We need Richard Hendricks and his new internet asap
What’s this about? Fill me in? 🙏
He was the main character on Silicon Valley
Oh okay. I should pick that show up again, finish what I started.
Thanks!
its more mike judge prophecy stuff. So much of whats going on now was covered in that show.
I don’t bother. I know they know everything about me already, and that I’m not an important person. As such, I wonder why it matters.
Behaviour is tracked in order to be influenced.
Username checks out.
The only thing that matters in government politics is public opinion.
its captcha v3, its the same thing reddit uses to catch bots and ban evaders, apparently its expensive for reddit so they only mostly use it for ban waves.
Time for a user agent switcher. Like “Yeah, I swear, I’m a PS5, that has only monospaced comic sans insrelled”
Jokes aside, keep in mind that the idea of fingerprinting is that your computer’s configuration is as unique as a fingerprint (e.g., your monitor is x resolution, you are on this operating system, you are using these following extensions in this browser, you have these fonts on your system).
Setting your user agent to something super unique is basically shining a spotlight on yourself.
It’s way worse than that.
Even if you somehow magically have the same settings as everyone else, you’re mouse movement will still be unique.
You can even render something on a canvas out of view and depending on your GPU, your graphics driver, etc the text will look different…
There is no real way to escape fingerprinting.
I have a novice coding question using the mouse tracking as an example: Is it possible to intercept and replace mouse tracking data with generic inputs? For example, could you implement an overlay that blocks mouse interactions, and instead of physically clicking on elements, send a direct packet to the application to simulate selecting those elements?
Yes, it’s possible. That’s the way a lot of automated web UI testing tools work. The problem with doing it during normal browser use is that your intentional actions with the real mouse wouldn’t work right, or the page would start acting like you clicked on things you didn’t click on.
Fingerprinting unfortunately uses more than useragent strings. It takes hashes of data in your browser from a javascript context that is not easily masked or removed. For example, it might render a gradient of colors projected onto a curved 3d plane. The specific result of this will create a unique hash for your GPU. They can also approximate your geolocation by abusing the time-to-live information within a TCP packet, which is something you can’t control on the clientside at all. If you TRULY want to avoid tracking by google, you need to block google domains in your hosts file and maybe consider disabling javascript on all sites by default until you trust them. Also don’t use google.
How must it feel being clever enough to come up with these ideas and then implement them for companies invading everyones privacy for advertisement revenue and malicious information serving or stealing.
I guess they sleep soundly on a fat bank account.
new? isn’t this at least like a decade old method of tracking?
Google can’t fingerprint you very well if you block all scripts from Google.
Considering how few people block all scripts, this could also make it trivial for them to fingerprint you.
I’ve checked, its true. Linux plus Firefox already puts you in the 2 percent category.
plus Random User Agent.
Random User Agent.
I love this.
Anyone who uses uBlock blocks Google scripts.
uBlock Origin + PiHole FTW.
This breaks all kinds of stuff though. A ton of sites use Google for captchas.
I just don’t use any sites like that. If a site is using something other than Turnstile from Cloudflare, then I refuse to use it. I haven’t really experienced any inconvenience myself with this policy, but obviously I don’t depend on any sites that require recaptcha.
But you can allow/block any elements per site, or globally, which makes it trivial to block all unwanted scripts except on specific sites. So there is nothing preventing you from only exposing yourself to Google on the few sites you use that need those scripts.
I wonder how safe is Apple ecosystem from this.
Lol
We’re all gonna need to use whonix for basic shit now
Which is why I had hoped the EU would ban all forms of fingerprinting and non-essential data tracking. But they somehow got lobbied into selecting cookies as the only possible mechanism that can be used, leaving ample room to track using other methods.
How would that even be enforced?
same way other regulations are enforced: fines
That might work if the fine was say $1.5 B
The European Commission has fined Apple over €1.8 billion for abusing its dominant position on the market for the distribution of music streaming apps to iPhone and iPad users (‘iOS users’) through its App Store
EU knows how to get it done
God bless those European MF’rs
How do you prove they’re doing it?
They’re making money aren’t they? They have to be doing something weird.
Investigation, witnesses, gather evidence, build a case and present the evidence. Same as any other thing.
I don’t get why this would be harder to prove than other things?
If you have reason to believe they are, you explain that reasoning to a court and if the reasoning is sufficiently persuasive the company can be compelled to provide internal information that could show whatever is going on.
