Privacy

34054 readers

740 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

196

Google said it was too hard to target ads to people (www.digitaltrends.com)

submitted 2 days ago by [email protected] to c/[email protected]

56 comments fedilink hide all child comments

Came across this article and it got me thinking, are there any simple ways to defeat advanced tracking methods (fingerprinting, tracking pixels, etc.)?

Obviously you could go the Tor on a virtual machine route, or a non persistent set up like TAILS, but what about a browser that's able to give say, a 80% solution?

I work in the security industry and am always looking for the solution that is simple enough that its palatable to a client (not asking to change your whole lifestyle, just push this button) but also relatively effective.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 1 day ago (5 children)

I use mullvad vpn, and I tested with mullvad browser, and it always detects me. doesn't even matter if I use daita etc...something gives me away. unique fp and it sticks between refreshes and restarts. I recall my gpu being one giveaway but I'll have to check that again tomorrow.

[–] [email protected] 6 points 1 day ago (4 children)

Interesting. I'm very curious at what could be causing the discrepancy between our results!

[–] [email protected] 3 points 1 day ago (3 children)

so out of the box it blends in, but it still knows me even after cleaning the identity. in prediction section almost everything is red 0%, and it seems to know the browser is lying. if I use dark reader, I am unique.

[–] [email protected] 3 points 1 day ago* (last edited 23 hours ago) (1 children)

Interesting, thanks for coming back with some info. It brings up more questions, but I understand if you don't want to dive deeper. No worries!

Just to make sure we aren't testing two separate systems, I am using the site hosted on GitHub from the maintainer: https://abrahamjuliot.github.io/creepjs/
What operating system are you running? I see some discourse online about even Tor being identified as long as it's run on Windows 11, but in Linux it is not identified.

https://old.reddit.com/r/TOR/comments/113ukg9/is_creepjs_able_to_break_tor_antifingerprinting/
Under prediction, what is the crowd-blending score you see? In mullvad, I see 75% (C), in my other browsers I see 60% or less (D/F). Admittedly, I don't fully understand this section too much. I was under the impression that 0% here was a good thing, but the way you described it is the opposite. Trying to locate clarification on this and will edit when/if I find it. Edit: from the README it says failing = unique, but also goes on to say that a lower trust score is not necessarily bad. I'm still a bit confused at exactly what this is telling me, especially when I'm being clearly lumped in with a lot of other users in Mullvad, and very clearly being unique in Firefox. Yet, both datasets are almost entirely 0% under Predicitions.
And just to round it out, I'm curious what you see for the visits count at the top, and when the first visit was. When I'm in Mullvad, the visits count is almost touching 1000, and the first visit was at the beginning of January. These are definitely not me, as I have only run the test a handful of times, and yesterday was the first time I had ever used or heard of creepjs.

I still think there is potentially something I am misunderstanding about creepjs, so I may be wrong here. From what I understand, if the FP ID changes, visits is at 1, and first visit is timestamped right now, then you likely have been identified. The FP ID changing or remaining the same doesn't really indicate anything without the context of the rest of the data, especially the visits counter. It's clear that I am being lumped in with many, many other users.

Lastly, I think that you are making yourself standout from the crowd by manually installing the dark reader plugin (I assume that's what you meant). That defeats the purpose and is likely why you are being identified so quickly. There's a reason why Mullvad and Tor don't make it easy to install plugins, and also why they recommend not maximizing the browser window. They actually specifically force the viewport to be a specific resolution, even if you maximize. This makes you look even more like everyone else, because out-of-the-box you are configured the same as everyone else. As soon as you add anything unique, you become unique.

[–] [email protected] 3 points 21 hours ago (1 children)

yup that's the same thing I was using.
I use linux mint, haven't tried it on any windows system. tried on my phone and no browser can beat it, I'm totally 100% unique.
score is 75% for me too. on any other browser it's 27%, even without any extensions so this is still a lot better. oh and I just assumed 0% was bad because it's shown in red, but if it's the opposite then js engine and mimetypes are the big giveaways as they have 50 and 20%.
it started at 55 and has been alive for a month. before I changed something in the settings it was 300. it still counts up when I refresh, open in a new tab, restart or even clean identity. can't fool it. I suppose it wouldn't matter as long as it confuses me with a few others too, I'm just not convinced it can fool google and meta.

[–] [email protected] 2 points 21 hours ago* (last edited 21 hours ago)

I'm just not convinced it can fool google and meta

Yea, this is a great and healthy skepticism to have. It's why I went deep on this little research tangent.

Besides browser fingerprinting, there are many other ways to tie you to online behavior. For instance, the DAITA thing has nothing to do with browser fingerprints, but specifically the size of your inbound and outbound traffic. The NSA uses that to figure out your behavior and link on-VPN and off-VPN traffic together with great success, regardless of how many hops you go through. It's the behavior that gives you away.

I'm always on my VPN, reconnect at random times, and have all the extras turned on. Something else that may be a factor is that I have Mullvad Browser installed via Flatpak and is sandboxed to hell. Maybe you installed via .deb or something in Mint?

Any way, thanks again for humoring me in this! I think you're right that at least you are sorta getting lumped in with others, but it's never going to be 100% foolproof and we should all plan for that.

load more comments (1 replies)