Some time ago I noticed that in Chrome, every time you click "Never translate $language", $language quietly gets added to the Accept-Language header that Chrome sends to every website!
My header ended up looking like a permuted version of this:
en-US,en;q=0.9,zh-CN;q=0.8,de;q=0.7,ja;q=0.6
I never manually configured any of those extra languages in the browser settings. All I had done was tell Chrome not to translate a few pages on some foreign news sites. Chrome then turned those one-off choices into persistent signals attached to every request.
I'd be surprised if anyone in my vicinity share my exact combination of languages in that exact order, so this seems like a pretty strong fingerprinting vector.
There was even a proposal to reduce this surface area, but it wasn't adopted:
Clearly it thinks you prefer Chinese to German. Was that correlated with the frequency of your requests on Google Translate? With your browsing history? With your shopping history?
Is Chrome trying to assume that, since you don’t want it to translate those pages/languages, that you can read them/want them in your header? Interesting
Translating pages is literally the only thing I use Chrome for. The built-in translation works way better than other browsers, even though they also use Google Translate.
Surely this is true, but if you’re a fingerprinting company aren’t you making so much money violating the privacy of the masses that it’s not worth your time going after the tiny set of Freedom Nerds trying to evade you?
The article also mentions this, and suggests the UA is not a silver bullet. That said, they didn’t go into specifics. I’m assuming there are other details that correlate to particular browsers that will betray a false UA. Plus, having a UA that says Chrome while including an extension that’s exclusive to Safari (tor example) will not only contradict the UA, but it will also be a highly distinctive datapoint for fingerprinting, in and of itself.
Modern Safari is pretty damned good at randomizing fingerprints with Intelligent Tracking Prevention. With IOS 26 and MacOS 26, it's enabled in both private and non private browser windows (used to be only in private mode).
All "fingerprint" tests I've run have returned good results.
what about duck duck go? We need a simple chart:
1. What browsers are good at resisting finger printing
2. tell for each browser, does it work on android ad ios and apple and windows and linux
3. what setting are needed to achieve this
for bonus points, is there no way to strip all headers on chrome on control it better?
Using Chrome and caring about privacy? I thought, after Google killed uBlock Origin, it had become beyond clear these two things were incompatible, https://news.ycombinator.com/item?id=41905368
There's a way to enforce loading UBo in Chromium but you need to download the extension by hand (git clone it from GitHub) and load it in "developer mode" in the extension settings. Also, you need to enable some legacy options related to extensions in about:flags.
Hmmm...YouTube has been getting confused about the language and displaying random languages for the closed captions on videos. This was happening to me across smart TVs but I access YouTube randomly from various devices and browsers...but mostly Chrome when using a browser.
> There was even a proposal to reduce this surface area, but it wasn't adopted:
>> Instead of sending a full list of the users' preferred languages from browsers and letting sites figure out which language to use, we propose a language negotiation process in the browser, which means in addition to the Content-Language header, the site also needs to respond with a header indicating all languages it supports
Who thought that made sense? Show me the website that (1) is available in multiple languages, and also (2) can't display a list of languages to the user for manual selection.
What language do you put that list in? Would you still want to show it to every visitor when you know most of them speak a particular language?
I use to do some work in this area. The first question is difficult and the second is no. We had the best results when we used various methods to detect the preferred language and then put up a language selector with a welcome message in that language. After they made a selection, it would stick on return visits.
> What language do you put that list in? Would you still want to show it to every visitor when you know most of them speak a particular language?
Judging by... a large number of websites, you make the list available in a topbar, and each language is named in itself. You don't apply one language to the entire list.
Here's the first page that popped into my head as one that would probably offer multiple languages (and it does!):
They've got the list in a page footer instead of a header, but otherwise it's an absolutely standard language selector. It does technically identify countries rather than languages. The options range from Azərbaycan to Україна. They are -- of course -- displayed to every visitor.
Why would you want to force someone to consume your website in the wrong language?
And why would the list be in a single language, again?
You’re looking at it with the perspective of someone who understands the language the site defaults to. Most non-native speakers have a hard time finding the link and they leave.
Firefox w/ the Arkenfox user.js is probably as good as it gets in terms of privacy. By default, this config burns cookies on exit, standardizes the time zone to UTC, spoofs the canvas fingerprint, and does other helpful things. Basically, it makes Firefox expose the same information as the Tor browser.
In addition, I block most known advertizing/tracking domains at the DNS level (I run my own server, and use Hagezi's blacklists).
Finally, another suggestion would be to block all third party content by default using uBlock Origin and/or uMatrix. This will break a lot of websites, but automatically rules out most forms of tracking through things such as fonts hosted by Google, Adobe and others. I manually whitelist required third party domains (CDNs) for websites I frequently visit.
There's no point unless a critical mass of people use these tools. You will be the only one on your IP address using this configuration of masked fingerprinting, which is itself a fingerprint.
That's also why it's indeed useful when using Tor, because you're not identified by your base IP.
Unless we make this part of the culture, you have basically 0 recourse to browser fingerprinting except using Tor. Which can itself still be a useful fingerprint depending on the context.
EDIT: I'll add that using these tools outside of normal browsing use can be useful for obfuscating who's doing specific browsing, but it should be emphasized that using fingerprinting masking in isolation all the time is nearly as useful as not using them at all.
Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?
> block all third party content
It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
Also imagine if browser didn't provide drawing API for canvas (if you would have to ship your own wasm rendering library). Canvas would become useless for fingerprinting and its usage would drop manyfold. And the browser would have less code and smaller attack surface.
The number of cores is also set to 4 for everyone using this config and/or Tor.
> It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
This may be true, but allowed third party content makes it trivially easy for Google and others to follow people around the Internet through fonts delivery systems among others.
As near as I can tell, it’s always been owned by Cliqz, who produced some privacy-focused browsers (named Dawn or Lumen) and a search engine (Tailcat) that was ultimately purchased by Brave. The whole thing is majority owned by a German media group, Hubert Burda Media, and while its missions towards increased privacy seem to be sincere, I don’t know if I’d trust them implicitly.
All that said, the main project looks to be open sourced under a GPL3 license, so distrust and verify: https://github.com/ghostery
If I infiltrate someone else’s computer, secretly run code in order to to exfiltrate data I risk prison time because objectively it seems to satisfy criminal laws over where I live.
