this post was submitted on 01 Nov 2023
82 points (96.6% liked)

Privacy

31892 readers
567 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

What score does your browser(s) get?

I'll start: I got:

one in ~25000 browsers have the same fingerprint as yours

top 50 comments
sorted by: hot top controversial new old
[–] leraje@lemmy.blahaj.zone 21 points 1 year ago (3 children)

CreepJS is much better (and scarier) at fingerprinting you than EFF. I've not managed to completely fool it yet but I've got my score down to 0% trust, meaning the fingerprint it generates is pretty useless. I suspect the only way to totally fool it (by which I mean spoof my devices) would be to turn JS off completely.

[–] relevants@feddit.de 5 points 1 year ago (2 children)

On Safari 17 every time I visit the site it claims it's my first visit, despite a trust score of 57%. Not sure if I'm interpreting the results wrong or ITP is just doing its job.

[–] leraje@lemmy.blahaj.zone 4 points 1 year ago

I'm not 100% sure but I don't think creep stores anything on its github incarnation so it'll always look like it's your first visit.

[–] TheRaven@lemmy.ca 2 points 1 year ago* (last edited 1 year ago) (2 children)

iOS 17 Safari (especially with enhanced fingerprint protection on) is really good at fingerprint protection. It rotates a few data points like canvas ID so that it makes you look like a new fingerprint each time.

Fingerprint analyzers can find out lots about your fingerprint that way, but if your fingerprint keeps changing, it becomes difficult to identify you. Unique fingerprints don’t mean anything if your fingerprint keeps changing.

load more comments (2 replies)
[–] Dust0741@lemmy.world 4 points 1 year ago

Wow yea this seems really good. And scary. Too bad it doesn't seem to work with mullvad browser

[–] DreadPotato@sopuli.xyz 2 points 1 year ago* (last edited 1 year ago)

I get 0% on CreepJS with default DDG browser set to "strict", with a crowd blending score of 27%.

I get 40.7% with Mull + adblocker and 66.5% with FF + adblocker

[–] DreadPotato@sopuli.xyz 14 points 1 year ago* (last edited 1 year ago) (2 children)

"Your browser has a unique fingerprint"...well that isn't good...

[–] jet@hackertalks.com 4 points 1 year ago

Unique among the people who use that website. So if nobody else if you're configuration ever tried that website.... You would be unique

The bits of entropy are the more important parts of the results. The lower the bits the better

[–] Devjavu@lemmy.dbzer0.com 2 points 1 year ago

Please also consider things like canvas spoofing. It will create a unique fingerprint that is different every time.

I'm not sure how to read this report. It says my browser is unique and random with strong protections.

[–] aindriu_b@feddit.uk 7 points 1 year ago* (last edited 1 year ago) (3 children)

I got "unique among the 185,973 tested in the past 45 days"

Edit: this is using Firefox Android Nightly with UBlock + Canvas Blocker

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 4330.4 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 12.08 bits of identifying information.

Using Mull with NoScript through Mullvad

[–] lanigerous@feddit.uk 2 points 1 year ago* (last edited 1 year ago)

Same here Edit: except unique in 186,012 tests

[–] Orbituary@lemmy.world 1 points 1 year ago

Similar. Using Mull, uBlock, pi-hole, and ghostery. I should try with my VPN on.

[–] dsemy@lemm.ee 7 points 1 year ago* (last edited 1 year ago) (1 children)

There is also fingerprint.com, which I tend to trust more since it's a company that literally sells fingerprinting tech to other companies.

It managed to identify me while using the Tor browser on "Safer" (doesn't work on "Safest" due to JS). Edit: this is likely due to an issue with my install, and not the browser itself.

[–] jet@hackertalks.com 2 points 1 year ago (1 children)

How did it identify you via tor? Were you using the browser bundle? Completely vanilla?

Did you refresh your session between tests?

[–] dsemy@lemm.ee 2 points 1 year ago (1 children)

Completely vanilla, fully stopped and restarted the browser. This was right after the 13.0 update.

[–] jet@hackertalks.com 4 points 1 year ago (4 children)

For what it's worth I just tested.

Tor browser 13.0.1, plus U-Block origin, fingerprint.com did not identify two different sessions

[–] dsemy@lemm.ee 2 points 1 year ago

I should test again then, not sure what happened

load more comments (3 replies)
[–] Dust0741@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

More of my stats:

Fennec (privacy badger + unlock origin): 1 in 23301.0

Fennec private tab (privacy badger + unlock origin): 1 in 20712.44

Firefox hardened (arkenfox + privacy badger + unlock origin): 1 in 37281.6

Firefox hardened private tab(arkenfox + privacy badger + unlock origin): 1 in 31069.5

Mullvan browser (dafaults with unlock): 1 in 147.48

[–] akilou@sh.itjust.works 5 points 1 year ago (1 children)

Am I looking for a high number or a low number?

Looks like Chrome randomized my fingerprint but Firefox doesn't. Does that mean I should be using chrome instead of FF?

