Thread replies: 19
Thread images: 2
Thread images: 2
Anonymous
Fingerprinting Thread 2016-07-20 00:40:46 Post No. 55657786
[Report] Image search: [Google]
Fingerprinting Thread 2016-07-20 00:40:46 Post No. 55657786
[Report] Image search: [Google]
File: 1200313414324.jpg (28KB, 400x303px) Image search:
[Google]
28KB, 400x303px
https://browserprint.info/
https://panopticlick.eff.org/
http://ip-check.info
http://browserleaks.com/
Fingerprinting is the newest way of tracking you across websites.
It's being done right now by companies like Google.
Because unlike cookie based tracking you can't defeat it just by disabling cookies.
In the Panopticlick study 83.6% of fingerprints were unique, even when JavaScript and/or Flash was disabled, and this is before canvas fingerprinting was invented.
There is currently NO FOOLPROOF DEFENCE against fingerprinting (except quitting the Internet).
Google's privacy policy states
>Other technologies are used for similar purposes as a cookie on other platforms where cookies are not available or applicable
https://www.google.com/intl/en/policies/privacy/key-terms/#toc-terms-cookie
ReCAPTCHA probably still contains fingerprinting code:
https://archive.is/9K5gs
This means that the majority of 4chan users could be being fingerprinted, and Google might know about your shitposting habits even if cookies are disabled.
Google releases limited hangout of how much they know about you:
https://news.slashdot.org/story/16/06/29/2038257/googles-my-activity-reveals-how-much-it-knows-about-you
Daily reminder to do all your Amazon / eBay / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
It's currently the ONLY way to truly defend against fingerprint tracking.
Double points if you have each browser running in a different VM with a different OS.
Triple if you have each browser's VM configured with a different VPN connection.
Could the FP-Block browser extension be what we're looking for?
http://satoss.uni.lu/software/fp-block/
Adds randomness to canvases, generates random HTTP headers, randomises timezone, etc.
Bggy, and it doesn't seem to play well with other extensions, but very promising.
If only it was under active development.
>>
https://browserprint.info/view?source1=UUID&UUID1UUID=887267ec-06b0-4d13-9734-0e80065f9351
>>
>>55659145
I see youre using blender.
That might be doing more harm than good considering how outdated it is
>>
File: 1220059024620.jpg (140KB, 675x550px) Image search:
[Google]
140KB, 675x550px
yump
>>
Are you going to do anything about it or just shitpost daily?
>>
>>55661346
Gonna raise awareness until someone who can actually do something about it decides to do so. Being helpless sucks.
>>
>>55661346
I'm working on it.
I like these threads because sometimes there's enlightening discussions.
Another anon said they were working on a fork of chrome that defends against fingerprinting
>>
>>55661366
Seems like it'd be easier to harden Palemoon, since it already doesn't implement a lot of the problem APIs and protocol features.
>>
How do "Libre" browsers perform on this test?
>>
>>55661388
I guess the guy really likes chrome.
>>
>>55661422
No browsers perform particularly well without modification, except the Tor Browser Bundle, but that can be a bit annoying to use. They should really make it so you can disable Tor and just use the browser.
IceCat has some fingerprinting defenses, but it's not that much better
>>
>>55661422
As a rule of thumb, they better they work on modern webpages, the easier they are to fingerpriint.
>>
>>55657786
I think I'm doing OK. It's hard to tell, though; I randomize my canvas fingerprint and user agent.
>>
>>55661497
Randomise per what? Per request?
>>
How amazing, and interesting, but in this digital world, what can we do?
>>
>>55661530
The canvas fingerprint is per request, yes. I have my user agent set to be switched every random amount of time, which I believe is to be between the next request and one hour. Although I could set it to switch every request if I so pleased.
The extensions I use for this are:
CanvasBlocker
Random Agent Spoofer
>>
>>55661597
Switching UAS based on time isn't really effective.
You want to switch based on domain or a hybrid of domain and tab.
If you've got a fingerprinting site open at the same time as other stuff then they know you've switched your UAS and they know what you've switched it to.
>>
>>55661576
Express the fact that it's not acceptable.
Support the development of tools to defeat it.
>>
>>55661530
>>55661597
Some other security-oriented extensions I use:
Clean Links (to get rid of referrer information in links)
Cookie Controller - All cookies always off unless I want to log into a service.
Decentraleyes (to thwart CDN based tracking)
Google search link fix (I don't use google often but sometimes I have to)
HTTPS-Everywhere
RefControl - I have this on the "Forge" setting which works nicely.
Self-Destructing Cookies
uBlock Origin - all good options are on. All lists except for inapplicable language lists on.
uMatrix
A few other things I do:
Flash not installed, let alone enabled.
No Java, Citrix, or any other vendor plugins.
VPN sometimes.
>>55661629
Good point. I'll switch it to switch on every request. Thanks!
Thread posts: 19
Thread images: 2
Thread images: 2