How do prosecutors in any modern country/state not charge this behavior when done by a website owner?
The difference is that there's implied consent to run arbitrary (albeit sandboxed) code when you visit a website. Moreover it's not the website causing the code to be executed, it's your browser. Otherwise if the bar is "code is being run but the user doesn't know about it", it would lead to either any type of web pages with javascript being illegal (or maybe without javascript, given that CSS turing complete), or a cookie banner type situation where site asks for consent and everyone just blindly accepts.
> Basically, it makes Firefox expose the same information as the Tor browser.
Is it based on the Tor browser?
Some solutions, like Tor browser or GrapheneOS, are engineered for the purpose.
Some free online tools are an aggregation of ideas from social media and someone's personal understanding. These solutions can have limited benefits or be worse than the problem. Many settings don't work as expected, there are unintended consequences (such as making the browser more unique and easier to fingerprint), unusual combinations of settings can have unintended consequences or break things (Mozilla can't test every combination of about:config settings).
>The only efficient protection against fingerprinting is what Orion is doing — preventing any fingerprinter from running in the first place. Orion is the only browser on the market that comes with full first-party and third-party ad and tracking script blocking, built-in by default, making sure invasive fingerprinters never run on the page.
sounds like they block "known" fingerprinting scripts and call it a day.
This is also covered in the article. I appreciated the analogy they used: You can put on a ski mask when you go to the mall, and it will conceal your identity, but you will also be instantly suspicious to everyone around you, and will likely be asked to leave most of the stores you try to visit.
> Orion is the only browser on the market that comes with full first-party and third-party ad and tracking script blocking
I love Kagi, but that is a laughable statement. Brave has been offering ad and fingerprint blocking for years now. The reason why they don't have full first party blocking ("aggressive" mode blocking) on by default is because it tends to break things.
unfamiliar with the Arkenfox user.js but are any of these things that are beyond what firefox enables out of the box if you turn on privacy.resistFingerprinting ? Because what you describe seems to be all stuff it does just by flipping flag.
Arkenfox does far more than that, just look at the user.js. Among others, it spoofs the time zone, number of cores, window size and many other attributes that assist fingerprinting. It basically mimics the settings of the Tor browser.
As someone who utilizes these tools for anti-fraud purposes, Firefox is just as trackable if not more trackable than Chrome (especially because you stand out by using a niche browser in the first place).
Firefox exposes a massive amount of identifiable information via canvas, audio device and feature detection methods. There's also active methods to detect private windows, use of the developer console and more.
-window was resized/moved, send a websocket snitch to the backend
- keep a consistent web socket open, or fetch a backend-api call for updates on X events
- more calls are made, means user is probably scrolling, inject more things/different things.
I see some js obfuscators out there where I look at the js file and it's all mumbo jumbo.
It is indeed a privacy nightmare, where whatever we do feeds the algorithms to aide in making other people do things.
But it's also used in network security, organizations etc. Staff/employees will use the system a certain way, if something enters it without the behaviors, it's detectable. I assume that's what you mean in anti-fraud.
Sad part is we don't know what the data is ever used for, and it's often bought and sold and the cycle repeats.
"This will break a lot of websites, but automatically rules out most forms of tracking…"
Whether one breaks a lot of websites or not depends on the type of user one is. People who regularly use the Google ecosystem, Amazon and Social Media etc. cannot afford to break sites for obvious reasons, they too are those that websites are most interested in tracking and fingerprinting.
Those who use the web in the way advertisers and Big Tech intend users to use it are the most vulnerable, they're the ones who most need protection.
I break websites regularly but it doesn't worry me, I browse with the premise that there are more websites on the internet than I'll ever be able to visit and if I break sites or are blocked by paywalls then there are usually alternatives and workarounds.
But then I'm not a typical user, I block ads, I usually browse with JS off, kill cookies, use block lists, use multiple browsers (there are six on this deGoogled, rooted phone), browse from multiple machines—Windows, Linux and use multiple ISPs. Also, I've no Social media or Google accounts and rarely ever purchase stuff online. Internet access is via dynamic IP addresses and routers are rebooted often. There's more but you get the picture.
I assume browsing sans JS makes me a first-class target for fingerprinting and that websites know about me but it doesn't matter. Whatever I'm doing seems to work, over the years I've had very little trouble doing everything on the web that I want to do. Clearly I'm of little interest to advertisers and I never see ads let alone targeted ones. I used to use uBlock Origin but I don't bother now as browsing sans JS is just so effective at blocking ads.
I'm lucky in the fact that I use no service that would benefit from fingerprinting me. Whilst my web browsing is atypical of most users I reckon many could benefit by being more proactive—using multiple machines, browsers, ISPs etc.—to disrupt the outflow of personal data. For example, this is being written on a rooted Android using Privacy Browser from F-Droid sans JS and with block lists. If I really need to go to a site where JS is required, I can simply hit a toggle and turn on JS or alternatively use another browser.
There is also server side fingerprinting like JA4+ and others. Also, if you somehow evade fingeprinting, you have to prepare yourself to solve some very slow Google and Cloudflare captchas.
So there seems to be some confusion around fingerprinting related to identifying characteristics and tracking. These are two different things. Setting your timezone to UTC, masks that one characteristic of your "identity". But there are better signals for location than timezone, like GeoIP. Same with hiding capabilities. All this does is make the web harder for you but it doesn't make your untrackable. Trackability comes from a combination of factors both within and out of your browser's control. If you share your IP with a family of 4, and you go changing your request headers you are only making yourself MORE trackable. The fact that one request comes across with UTC as a timezone and others come back with EST or other timezones, means I now can track a single user on this single IP. This is made worse if you and your family are using different browsers or different devices.
So what do we care about? If you care about being untrackable, then you have a couple of options, rotate VPNs, or cycle your public facing IP often. Additionally, every request you make MUST change up the request headers. You could cycle between 50 different sets of headers. Combine these two and you will likely be very hard to fingerprint.
If you only care about being identified, use Tor + the Tor browser which makes A LOT of traffic look identical.
Self-plug but if anyone is interested in learning more about how browser fingerprinting works and the different protections browser makers deploy against it, I wrote a longer post about this a few months ago: https://pitg.network/news/techdive/2025/08/15/browser-finger...