Hiding this information or destroying it typically carries personal penalties for the individuals involved in it’s destruction, as well as itself being evidence against the organization. “If your company didn’t collect this information, why are four IT administrators and their manager serving 10 years in prison for intentionally deleting relevant business records?”The courts are allowed to go through your stuff.
Not sure how to effectively do that, but I reckon it would be no different than the cookie mess today. Which unfortunately is, hardly ever. The big GDPR related fines can still apply. Let’s say a data set is leaked that includes tracking data that was not necessary for the service to have, then the company can receive a hefty fine. As long as the fine is larger than the reward, it might not be worth it for the company to track you anymore.
Yeah, I have an anti fingerprint extension installed in Firefox, and immediately no Google site will work anymore, all google sessions break with it while most other sites just continue to work.
I’m working to rid myself completely from Google, my target being that I will completely DNS block all google (and Microsoft and Facebook) domains within a year or so. Wish I could do it faster but I only have a few hours per weekend for this
What search engine do you use?
I want to do this but really the only thing holding me back is my phone.
Mind sharing what extension you use?
Hi, here are the extensions I use in FireFox/Librewolf (all will work in Chromium too, but I don’t recommend Chromium browsers):
Privacy and Security-focused
uBlock Origin: A lightweight and efficient wide-spectrum content blocker.
Decentraleyes: Protects you from tracking through free, centralized content delivery. (not recommended alongside uBlock Origin; see the reply below)
CanvasBlocker: Protects your privacy by preventing websites from fingerprinting you using the Canvas API.
Ghostery Tracker & Ad Blocker - Privacy AdBlock: Blocks trackers and ads to protect your privacy and speed up browsing. Also has a handy feature that automatically rejects cookies for you. (not recommended alongside uBlock Origin; see the reply below. You can disable the ad blocking functionality and keep the cookie rejection function).
KeePassXC-Browser: Integrates KeePassXC password manager with your browser.
NoScript: Blocks JavaScript, Flash, and other executable content to protect against XSS and other web-based attacks (note: you will be required to manually activate javascript on each web page that you visit, but this is a good practice that you should get used to).
Privacy Badger: Automatically learns to block trackers based on their behavior. (not recommended alongside uBlock Origin; see the reply below)
User-Agent Switcher and Manager: Allows you to spoof your browser’s user-agent string (avoid creating a unique configuration; opt for something common, such as Chrome on Windows 10).
Violentmonkey: A user script manager for running custom scripts on websites (allows you to execute your own JavaScript code, usually to modify how a website behaves or block behavior that you don’t like. VERY useful. Check out greasyfork for UserScripts).
Other useful extensions (non-privacy/security)
Firefox Translations: Provides on-demand translation of web pages directly within Firefox.
Flagfox: Displays a flag depicting the location of the current website’s server.
xBrowserSync: Syncs your browser data (bookmarks, passwords, etc.) across devices with end-to-end encryption.
Plasma Integration: Integrates Firefox with the KDE Plasma desktop environment (for linux users).
Thanks for this list! Just got off chrome and this helped speed things along!
Port Authority is a good one too, I think. Need to check that it is still maintained.
Thanks for the list! Although most of the time it’s advised to not use multiple adblocker in tandem, because they might conflict with each other and get detected by the website. For example, uBlock origin has, in its settings, an option to disable JavaScript and in the filter list, an option to block cookie banners “Cookie notices”. But if all of these work for you that’s great!
How do these extensions work with ubo?
On a different note. Your name used to be my nickname lol thanks for that memory.
They work well on desktop and mobile (firefox). As the other replier stated, you may want to avoid using multiple ad blockers (decentraleyes, privacy badger, and ghostery) alongside UBlock; and NoScript’s functionality can be achieved with UBlock.
Lol the name came from a ironscape clan member from my osrs days. I don’t suppose that’s you?
Nope. Just a fan of South Park.
“Decentraleyes” is such a good name, damn!
But why would any browser accept access to those metadata so freely? I get that programming languages can find out about the environment they are operating in, but why would a browser agree to something like reading installed fonts or extensions without asking the user first? I understand why Chrome does this, but all of the mayor ones and even Firefox?
Because the data used in browser fingerprinting is also used to render pages. Example: a site needs to know the size of browser window to properly fit all design elements.
I fucking hate this. Let me zoom, stop reacting and centering omfg.
Just for an example that isn’t visible to the user: the server needs to know how it can communicate responses to the browser.
