children)

I’m unique :) this ain’t great

[–] kusivittula@sopuli.xyz 22 points 1 week ago (1 children)

its ok if your fingerprint changes on every browser startup

[–] Boomkop3@reddthat.com 7 points 1 week ago (1 children)

...as long as you are blocking tracking cookies, and aren't on a session with a website that's tracking you.

Otherwise, you just have a nice unique hash in your cookies. A password manager could help here.

[–] broken_chatbot@lemmy.world 2 points 1 week ago (5 children)

A password manager? Could you explain why?

load more comments (5 replies)
[–] Viri4thus@feddit.org 54 points 1 week ago (2 children)

If you have canvas randomisation turned on (firefox) you'll always be unique but also not traceable between sessions.

[–] fmstrat@lemmy.nowsci.com 11 points 1 week ago

Yup, canvas is heavily weighted in this test based on the results.

[–] ipkpjersi@lemmy.ml 4 points 1 week ago (1 children)

How do you turn on canvas randomisation in Firefox? I can't seem to find anything about it.

[–] Muehe@lemmy.ml 3 points 1 week ago (1 children)

I found this in about:config, defaults to true apparently: privacy.resistFingerprinting.randomDataOnCanvasExtract

But you have to enable privacy.resistFingerprinting for it to work first. I enabled that and now the EFF test says "randomized" for the hashes but also Lemmy went from dark to light theme somehow.

privacy.resistFingerprinting breaks a lot more than just themes. Many of the weird problems reported in Firefox (and forks) are just from enabling it.

It has some pros but also TONNES of cons. Everything from a completely blank page to wrong timestamps to poor textures and so much more. Sometimes you will be flagged as a bot and prompted with literally infinite puzzles, thus effectively banning you from a website.

Some of these problems get fixed but new ones also get born. I personally use it but I also expect breakage and worse performance.

[–] ExcessShiv@lemmy.dbzer0.com 27 points 1 week ago* (last edited 1 week ago) (1 children)

With browser settings that actually let me use the internet in a way that's not overly cumbersome and annoying, I get 16bits or something and a "nearly unique fingerprint"

Block any and all ads, then it doesn't matter that they have your data if they can't make money off of it (they still will do that by creating data aggregates but you can't control that)

[–] akkajdh999@programming.dev 19 points 1 week ago (1 children)

"Your browser fingerprint appears to be unique among the 183,614 tested in the past 45 days.

Currently, we estimate that your browser has a fingerprint that conveys at least 17.49 bits of identifying information."

Chat am I cooked?

[–] yonder@sh.itjust.works 8 points 1 week ago

Same result here. I'm using Gnome-web, which is already pretty niche, so that probably really lowers my score.

[–] dwindling7373@feddit.it 17 points 1 week ago (2 children)

Am I wrong to assume trying to blend in is a worse and contradictory strategy than trying to actively protect yourself from tracking?

If you want to not be unique, use default setting chrome without adblock. Your browser will look just like anybody else's, but they will literally know who you are.

On the opposite side of the spectrum, you lock everything down and spike as a very special browser and... that's all they know.

[–] toastal@lemmy.ml 21 points 1 week ago (2 children)
[–] underwire212@lemm.ee 3 points 1 week ago

Right. The question is whether they can attach what they know to an identity. Depends on your threat model which goal you need to achieve.

[–] dwindling7373@feddit.it 2 points 1 week ago

Not what I meant: https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting

"If you do nothing on desktop, you are already uniquely identifiable - screen, window and font metrics alone are probably enough - add timezone name, preferred languages, and several dozen other metrics and it is game over. Here is a link to the results of a study done in 2016 showing a 99.24% unique hit rate (and that is excluding IP addresses).

Changing a few prefs from default is not going to make you "more unique" - there is no such thing."

Basically making yourself less unique is impossible so there's no sensible tradeoff to be made (other than in the context of Tor and Mullvad Browser).

[–] ivn@jlai.lu 13 points 1 week ago* (last edited 1 week ago)

But then they can know a lot more since they don't even need to drop a cookie to track you. But that's a different threat model.

[–] muhyb@programming.dev 13 points 1 week ago* (last edited 1 week ago)

Despite having strong protection according to these results, I always get unique fingerprinting from them. Which is scary.

Edit: Now I tried Tor on my desktop and got:

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 628.7 browsers have the same fingerprint as yours. Currently, we estimate that your browser has a fingerprint that conveys 9.3 bits of identifying information.

[–] mac@lemm.ee 12 points 1 week ago* (last edited 1 week ago)

Huh mullvad browser got me the lowest overall. 10.44 bits and a non-unique fingerprint.

Compared against:

  • Firefox with arkenfox user.js (macOS)
  • Tor (macOS and android)
  • Vanadium (android)
  • Cromite (android)
  • Mull (different than mullvad) (android)

I do a vast majority of my browsing on my phone, unfortunately. Vanadium scored the best (on mobile), but it not having extensions (dark reader is a must) and the navigation bar not being movable to the bottom of the screen keeps me on Mull.

I don't love using mullvad for day to day browsing as I can't whitelist specific cookies to retain. Don't love having to re 2fa daily.

[–] bdonvr@thelemmy.club 11 points 1 week ago

Your browser fingerprint appears to be unique among the 183,996 tested in the past 45 days.

:(

[–] AA5B@lemmy.world 10 points 1 week ago

12.67 from Safari/iPhone, without changing any settings. This is my most commonly used browser

[–] LastoftheDinosaurs@walledgarden.xyz 7 points 1 week ago (2 children)

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 91389.5 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 16.48 bits of identifying information

Doesn't look good. How do you make it so that your browser doesn't have a fingerprint at all?