I agree with the points in the article. Fingerprinting of any kind is a major risk for personal freedom. At the same time I want to make sure that content creators are compensated for their work. Ad firms that employ fingerprinting stand between me and the content creator. That said, I'm not going to pay $5/month for every blog that I occasionally read. The ad based model provides a more streamlined approach to compensation, but at the unacceptable price of privacy. I'm not quite sure what the answer is.
I have a gut feeling that we've been tricked (by ad companies) into thinking that this is somehow realistic and that casual "content creators" can get meaningful money from us reading their articles.
Realistically, while professional content creators can make a living, writing a blog post every once in a while will not provide meaningful income. Instead of trying to "monetize" everything, we would be better off with free content like on the internet of old. There are other means of making money.
It seems that the current situation means that the "content creators" earn insignificant money, while ad companies earn huge money because of scale, and we all somehow keep believing that this is necessary for content to appear.
You mean I shouldn't make a comfortable living off my valuable HN comments? I was about to consider this comment a good days work. Maybe if I put this comment on my own webpage it would be more valuable?
What if it could? Or should (be able to produce FTE or close income)?
In that world, the amount of pointless shite - questing to “go viral” - would be reduced to near zero. That is, if the incentive were more quality, and less quantity, we’d be better off, yes?
That's tempting, but I still don't think it should. There would still be the quest to go viral. "Quality" would still be determined in the aggregate, which means that your income depends on appealing to the widest audience possible, which means high quality niche bloggers still don't get paid much.
Metrics are hard. Just making sure they reward one particular desired outcome doesn't mean you'll escape the unintended consequences.
Also, note that we are past the point of being able to reasonably able to manage any of this. Today, you'd need to come up with a reward function that cannot be maximized by AI. (And lest you think you can fix that by using site visitors to evaluate, most of them will be bots too.)
So there's an element of truth to that. And there are those who can contribute enough value, have enough audience, etc., that they can "coast" on those 2 blog posts a month and make significant income...
... but that's also not, nor should it be the median. I'm not sure how the economy functions if, say 8h/mo effort generates a median living wage.
Without any transactions or user tracking it’s difficult to separate ‘legitimate’ content farms from those using bot farms to boost their page views.
Print media was also trying to guarantee their audience was an actual person by charging nominal fees, the difference was how much info required to do so.
Yes seriously - I'm old enough to have enjoy reading magazines that had ads throughout them. They were fine.
I'd venture to say contextual advertising would be more effective than whatever we've been trying to squeeze out of fingerprinting etc. All this supposed "data" they are gathering feels like a scam perpetuated by ad companies about how important it is to the people who buy ads. It's not.
Even Facebook and Instagram, which pretty much should know you to a tee is completely ineffectual at advertising to me - like at all.
Same here. By the time I was old enough to have an income, reading comics had already made it possible for me to -not even see any- advertising. That carried over to newspapers, magazines... all those advertisers were wasting their money.
Later on in life I got pissed at cable-TV advertisers shoved into my favorite movies every 5-10 minutes ... ruining any ambience or artistic merit in them ... so I got rid of cable TV. By the time analog TV went away, I'd got rid of my television set. No return address on an envelope? junk mail, into the garbage unopened.
Now the pollution's ruined the 'net ... it's YouTube (re-routed) and some websites (blocked). So long, boing-boing and wired and your 'native ads'. Sites demand subscription? blocked. How much longer before advertisers realize how much they're getting ripped off?
Odd. In the midst of a (well-deserved) anti-ad rant, you throw in the primary non-ad alternative and discard it.
> How much longer before advertisers realize how much they're getting ripped off?
A while longer, if the same people who reject ads are also the people who reject alternatives to ads. The advertisers can safely ignore those people's opinions.
(I'm not saying subscriptions are the answer. I don't have an answer. I'm just saying that companies wanting subscription money is not part of the problem where companies want to shove ads in our faces 24/7.)
The main “problem” with contextualized advertising is that the people producing the content get a larger share of the ad spend.
Targeted ads concentrate control over the market into a few players, which can do things like acquire competitors or run them out of business with loss leaders.
With AI, the supply of ad real estate will go to infinity, so the only thing that will matter is the quality of the places the ads run.
This would be a good time to ban targeted advertising, or for the content producers to form a cartel that only purchases contextual ads.
That cartel will probably be even worse than what we have now, since it’s going to be 2-3 mega conglomerates like Disney, and they already have handed editorial control over to the White House.
Hopefully the invisible hand of capitalism will somehow fix this.
Do you see how the discourse has been shifted here? Some of us have nothing against ads per-se. We care about tracking.
How does tracking me and invading my privacy make ads perform better? In my case it does not. As the tracked ads are usually worse as they will keep advertising me things I don't need anymore. Context based ads worked fine in the past and I don't really see why they cannot.
Also why does every web store need to show me ads? Don't they make money out of selling things? If they really have to, do they have to invade privacy? This is like walking into a physical store and them doing facial recognition, then showing you tailored ads/inventory. That feels creepy to me.
> How does tracking me and invading my privacy make ads perform better?
If you don’t want to be tracked, you shouldn’t be, but how could it not? At a very simple level, an ad targeted towards a 50 year old woman isn’t going to be the same ad to show a 14 year old boy. Different people like different things and ads targeting you as an advertising profile are going to be better than ones that aren’t. You may not like the targeting and think it's invasive, because it is, but let's not pretend the tracking doesn't do something.
> I'm not going to pay $5/month for every blog that I occasionally read
Would you pay per view? Most people (me included) would probably hesitate to say yes, because we’re used to not paying for that. But what if it meant that ad based model is gone and everything you buy is cheaper because the price does not include the cost of running ads?
> what if ... everything you buy is cheaper because the price does not include the cost of running ads?
Except in practice we see the opposite.
There's something interesting going on with companies when they want to get paid directly versus by ads: they demand 3x - 4x or more for subscriptions or pay per view versus what they make from ads.
Easiest place to see this is ad supported non-linear TV in the years you could get without ads, or with ads. You pay significantly more to not see the ads, than they make from the ads.
Perhaps this is justified because ad-free subscriptions reduce the audience size for ad buys, but when you look at the numbers watching with ads versus paying, it wouldn't seem like the "no ads" buyers make a dent in whatever pricing tier.
