Killing the Botnet

File: pandAPANDAPanda.jpg (8KB, 220x200px) Image search: [Google]

8KB, 220x200px

www . privacytools . io/

>>58766471
>15.65 % of observed browsers run Linux, as yours.
It's funny how a disproportionate amount of linux users are using this website.

>>58766471
nice way how to trigger automatic banning systems

to change your fingerprint you actually need to change more things like:


UserAgent
Language
Color Depth
Screen Resolution
Timezone
Has session storage or not
Has local storage or not
Has indexed DB
Has IE specific 'AddBehavior'
Has open DB
CPU class
Platform
DoNotTrack or not
Full list of installed fonts (maintaining their order, which increases the entropy), implemented with Flash.
A list of installed fonts, detected with JS/CSS (side-channel technique) - can detect up to 500 installed fonts without flash
Canvas fingerprinting
WebGL fingerprinting
Plugins (IE included)
Is AdBlock installed or not
Has the user tampered with its languages 1
Has the user tampered with its screen resolution 1
Has the user tampered with its OS 1
Has the user tampered with its browser 1
Touch screen detection and capabilities
Pixel Ratio
System's total number of logical processors available to the user agent.


this is old way of doing fingerprinting

these days fingerprinting is more advanced and there was some research of possibility to identify same PC using different browsers

>>58766533
>these days fingerprinting is more advanced and there was some research of possibility to identify same PC using different browsers
[citation needed]

>>58766532
Well if you are concerned with privacy a good first step is not to use proprietary software.

>>58766575
https://www.bleepingcomputer.com/news/security/new-fingerprinting-techniques-identify-users-across-different-browsers-on-the-same-pc/

>sjwfox
no thanks lmao

>>58766471
>>58766533
Is your fingerprint worth spoofing at this point, at least for your daily driver browser? Much of that info is useful when they determine how the content should be rendered on your browser.

>>58766611
That's just normal fingerprinting. The extension I posted spoofs all of these things.

>>58766622
>memes
no thanks lmao

>>58766533
Many of these require JS to use, which is why something lik uMatrix with default-deny scripts is so important.

Also the best way to deal with things like localstorage and cookies is to let sites put things there and then drop it all on the floor when the tab is closed.

>>58766657
Yes. It is used for data mining and ads. It's also the favorite way for governments to do surveillance, they don't need to pass laws or do anything illegal. Just let companies collect data and them come up with a meme excuse like terrorism, cp or piracy.

>>58766471
>Changes your fingerprint to some random one every X minutes, on every request or randomly.
No! It should just set the fingerprint to an immutable value. Changing randomly adds complexity and adds the additional treat vector of having to build a cryptographic secure random number generator.

>>58766471
>>58766533
This is why the Tor browser exists and why people also happen to use it for other protocols like i2p.

>>58766710
>No! It should just set the fingerprint to an immutable value.
Then you are going to be tracked. They just won't know your real setup.
An immutable value would be useful if everyone or at least a lot of people used it.
>Changing randomly adds complexity and adds the additional treat vector of having to build a cryptographic secure random number generator.
It doesn't. Any fucking thing has a secure a random number generator.

>>58766601
Citation needed. If you are a special snowflake you will be detained.

File: NOPE.jpg (24KB, 500x374px) Image search: [Google]

24KB, 500x374px

>https://amiunique.org/
>see idiots go to website
>website fingerprints browser/user
>congrats, you just got added to the botnet even if you didn't have a membership prior to visiting that site

I mean really, you fucking idiots never learn. All those websites that check most anything like browser security, browser identification, whether or not you're on some kind of email hacking database breach, and so on - the moment you go to one of those sites to get yourself "checked" you're just being added to yet another list to be cross-referenced.

>stupid fucking people will be the death of us all

>>58766765
>An immutable value would be useful if everyone or at least a lot of people used it.
That is what I am saying.

>It doesn't. Any fucking thing has a secure a random number generator.
It does add complexity and there are many real world examples of where random number generators turned out to be predictable.

>>58766837
Any website can do what that one is doing. For all you know, every time you load reCAPTCHA to post here Google could be fingerprinting you.

>>58766788
You want citation for the fact that proprietary software has government backdoors? There are the snowden leaks. But that is not the point, there can't be definitive proof that proprietary software have or do not have backdoors, exactly because it's proprietary. If you don't assume the worst you are a fool.

>>58766837
How am I going to be cross-referenced if they can't track me?

>>58766837
Literally any website can do the fingerprinting, that's why this website is there to warn you about this, and it's also open source and the source is available on github. And if your're talking about haveibeenpwned, then that site is made by a well-known security researcher. He would totally ruin his reputation by selling your data, not to mention that he already has ridiculous amounts of leaked crap from the actual breaches. Paranoid fuck.

>>58766662
>Many of these require JS to use
Precisely this.
Just block all the analytics scripts and you're (mostly) good

>>58766939
There are many that don't require JS. Do the test and look at the more detailed results.

>>58766981
>Do the test and look at the more detailed results.
Fairly sure when I tried it with JS blocked it didn't even show results.