[–] InternetCitizen2@lemmy.world 17 points 1 week ago

You can't not have a finger print. You can a best try and look like everyone elses.Sadly the free market won't care and as such you won't blend with normal users. Still you can try and look like ever one else in the privacy community

[–] catloaf@lemm.ee 5 points 1 week ago
[–] tyler@programming.dev 7 points 1 week ago (1 children)

How does tails get the bits so low?

[–] ivn@jlai.lu 2 points 1 week ago

Tails uses the Tor Browser which does a lot to minimize fingerprinting, for example by letterboxing so the screen size (one of the most unique information in my case) is rounded as to not be as unique.

https://tb-manual.torproject.org/anti-fingerprinting/

[–] kekmacska@lemmy.zip 6 points 1 week ago (2 children)

16.47 on Cromite. But most of the identify information is not even true, almost everything is spoofed. User agent, timezone, operating system, browser name, screen size and color depth, device, even the battery percentage

load more comments (2 replies)
[–] Pika@sh.itjust.works 5 points 1 week ago (2 children)

Your browser fingerprint appears to be unique among the 183,951 tested in the past 45 days.

Currently, we estimate that your browser has a fingerprint that conveys at least 17.49 bits of identifying information.

well shoot my mobile failed that test lmao

[–] piracysails@lemm.ee 6 points 1 week ago (1 children)
[–] CrabAndBroom@lemmy.ml 6 points 1 week ago (1 children)

I got exactly that number too, but also when I looked at the detailed results section lots of it was incorrect. It got that I was on some sort of Linux and using some sort of FF variant, but things like time zone, plugins, screen resolution and system fonts were all wrong.

So sending out 17.49 bits of largely identifying bullshit is still okay I think lol.

[–] piracysails@lemm.ee 3 points 1 week ago

Could it be that the browser shares false information on purpose?

[–] ipkpjersi@lemmy.ml 4 points 1 week ago

I got 17.5 on my Desktop Firefox lol

[–] CubbyTustard@reddthat.com 4 points 1 week ago (1 children)

with budget vpn on: one in 22756.25 browsers have the same fingerprint as yours

with budget vpn off and just apple safebrowsing on: one in 20231.22 browsers have the same fingerprint as yours.

i have the worst vpn!

[–] ivn@jlai.lu 5 points 1 week ago (6 children)

A VPN is unrelated, it changes your IP but the IP is not used to fingerprint.

load more comments (6 replies)

I get 8.44 bits (1 in 347.34 browsers). I use Firefox with Arkenfox user.js applied on top, with some of my own custom overrides.

However, I think the biggest factor could be because I have Ublock Origin set to medium-hard mode (block 1st party scripts, 3rd party scripts and 3rd party iframes by default on all websites), so the lack of JavaScript heavily affects what non-whitelisted websites can track. I did whitelist 1st-party scripts on the main domain for this test (coveryourtracks.eff.org), but all the 'tracker' site redirects stay off the whitelist.

I actually had to allow Ublock Origin to temporarily visit the tracker sites for the test to properly finish--otherwise it gives me a big warning that I'm about to visit a domain on the filter list.

[–] eleitl@lemm.ee 4 points 1 week ago

Vanadium: Your Results Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 61101.0 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 15.9 bits of identifying information.

[–] Albbi@lemmy.ca 4 points 1 week ago

I misread the title as "Cover your taxes" and got really excited to earn about tax avoidance tips. Legal ones obviously.

[–] Gerudo@lemm.ee 4 points 1 week ago

I appreciate the site, but what score is considered good or bad? A cool stat would be some kind of score compared to everyone else.

[–] douglasg14b@lemmy.world 4 points 1 week ago

Default Google Chrome embedded on Android with nothing configured and googled up.

17 bits.

[–] LambdaRX@sh.itjust.works 3 points 1 week ago

After disabling extension "I still don't care about cookies" on Librewolf, I went from 17.48 bits unique fingerprint to 16.48 nearly unique one.

What would be considered a high score on this? Is 16 too high?

[–] OhVenus_Baby@lemmy.ml 3 points 1 week ago

Best methods to lower the score on android? I tested multiple browsers on EFF. 17 bits regardless of browser.

[–] Boomkop3@reddthat.com 3 points 1 week ago

Interesting, this is a cool test! Unsurprisingly, my setup is rather unique.

One thing that stood out to me is that it failed to detect my adblocker. Also, my screen size alone is unique: 1 in 181697 of this 181697 browsers tested.

[–] myrrh@ttrpg.network 3 points 1 week ago* (last edited 1 week ago) (1 children)

9.3 bits / 1:628.3
(ipadOS / safari)

...how do they quantify 3/10 of a bit?..

[–] LambdaRX@sh.itjust.works 4 points 1 week ago* (last edited 1 week ago)

They probably give entropy value, average number of, yes or no, questions that are needed to identify You. (Guess all the information that your browser provided)

[–] Zerush@lemmy.ml 2 points 1 week ago (2 children)
load more comments (2 replies)
[–] whyNotSquirrel@sh.itjust.works 2 points 1 week ago (3 children)

If I tried twice and I got a unique id both times, does it mean Firefox is covering my track ?

load more comments (3 replies)
[–] DieserTypMatthias@lemmy.ml 2 points 1 week ago

17.47 on mobile Vivaldi.

load more comments
view more: next ›