In the 90s when we were young and naive, we imagined a library card model, with a library fee and then you have fractions of a cent cost to read a post, and using (hand waving) technology to uncouple viewing history from payables to content creators. That, or the British TV license model, an Internet license of some kind.
It's curious to me the ad networks haven't gotten together to preemptively offer this. Arguably Brave tried, but from an adversarial (to the ad companies) stance. It would work better from the inside with a simple regulation: if you serve ads for ad-supported content, you have to participate in the library card system at CPM rates no greater than you receive for ads to skip the ads for card holders.
This is price discrimination. Everybody would love to charge more money to rich people and less money to poor people, since that increases the total profit.
The only companies that we directly allow to do this are schools, but having a premium version lets you approximate this.
That's because you usually pay via credit card (or some other financial mean) which is cumbersome (and may be illegal) to spoof. But yeah, it can be hard to justify a subscription when it's the price of a full meal. Especially when other essential subscriptions (electricity, water, internet, cell services,...) is straining your monthly budget.
The PPV model has been tried a bunch of times, and it always turns out that the rate people are willing to pay per view is not a rate that is high enough to be a viable revenue source for the content owners.
it takes a lot of $0.10-$0.25 views to make up for the loss of a $5/month recurring revenue stream that might last for years.
The fact that advertising is more profitable doesn't mean that the PPV model is not viable. It could certainly be so. Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
The problem is skewed incentives, of course. Advertising is acceptable to most users and easy to integrate, so why should website authors go out of their way to please a minority of their users who object to it?
>Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
you're describing the model of a product called blendle, a service which i loved but which totally failed. they failed to attract users, and they failed to attract publishers. this isn't some new idea that nobody had tried. it's been done. and it failed, not just for blendle. people have tried micropayments, they've tried subscriptions, if you can imagine a PPV model, it's probably been tried. readers and publishers both hate it.
Do you think the fact that NO major content websites (NYT, substack, WSJ, ...) have settled on a PPV model is simply because they haven't thought of it? Or is it more likely that the numbers absolutely do not work?
No one uses the PPV model because there isn't sufficient payment infrastructure (402 payment required). The friction for entering your credit card information into a website is ridiculous, you might as well target the high end of the market with a monthly subscription.
The PPV model, like Ads, works well for websites that you're not well associated with. Random blogs and websites that you otherwise wouldn't be willing to share your credit card info with.
I think it might be because with ad model you can sell profiling data many times over to different parties. You can’t do the same with a single charge.
I can't speak for all web sites, but I reckon a combination of factors could explain why such a solution hasn't been deployed:
1. Advertising is ubiquitous, easy to integrate, and provides a safe revenue stream.
2. There is little to no infrastructure for the PPV model. Whoever builds it would need to maintain their own version of it.
3. People expect the web to be "free". This is even true within technical crowds who understand that it's really not free. And a large part of that group doesn't mind advertising.
So, really, it would require a substantial amount of effort to implement, it would add additional friction to users, and ultimately only a minority would appreciate it.
Had this model been in place from the beginning of the web, things might be different today. Alas, if my grandma had wheels...
Have any of them actually tried it though? If they have and I missed it, then I apologize, but I can't recall the NYT letting me read an article for $1 with zero friction via Apple or Google Pay or Stripe link or something. It they tried it and the numbers didn't work, that's one thing, but I don't recall that happening.
Doing it via conventional card networks won't work, the fees would eat most/all of the payment.
A critical mass of publishers would need to team up and form a cooperative/etc where a user could register once, deposit some money, and then that money would be spent every time they view an article. But that requires cooperation between competitors, which is already hard enough, and the cancer that is the advertising industry wouldn't like this potential existential threat and would be more than happy to pour fuel onto the fire to ensure it never succeeds.
What's surprising is why the card networks themselves don't get in on it. They could do so in a completely backwards-compatible manner, introducing a new card number range that only works with transactions under a certain amount and have different fraud protection/chargeback rules.
WSJ was available on blendle (pay-per-view microtransactions). Washington Post was available on scroll (monthly subscription, divided up amongst the publishers you read each month). neither service still exists.
i don't believe NYT has ever tried a pay-per-view model.
At the risk of pedantry, though it's still germane to this context, that's more the Tidal model than the Spotify model.
Spotify's model is more that your monthly amount gets disproportionately redistributed to the artists that bring more interest and listens to Spotify, regardless of whether you were one of those listeners. Smaller and niche artists suffer under Spotify's model.
You're presupposing that these blogs are producing content worth paying for. The unfortunate truth is that the overwhelming majority of blogs (99.9%+) are not.
Then why is everyone so nostalgic for the old days of the blogosphere to return? If blogs are all worthless, then we shouldn't care that they're disappearing and/or being put behind paywalls; we haven't lost anything.
I blog for my own satisfaction, and my blog has no ads on it, and I don't charge visitors. I'm happy to have a few dozen readers.
That's what people are bemoaning the loss of: the before times, when people did interesting stuff without regard for whether it could be monetized or not.
Yes, but only after viewing, of else I'd pay for "editorial" or AI generated slop which would be generated like link farms pointing to Amazon etc.
And that's the chicken-and-egg problem ...
In theory that could be resolved by registering for free at reputable sites and then paying per view with micropayments. Or by a scheme where one would register and only pay when I actually did read stuff, not with the currently en-vogue monthly fee for each and every site.
Hard to say, there's no shortage of enticing looking medium articles that are superficial and worthless. I would not pay per view that trash even though there are good ones buried in the pile.
Brave Inc. gets a lot of flack, some warranted, but their Basic Attention Token allows for exactly this. Users can add credit to their wallet by either consuming privacy-friendly ads or topping it up manually, which then gets distributed to the sites they visit in the proportion they choose, transparently in the background while they browse.
It is a shame that this feature gets lumped together with claims of crypto scams, and similar nonsense. Yet this is precisely the right model that could work at scale to eliminate the advertising middleman, and make the web a safer and more enjoyable experience for everyone.
Brave strips out the ads that the creators put on their site, puts their own ads there, then gives the creators some of that money if and only if the creator realizes they have to sign up for Brave's cryptoshit. It's straightforwardly the kind of racket that would get your knees broken if you tried to do it to somebody in real life, but "it's ok because it's on computers". All the flak is deserved.
But then again, online ads are the physical equivalent of a crowd of paparazzi following you 24/7 including inside your home, which would also prompt physical violence in the real world.