So it’s not just “what fonts do you have”, it also needs to know "what type of image can you render? What type of data compression do you speak? Can I hold this connection open for a few seconds to avoid having to spend a bunch of time establishing a new connection? We all agree that basic text can be represented using 7-bit ASCII, but can you parse something from this millennium?”.Beyond that there’s all the parameters of the actual connection that lives beneath http. What tls ciphers do you support? What extensions?
The exposure of the basic information needed to make a request reveals information which may be sufficient to significantly track a user.
Firefox has built-in tracking protection.
I know that it has that in theory, but my Firefox just reached a lower score on https://coveryourtracks.eff.org/ (which was posted in this threat, thanks!) than a Safari. Firefox has good tracking protection but has an absolute unique fingerprint, was 100% identifiable as the first on the site, as to Safari, which scored a bit less in tracking but had a not unique fingerprint.
Probably because Safari is default macOS and most people leave it at default settings. I doubt Apple is doing anything special here.
Apple is doing good on the privacy browser front because it makes the data they collect more valuable
Time for meshnet?
Using Mullvad Browser + Mullvad VPN could mitigate this a little bit. Because if you use it as intended (don’t modify Mullvad browser after installation) , all Mullvad users would have the same browser fingerprint and IPs from the same pool.
And now Mullvad has all the data
Mullvad, (the vpn, I have not tried the browser) uses a single account number as both name and password, no emails. It allows for multiple anonymous payment methods and it’s open source.
Sliiiiightly more trustworthy than Google imo.
The random dude on the corner is more trustworthy than Google, it’s not that hard to be sadly.
Big corp facts.
If you don’t trust anyone the internet (or any net you don’t fully control yourself) is not something you will use.
Practical security is a matter of threat-modeling and calculated risks.
Mullvad has a good track record, but if you know of better alternatives that don’t require building it yourself, please share!
Tor browser. It’s probably more popular, and they lead the charge in standardizing everything so you know it’ll be top tier.
And Mullvad is not in business if selling user profiles to advertisers, at least as far as we know
The problem is it’s all or nothing. You must foil IP address, fingerprint, and cookies - all three at once.
Mullvad browser might make your fingerprint look similar to other users, but it’s not common is the problem. Test it with the EFF Cover your tracks site.
So I thought this is never going to fly under GDPR. Then the article goes on to say:
Many privacy laws, including the EU’s GDPR and California’s CCPA, require user consent for tracking. However, because fingerprinting works without explicit storage of user data on a device, companies may argue that existing laws do not apply which creates a legal gray area that benefits advertisers over consumers.
Oh come on Google, seriously? I remember a time when Google were the good guys, can’t believe how they’ve changed…
Google were maybe seen as the good guys back in the days of Yahoo search, and perhaps the very early days of Android.
But those times are so long passed. Google has been a tax-avoiding, anti-consumer rights, search-rigging, anti-privacy behemoth for decades now, and they only get worse with each passing year.
for decades now
You should drop that S. The company has only existed for a little over 2 decades and Android hasn’t been around for much more than 1. Yes they’ve become an evil fucking corporation but let’s not exaggerate for how long.
I’ve been using Google since 1998, and everyone loved them because their search indexed sites quicker than others and the search results were more useful than the competition at the time like Yahoo and Altavista and AskJeeves. They started turning nasty as soon as they gained steam & commercial success with AdWords… around 2003-2004. So no, while they get worae each year they haven’t been ‘the good guys’ for decades.
You’re mad cause they started putting ads into your search results? Like that was always going to happen. Having ads doesn’t make them evil. The shit they’re doing right now, and have been doing for the last half a dozen years or so, that makes them evil.
What? Maybe you should just stop trying to guess what people think or tell them what they know.
You’re welcome to your opinion that it’s only been a dozen years of bad behaviour but I do not share it and nor do many, many others. Feel free to have a browse, much of this goes back to 2001, many lawsuits filed in the early 2010s had evidence going back a decade. https://en.m.wikipedia.org/wiki/Criticism_of_Google
I’m not responding any further.
In other words, they went public and must now maximize gains for shareholders.
boards of directors have a fiduciary duty to the shareholders. If they did something they knew wasn’t going to result in the max short term profits they can be found in violation. Just a race to the bottom.
That time was like 20 years ago, dude
It’s still sad to see the development. We’re allowed to mourn things that happened long ago, you know.
Oh absolutely. At this point I’m not surprised anymore that they turned to shit, it’s more like I think they’ve hit rock bottom already but they manage to surprise me with new ways to dig their hole even deeper.
This article actually shares what changed, as opposed to just asserting that there was a change.