>>58767007
That is still a way to track you. Disabled JS is uncommon + your user agent, language, timezone and possibly IP.

>>58767040
Meh I can't even remember the last time I saw ads so it's more or less valueless data.

I would be interested in a script that randomly browses in a semi-convincing manner to throw them off though
(also I don't fully buy that the randomization of all variables makes you more traceable that sounds retarded as fuck)

File: ss+(2017-02-02+at+04.15.03).png (28KB, 856x379px) Image search: [Google]

28KB, 856x379px

>Actually on Firefox
>Actually on Linux
>In 5min it'll say i'm on Chrome and Windows
Thanks Gorhill

>>58767071
>(also I don't fully buy that the randomization of all variables makes you more traceable that sounds retarded as fuck)
What do you mean? If you set all of them to a random value and forget about it they will be more or less unique and you can be tracked.
If by randomization you mean changing to common values every now and then, then it makes you less traceable.

>>58767106
>If by randomization you mean changing to common values every now and then, then it makes you less traceable.
Yeah this
>but anon changing your signature all the time makes you more unique

>>58767139
Only if they know that you are changing your signature. And they can only know by the fingerprint, but you are changing that.

Think like using a mask and a fake ID for every different place you go. It is only suspicious if they know you are doing that.

>>58767096
>oh, it's that one guy switching user profiles. lmao, we've already ID'd him by his GPU and resolution

>>58767300
>you can effectively identify someone with only two of the most common parameters, one of which can be spoofed and both completely denied if no JS
gtfo strawman faggot

>>58767300
No. It spoofs that too.

>>58767347
>>58767352
It was just an example. There are a hundred other ways you are unique

Pro tip: disabling JS doesn't prevent that. Using Tor Browser with security setting at high does

>>58767405
>Pro tip: disabling JS doesn't prevent that.
Pro tip: It does, Tor minimizes your window so JS can't identify you easily cause most normie retards that use it don't disable scripts globally

File: ss+(2017-02-02+at+04.44.54).png (5KB, 287x187px) Image search: [Google]

5KB, 287x187px

>>58767405
>disabling JS doesn't prevent that.
go back to /v/ already

>>58767040
User agent is easy to randomize. IP can be handled by a VPN. I don't know about timezone, is there an addon that randomizes this? Language pretty much can't be helped, but en-us isn't exactly a unique identifier.

>>58767300
You could do your browsing in a VM and make your hardware look identical to everyone else using the same virtualization software.

>>58767498
>I don't know about timezone, is there an addon that randomizes this?
Yes. See OP.

File: 999999999999999999999.jpg (132KB, 1459x652px) Image search: [Google]

132KB, 1459x652px

>>58767405
>Pro tip: disabling JS doesn't prevent that.
It does.
Anyways also pic related for 'more'

>>58767570
I didn't know it did timezones as well as the useragent. cool

>>58767604
It randomizes all the fingerprinting. Check the list on their page.

I'm thinking of developing a VPN provider that charges on demand. You deposit a certain amount of bitcoins on it, if you use less than that it sends the remaining coins back.
Is there anything like that already?

>>58767731
Instead of refunding, why not just keep a rolling balance from a month to month basis and then when the customer runs out of BTC they have to deposit more for continued service? If they decide to cancel their membership then refund them.

>>58767731
There are providers that accept bitcoins, and other anonymous payment methods. But they all do so on the traditional $X/month basis, not on time connected or data transferred. Which makes sense if you think about it, since they have to maintain a certain amount of infrastructure to be ready for use, even if it doesn't actually get used.

>>58767804
That's a good idea.

my fonts gave me away

rip

>>58767864
Thanks

By rejecting anything proprietary!

TrueGNU~
>Skype-- No way! That's proprietary!

>>58767939
This
>mfw my amazing fonts give me away to the botnet

>>58768252
>TrueGNU~
>>Skype-- No way! That's proprietary!
Tell me that's not your '''signature'''

>>58769200
My fonts are default with the google ones that I got somehow. Hardly amazing. Still gave me out.

>>58769214
At first I didn't understand why that was there. Holy shit is this person autistic.

>>58766471
the one opera user left

File: 1464319772882.jpg (13KB, 283x188px) Image search: [Google]

13KB, 283x188px

>>58766471
>"Yes, you can be tracked"
>"Windows NT 6.3"
>actually using Linux
>second try
>"Almost"
>"Windows NT 6.1"
>mfw not even this website can fingerprint me

>>58766471
>https://amiunique.org/
Are you unique?
Almost! (You can most certainly be tracked.)

36.66 % of observed browsers are Chrome, as yours.

2.13 % of observed browsers are Chrome 52.0, as yours.

13.54 % of observed browsers run Mac, as yours.

4.94 % of observed browsers run Mac 10.10, as yours.

66.44 % of observed browsers have set "en"as their primary language, as yours.

But only 4 browsers out of the 307413 observed browsers (0.00 %) have exactly the same fingerprint as yours.
I win! None of this is true!

>>58769618
Linux rulez