From my perspective I couldn't care less if one bad guy is stealing from another bad guy.
It's frustrating that humans are stoichastic parrots and the minute you mention crypto they go into conniptions because the rails are basically there. It's not user friendly, but it's possible to build a system where you transfer $0.05 cents of crypto to someone as you scroll down a web page using a special browser.
This is exactly what I want. I don't really care to subscribe to most written media (I do in some cases) but once in awhile an article grabs my attention and I would shell out to read it.
The Ad model is exactly the problem. If you had anonymous, cheap micropayments where you pay 1 cent per pageview it would not just solve the surveillance problem but it would solve the DDoS problem too (you set up a web server where the price increases with load and clients bid for bandwidth).
Sadly, I think you are wrong. Micropayments seem attractive but the idea falls apart quickly - there are just too many intractable non-technical problems. It has been tried more than once and each effort has failed.
I wrote a longer post on this[0] but to save you the click I will state the biggest problem from a privacy point of view - if you think privacy is bad now with ads imagine how much worse it would be with a payment processor knowing your every click.
Yes, I know about certain cryptocurrencies that maintain privacy, they are a non-starter for micropayments for different reasons.
Even if a magically technical solution to privacy were to emerge there is nothing more valuable than information about paying customers and sites would use browser fingerprinting anyway.
I think it is a technical problem. If you could integrate payment channels on top of private cryptocurrencies that would be enough. Even without the lightning network and just direct 1-to-1 payment channels, it would work.
The article you lists assumes a "conventional" credit card system with chargebacks, massive fees, etc. which makes micropayments ecosystem impractical in the first place. Proposals for micro-payment systems usually describe a way top enable low-fee payments.
The author doesn't take into account modern cryptocurrency tech like payment channels. I really doubt that payments have a natural fixed floor of 10s of cents - Payment providers charge these fees simply because they are in a natural monopoly position, thanks to lock-in and regulation. The need to control fraud is caused by regulatory requirements, which are in turn caused by monopolization.
Despite being technologically less efficient, even traditional cryptocurrency payments are cheaper than bank transfer fees due to competition and low regulation.
Secondly, you assume that no one wants to do micropayments. The infrastructure doesn't exist for it yet. If you don't build it, they will not come.
As for browser fingerprinting, it can be solved on the client side with enough effort. Look at tor browser. Just have a system where cookies, WebGL, etc. are opt in on a browser level in the same way that WebUSB is. Artificially limit the performance of javascript to prevent bench-marking. I think it is possible to solve this architecturally.
> If you could integrate payment channels on top of private cryptocurrencies that would be enough.
That “if” is doing a lot of heavy lifting there.
But my point is that even if a magical technical solution existed tomorrow then the same sites that collect data for ads would continue to do so for the much more valuable data on paying users.
People have been hacking on this "if" for a while, and I suspect we will break through to the other side eventually, probably by the end of the decade. The problem is really just that cryptocurrencies like monero want to minimize their use of scripting, because transactions with scripts are a heuristic that can be used to de-anonymize you. But payment channels require some sort of timelock, in bitcoin this is done with HTLC script.
There have been a number of proposals, I think the oldest is DLSAG: https://eprint.iacr.org/2019/595.pdf There are other ones based on time-lock puzzles, but those have always been kinda crappy.
It may be possible with some ZK magic I'm unfamiliar with. But the core of the problem is that we need to find a way to make a transaction valid but only after a certain block height, and make it so that validators can't learn any specific heuristics about the transaction (like what the block height is exactly).
>But my point is that even if a magical technical solution existed tomorrow then the same sites that collect data for ads would continue to do so for the much more valuable data on paying users.
Sure, but after the micropayments revolution there will also be a change in the types of sites people use, enabled by the new form of monetization. You could rely more on people posting things like videos to their personal blogs and interlinking them instead of having to shack up with one of the few sites large enough to support ad-funded monetization. The internet would have a basic spam-resistance function, so it would be less reliant on the existing players to gatekeep (for example, email, forum moderators, etc).
I think it would be more competitive. Let's say you have a site like twitter that says "now that there are micropayments, we will charge you 1 cent per pageview AND force you to login and collect your data", well then you will have a competitor like xcancel.com which can charge 2 cents per pageview and not require login. The market would decide what the best model is. Right now proxy sites like xcancel have to do it for free. Even if they wanted to run ads, the ad market isn't competitive in the same sense because it is more profitable for larger players.
I think you mention in your blogpost that no one would want to support micropayments because of piracy. I consider this a massive advantage of the micropayment system. It's pro-piracy by default. If you look at the origins of ad-funded sites like youtube, they started out as hubs of (light) piracy. The content of social media sites should be pirated and mirrored: they are just getting rich off of network effects in the first place. If you combine micropayments with some sort of bittorrent-like system, this could be very powerful. Imagine a decentralized archive site, where you take advantage of TLS to archive a verifiably timestamped version of a page, and anyone else can send you money that is conditional on you providing them a copy of that archive in return.
Micropayments don't fund the development of new intellectual work, but they let you recoup the cost of bandwidth. He who does not host, also does not earn. If you want to fund the development of new work, I think you need patronage. We are already seeing this with a lot of videographers from youtube depending mostly on sites like patreon and donations from dedicated fans. In a micropayments world, you wouldn't have sites like patreon taking a cut. Aside from just having ~0.1c micropayments-per-pageview, you could have very easy p2p "mini-payments" on the order of ~$1 in exchange for donation rewards.
With less money in the annoying ads economy, google and others would have less power to alter the web standards to their whim, and we could claw back features that enable fingerprinting. I don't know, that is just my dream.
I read from too many different sources through aggregators like hackernews. With a network you'd probably still have too many subscriptions.
Also wonder if it will really work out, i open too many articles that are pretty bad when you start reading them. So i quit after 1 or 2 paragraphs.
Now if you get the first 2 paragraphs for free, contents writers will start to optimize for good first 2 paragraphs, and afterwards quality will drop. Also, many blog posts or news articles don't have more than 2 paragraphs of good content.
Eh, that's too expensive unless the recipient can authorize refunds for non-spam emails.
But yes, I always thought some form of network syndication would emerge on the Web, where creators could register for their share of aggregated periodic payments made by users.