[–] Zastyion345@lemmy.ml 3 points 1 year ago (2 children)

Spoof your user-agent in FF

[–] HurlingDurling@lemm.ee 1 points 1 year ago (1 children)

I need this but Firefox mobile doesn't have that option yet

[–] Zastyion345@lemmy.ml 1 points 1 year ago

Well Im sure there is an addon to do that

load more comments (1 replies)
[–] jet@hackertalks.com 5 points 1 year ago (1 children)

mullvad vpn + mullvad browser + a bunch of extensions: 1:26830.0

fingerprint.com does not track me

[–] dsemy@lemm.ee 9 points 1 year ago (1 children)

Mullvad browser + extensions is pointless, might as well use LibreWolf or just harden Firefox yourself.

The point of the Mullvad browser is to not stand out from the crowd; by installing extensions you are definitely standing out.

[–] jet@hackertalks.com 5 points 1 year ago (2 children)

librewolf doesn't do auto updates.

I don't need to harden firefox myself, mullvad comes pre harded.

[–] dsemy@lemm.ee 4 points 1 year ago

You're right. What I meant was that you lose Mullvad's fingerprinting resistance by installing extensions, but if you're only looking for a hardened Firefox with auto updates then it's fine.

[–] Pantherina@feddit.de 2 points 1 year ago (1 children)

Librewolf Flatpak autoupdates lol

[–] jet@hackertalks.com 2 points 1 year ago

That's great! I'm glad you have a package management system that works for you!

https://librewolf.net/docs/faq/#how-often-do-you-update-librewolf

It should however be noted that LibreWolf does not have auto-update capabilities, and therefore it relies on package managers or users to apply them.

[–] possiblylinux127@lemmy.zip 4 points 1 year ago (1 children)

Your browser fingerprint appears to be unique among the 187,041 tested in the past 45 days.

[–] GrappleHat@lemmy.ml 1 points 1 year ago (1 children)

Same here. Is there a way to spoof a more generic fingerprint or something?

[–] possiblylinux127@lemmy.zip 1 points 1 year ago

It seems that my screen resolution is the problem. Brave beats Firefox based browsers because it spoofs the screen resolution

[–] akilou@sh.itjust.works 4 points 1 year ago (2 children)

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 93387.5 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 16.51 bits of identifying information.

But also

Your browser has a nearly-unique fingerprint

I don't get it

[–] dsemy@lemm.ee 4 points 1 year ago

Almost no browser has the same fingerprint as yours, which makes it nearly unique.

[–] jet@hackertalks.com 3 points 1 year ago

There's a couple issues going on here. Number one is it's unique amongst the people who go to EFFs website cover your tracks. That's not all of the internet users. Hell that's not even most of the internet users. It's pretty niche community.

The bits of identifying information are the critical key here. 16 bits, 2 ^ 16.. 65,000 different possibilities. Each piece of information you give, makes it a little bit easier to track you. Things like language, time zone.. The more bits, the easier it is to identify you. The less bits, the more you blend into the crowd.

This is why multiple people, including myself, have talked about fingerprint.com they're professional service, who's targeting websites, who want to track users. So they're incentivized to track as best as able.

Even if you've got a great EFF score, you should always check fingerprint.com, to see if they can track you.

[–] young_broccoli@kbin.social 3 points 1 year ago (2 children)

Only one in 706.9 browsers have the same fingerprint as ~~yours~~ mine.

Is that bad? Or is this like golf.

[–] BearJCC@lemmy.sdf.org 5 points 1 year ago* (last edited 1 year ago) (1 children)

The lower the number the better. That's pretty decent.

[–] paradox2011@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

Not necessarily bad, the lower the number the harder it is to fingerprint you. In other words, your browser stands out much less and is less noticeable from the masses than the OPs browser.

Generally the more security/privacy tweaks and add-ons you apply to your browser the more secure it gets, but you tend to stand out from the masses more because of the changes, resulting in the 1 in 4,000 type stat. It becomes easier to differentiate your traffic from others.

Whether anonymity or security is more desirable depends on your threat model.

Edit: "Your browser fingerprint appears to be unique among the 186,867 tested in the past 45 days." Evidently I stand out quite a bit 😂

[–] Omega_Haxors@lemmy.ml 3 points 1 year ago (1 children)

0 because I have scripts disabled.

[–] BitSound@lemmy.world 2 points 1 year ago

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 4244.39 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 12.05 bits of identifying information.

Firefox mobile with various addons, most important of which is probably NoScript

[–] alt@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (1 children)

On LibreWolf, which I use to surf daily, I got one in 180k+.

Afterwards, I tried Tor Browser -which is honestly almost never used- and this was a lot better at one in 6k+. Though this was only in "Safer" mode, I tried testing it on "Safest" afterwards, but an update screwed it up and I somehow couldn't get it back to its standard opening size.

Interestingly, my best result I got once again on LibreWolf. This time, I changed two things:

  1. Enable letterboxing
  2. Disable Javascript entirely through uBlock Origin

This resulted in a one in 800+. I am interested to know how Mullvad browser users fare on Mullvad VPN.

load more comments (1 replies)
[–] AnonymousLemming@feddit.de 2 points 1 year ago

Doesn't work with Javascript blocked.

[–] jeanofthedead@sh.itjust.works 1 points 1 year ago

1:46157.75 using mobileSafari on iOS with NextDNS.

load more comments
view more: next ›