Still not sure why that's not a thing. I would pay $50/month to a syndicate in return for never having to deal with paywalls on any sites affiliated with them. But only as long as the vast majority of sites participated, and that is probably the showstopper, I guess. We'd end up paying 20 different 'syndicates' for absolutely no good reason, just as we now have to deal with 20 different streaming services.
Ads are annoying, but they are ok, what is not ok is collecting data and then selling it, so they can profile you without your consent across different platforms.
They don't get $5 per month from ads. So the true subscription price must be a lot lower.
One option: a fund where you buy tokens, that you can spend reading an article. That will, however, lead to more clickbait and AI slop and snowing under serious blogs with low volume.
how about donating to the creator directly? not subscription, just occasional donations whenever people feel like it - content is more widely available, and people who really enjoy it or are well off can actually fund the development
Yes, but you need a scalable and low-friction donation solution. Patreon is the closest but it doesn’t pay the bills for most creators. Maybe some micro-tipping solution, but nobody has made that work yet.
No one has made a successful micro-tipping solution, because regulations and entrenched interests (banks, payment processors) have too much control and assess per-transaction fees that dwarf the amounts that such a system would be designed send.
Aggregation of tips and payouts would help, but that requires network effects (achievable only at scale) to be viable. I believe this approach has been tried in recent years, but I am not sure where those efforts went.
If someone puts a donate button beside their name or in the corner of their webpage, and that button leads to a payment page, I think that's good enough.
The point of paying creators is so that they can focus on creating content instead of making other things. Giving money to a creator is basically saying "you're so good at what you do, and it has so much cultural/intellectual value, I'd rather have you make content instead of stocking shelves or making food". But this should be reserved for people that publish good content because they can and are passionate about it, not just anyone putting out slop with the instrumental goal of paying their bills. If the friction of clicking a button and filling in payment details is enough to deter people from paying them, then maybe their content isn't worth paying for and they should find some other way to make a living instead.
It reminds me of a game we played with students of data classification algorithms like ID3: How many yes/no questions do we need to uniquely identify everyone in this room?
With like 12 students, that's 4 bits, and it often ends up with 2-3 questions. It starts off with the obvious ones - man/woman/diverse, but then a realization comes in: An answer usually contains more information than just that one bit. If you have long hair, you're most likely a woman and/or a metalhead for example. That part will get shaken out later on.
And those thoughts make these browser fingerprinting techniques all the more scary: They contain a lot of information and that quickly cuts the possible amount of people down. Like, I'm a Linux Firefox user with a screen on the left. I wouldn't be suprised if that put me in a 5-6 digit bucket of people already.
> An answer usually contains more information than just that one bit.
That means there is less information in the question "do they have long hair?", not more. Asking "long hair?" and then "woman?" is probably, in most groups, roughly the same as just the first or second question alone. So the second question added much less than one bit of information because the answer is probably "yes". "Long hair" and then "metalhead" is the same, except that the answer to the second question is probably "no".
Yes/no questions on average contain the most information each when they partition the remaining possibilities 50:50. Then each answer gives you exactly one more bit. The closet you get to either a 100:0 or 0:100 yes:no split, the smaller the fraction of a bit you encode in the answer.
"Metalhead?" usually gives you lots of bits of information (probably 4 in an "average" group of 16 containing at least one metalhead) if the answer is "yes", but on average that's outweighed by the very high chance that the answer will be "no". If there are no metalheads or only metalheads, it gives you zero information.
Ah, I flipped it in my head. That happens after 10 years.
In this case, it was often an interesting exercise in bias as well. "Woman?" would usually single out 1-2 persons out of the 15, so it was a terrible question. It was CompSci after all. "Long hair?", lumping women and metal heads into one group would often split it into half and half. That was much better, and then spurred creative thoughts like travel distance, or bus stations.
Yes, but you can make assumptions based on what you know about humans generally. Like their example that if you ask if you have long hair. If you answer yes the likelihood is you are probably female.
You can think of all sorts of questions and answers like this, and when you combine with the assumptions and answers from previous answers you can make even more assumptions. They won't always be correct, but you don't have to be "perfect", depending on your use-case. For example for advertising purposes assumptions(even if incorrect) can still go a long way.
There is a reason Target got sooo good at identifying pregnant women[0] before the women knew they were pregnant that they creeped out women, and had to pull back what they did with that information. This was like a decade or more ago. It's only gotten more accurate since then.
Even if that one particular instance is false, I seem to remember Target saying their model was too accurate and they were changing how they did things. i.e. Target admitted to predicting pregnancies very well.
Why would they do that, if they didn't think their system was that good?
> Target got sooo good at identifying pregnant women
That's why I pay with cash and do not have a loyalty card (other customers often offer theirs at cash register anyway). And of course I don't even go to Target.
I don't know if Target specifically use all of these, but I would bet they have data based on at least some of facial/gait/demographic recognition, wi-fi/Bluetooth beaconing, vehicle registrations, time and location tracking, statistical analysis of your purchases and clustering of people you have made purchases next to (e.g. you bought something at same time and till as your mother more then once). I'm sure they have other methods too. They can also combine datasets from brokers that do have a face:name link (say you used a card at another store that captured it and sold the data) and resolve you within their own data that way.
It's still a yes/no question, it's just that the question is "do you have long hair".
The goal of these decision trees is to have as few questions that divide the group in two balanced halves (and also recursively).
If you imagine a binary tree with questions in each internal node, and in each leaf there is a person. You want the height of the tree to be minimized.
Yes, but multiple yes or no questions in combination can easily yield more information than they should in a real dataset. That's the real educational point.
You seem to be confused about the difference between "less" and "more". In general a yes-no question gives less than 1 bit of information if yes and no are not equally likely. There is no way it can be expected to give more.
> There is no way it can be expected to give more.
It is indeed not possible for it to give more, because it only has a single bit answer, which by the pigeonhole principle can't give you more than one bit.
The best yes/no questions are the ones which are independent of each other and bisect the group evenly. "Are you female" is typically good because it will be approximately half the population. Then you want independent questions that bisect the population again, like "does your first name have more than the median number of letters" which should be mostly independent of the first question. Another good one is conditional questions like "are you taller than the median for your sex" since a pure height question wouldn't be independent of sex but that one is.
Whereas bad questions would be ones with highly disproportionate responses, like "do you have pink hair with black and green highlights" which might be true for someone somewhere but is going to have >99% of people answering no, or "were you born on the planet Mercury" which will be 100% no and provide zero bits of information.
The article is missing links to one of the first fingerprint diagnostic tools, https://coveryourtracks.eff.org/ , formerly called something like panopticon.net.
On articles like this always I see a lot of people bragging about how they’ve pimped out their browser(s) to make themselves “untrackable” (or proposals to make new ways of tracking impossible) but nobody ever brags about how lack of “tracking” has positively impacted their lives.
I do block ads on the web with UBlock Origin because there’s no pay option to opt-out of it and ads ruin the experience. But I don’t give a fig about tracking. Change my mind. Why would the average person enjoy a better life if they became untrackable on the Web?
The average person probably won't notice or care otherwise this would be a much more publicized issue. The average person also doesn't care that their refrigerator and television phone home, their calls and data are slurped up by the NSA, and their location can be tracked through their cell phone and vehicle movements.
However, just because the average person doesn't notice and doesn't care, it doesn't mean that their life can't be ruined at some point because of these things. You never know when you're suddenly going to be targeted for something you may or may not have done.
People being untrackable in general ensures that folks who need to be untrackable are more easily able to achieve that goal --- the world is a much darker place if journalists are hindered in researching stories.
I think about this sometimes as I do a lot of things attempt to protect my privacy and keep control of what I’m paying attention to (ie not doom scrolling / shorts, carefully controlling notifications). So I make a lot of sacrifices including my time in order to maintain control over my technology.
I think it’s not possible for me to say if my life is really better, because it’s the whole road not taken thing. It’s not possible to know and so it’s not worth agonising over, but I’m choosing to live according to my values at least, and that seems valuable.
Whether or not they would enjoy a better life doesn’t matter if there’s no way to avoid your assumed preferences being tied to your devices, and for it to know the preferences of those you spend time with, those you work with, where you go, etc.
Though, from what I understand, overall the fingerprinting success rate is only about 30%.
Is this before or after ICE became a $150B secret paramilitary beholden to a corrupt authoritarian with a large cohort of sycophantic tech billionaires?
> nobody ever brags about how lack of “tracking” has positively impacted their lives
This reminds me of the anti-vax logic a tad in that they lack the imagination on the seemingly obvious effects of their ideal world.
Being indifferent to companies and political parties (which becomes your Gov't when voted into power) indirectly states that you are indifferent to others attempts to influence you and/or foolhardy enough to believe that all of your beliefs consistently originates from objective personal experience.
I have one! Because of my anti-tracking measures, all social media platforms still don't seem to have a profile on me for content preferences, and so fail to show me the hyper-curated slop they do to everyone else. What I see instead is a classic feed of the best content generally trending across the world, pre-2010 style. That's one way it has impacted my life.
Another way is the security and peace of mind it gives me while living in a country that has a behemoth population of bad actors online. Everyone I know has fallen to at least one targeted cyber-scam or the other. I haven't.
The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
The problem is not JS, the problem is useless techonolgies like WebRTC or WebGL that can run without permission and that, I think, are used in 99% cases for figerprinting. And people who designed them and did nothing to prevent fingerprinting.
Neither WebRTC or WebGL are remotely ‘useless’. Very fair though to say that you would prefer to have them disabled and/or whitelisted for certain sites.
>The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
It really isn't, because there's plenty of fingerprinting scripts that run on the same domain, especially fingerprinters from security providers like cloudflare or akamai.
Oh yeah. He's been telling us for decades how technology will be used to oppress people. I guess he had the experience of how things turned out with UNIX, and knew first hand how hard he had to work to even have a chance at undermining them. What he did at a time was build something from scratch which was compatible with the UNIX interface. These days I would call that a lost battle.
Imagine if you said: I'm going to undermine facebook by building another social network which will be Free software, and will be compatible with facebook. I'll federate facebook whether they like it or not, and I'll do that by reverse engineering how facebook servers talk to each other. That wouldn't work because it takes you huge effort to pull off, and it takes facebook zero effort to change the interface in a tiny way that breaks everythign for you. (Ok the analogy isn't perfect, but hopefully you get the idea of diminishing something's value by forcefully opening it up)
But he hugely contributed to win a battle like this in the late 80s, then Linus Torvalds came in and finished the job in 1991 or so. RMS doesn't get the credit or even appreciation he deserves. I think he's one of the most tragic figures in the history of computers.
Does he have a strong stance of JS in the browser? In any case, I don't think many people would agree that the dubious extra privacy you gain from blocking that is really worth breaking half the web. Fingerprinting is not too hard even without JS.
I would re-frame "is it really worth breaking half the web" as those sites are not compliant to begin with. Nothing in the web standards stack mandates javascript, its an optional feature! Web developers of yore understood that a fundamental property of a properly written web site was to degrade gracefully if javascript wasn't available, but the groupthink of the past decade has chosen weaponized incompetence over doing their jobs and in the process has not only thrown a load of noncompliant insecure garbage out there, but broken a load of accessibility standards, and other things in the process.
Blocking most JavaScript is fine, it mostly just breaks the silly pointless over-designed sites anyway. Just like everything else, most of the internet is garbage; blocking over-designed JavaScript sites isn’t a perfect filter but it is an ok first heuristic.
For a fingerprint to be useful it must not only be unique but also persistent. If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
Point still taken, however you can only really check if a given font is installed, not obtain a list of all fonts. Thus, installing a wacky font is pointless as the fingerprinter won’t bother to check that particular font. There is queryLocalFonts on chrome but this requires a permission popup.
> By following users over time, as their fingerprints changed, they could guess when a fingerprint was an ‘upgraded’ version of a previously observed browser’s fingerprint, with 99.1% of guesses correct.
>If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
Services with a large enough fingerprinting database can filter out implausible values and flag you as faking your fingerprint, which is itself fingerprintable.
The problem we’re falling into under this (ostensibly accurate) point is when we start making this a game, where fingerprinting is either “100% effective and insidious”, or “can’t be 100% certain 100% of the time, so it’s ineffective and nobody will use it against me”.
The point is that a sufficiently motivated actor could use a very broad array of tactics, some automated and some manual, to identify, observe, track, and/or locate a target. Maybe they can’t pin you down with your browser fingerprints because you’ve been smart enough to use tools that obfuscate it, but that’s not happening in a vacuum. Correlating one otherwise useless datapoint that happens to persist long enough to tie things together at even low-ish confidence is still a hugely worthwhile sieve with which to filter people out of the possibility pool.
The problem isn’t that it doesn’t affect most average people, or that it it’s terribly imprecise. The problem is that it’s even a little effective, while being nearly impossible to completely avoid. It’s also a problem if that’s used by a malicious state actor against a journalist, to pick a rather obvious example. Because even in isolation, this kind of violation of civil liberties necessarily impacts all of society.
The public should be given more information and control, broadly speaking, for when they are asked to trade their rights for convenience, security, and/or commerce. In particular, I think the United States has allowed bad faith arguments against regulatory actions and basic consumer rights so corporate lobbyists can steamroll any chance of even baseline protections. It would behoove all of us to be more distrustful of companies and moneyed interests, while being more engaged with, and demanding of, our governments.
But they still wouldn't be able to confidently connect his different fingerprints to the same individual, just that he is one of a group of individuals who fake their fingerprints.
It would depend on what your existing fingerprint is. If you're using some sort of rare browser/OS/hardware combination (eg. pale moon/gentoo linux/IBM thinkpad) it might be worth spoofing, but if your configuration is relatively "normie" (eg. firefox/windows/relatively recent intel or amd cpu/igpu)you're probably making yourself stick out more by faking your fingerprint.
The issue is that, especially on desktop, I doubt there are many fingerprints that more than 100 people have, given everything that they test. I would even suspect that most common desktop fingerprints are classified as bots.
It's likely that yes, you will end up with an alias that links you because of a cookie somewhere, or a finger print of the elliptic curve when do do a SSL handshake, or any number of other ways.
The ironic thing is that because of GDPR and CCPA, ad tech companies got really good at "anonymizing" your data. So even if you were to somehow not have an alias linking your various anonymous profiles, you will still end up quickly bucketed into a persona (and multiple audiences) that resemble you quite well. And it's not multiple days of data we're talking about (although it could be), it's minutes and in the case of contextual multi-armed bandits, your persona is likely updates "within" a single page load and you are targeted in ~5ms within the request/response lifecycle of that page load.
The good news is that most data platforms don't keep data around for more than 90 days because then they are automatically compliant with "right to be forgotten" without having to service requests for removal of personal data.
The real problem: if you can’t be identified, the system assumes you’re a bot, untrustworthy, or both and instead of reading content you get to select squares with buses and traffic lights ad infinitum.
I want a spoofing tool. How would one go about sending all my browser's traffic through a proxy that swapped out fingerprintable aspects with those of selectable presets of the most common browser configurations? It'd help to be able to bypass certain details for a whitelist domains that actually needed granular exceptions. Most websites don't need this data for serving you.
I still haven't found a method that can fingerprint simple Firefox containers. I use automatic temporary containers as a rule, and rules for specific sites where I want to keep persistent sessions.
I don't understand how temporary containers are still not a built-in Firefox feature, it seems like such a no-brainer solution for privacy.
What I don't get, all this data is reported by your machine - why isn't there a tool/browser fork that allows spoofing a (fairly) complete realistic profile, with some sane presets like Edge/W11/Thinkpad or Safari/macOS/M4? Is it too complex, would it break too much, or am I just unaware?
Best among existing. Anti-fingerprinting field is still in it's early stages.
I wouldn't say Tor Browser is the best because it requires custom configuration to be usable conveniently, which will make the connection non-uniform (and the user will stand out).
>Tor is pretty good for protection. Then there's always i2P as well…
Tor and i2P does nothing for (anti)fingerprinting - the program which render the web pages does.
>Saying one browser can protect the best is pretty hard to prove.
> Worst of all, perhaps, it can extract a canvas fingerprint. Canvas fingerprinting works by having the browser run code that draws text (perhaps invisibly), and then retrieving the individual pixel data that it drew. This pixel data will differ subtly from one system to another, even drawing the same text, because of subtle differences in the graphics hardware and the operating system.
I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
Is the implication that there are certain graphical operations that - perhaps unintentionally - end up becoming akin to a physically unclonable function in hardware?
I have heard of such things. The signal is not persistent over time, since it's dependent on eg heat and concurrent operations. But it's there, to some degree, and can be correlated over time somewhat.
Sandboxing in containers and manually exempting specific security tokens is arguably one of the better steps we can take in the immediate term, as are random agent strings and returning fake data for common prompts. Of course that only works in the immediate, because this, like advertising in general, is an arms race at the moment.
This feels like a regulatory question, not a technical one. We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points. The long-term solution seems like it should be severe consequences for data breaches (as in, corporation-destroying penalties for disclosure of PII, including fingerprint data) such that everyone only collects the data they need to provide the service in question and not a single bit more, deleting it as soon as it's no longer necessary. Right now there's no consequence if Google or Meta disclose huge swaths of user data, and thus no disincentive to collecting as much as they possibly can.
Punish the leaking of data, and suddenly you've raised it's cost to the point that casual players will nope out entirely. From there, it's the eternal back and forth of governments waffling between business and electorate interests.
>We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points.
I'm very skeptical of this claim, especially in practice. Contrary to what many fingerprinting sites claim ("you're unique of everyone we fingerprinted!!"), browser fingerprinting can't possibly uniquely identify someone. Smartphones are pretty locked down and there's very few customization options that allow for fingerprinting. In the US Apple has around 50% market share in the US, and there are 30 iPhones models that are still in support. That means if you're an iPhone user in a city of 1 million, there are, on average, approximately 16.6k (500k / 30) other people with the same exact model of iPhone (and therefore fingerprint) as you. As long as you don't do anything to stick out (eg. living in the US but setting Denmark as your locale), you'll be reasonably anonymous.
Often had the same thought, if not shared same opinion. On the other hand, stiffer penalties have the trade off of incentivizing cover-ups, i.e. disincentivize honest disclosure.
And that’s where I’d need other SMEs in the room to help craft policy. Enough of us agree that the status quo is untenable, but we lack a clear vision to change it still. I know where I stand, but I don’t know what I don’t know.
I'm sure it's a privacy issue. But how does this browser fingerprinting harm the user? Maybe it can work like a session cookie used for correlating across different requests from the same user. What's the damage here?
Stupid question but what happens to fingerprinting if you just disabled JavaScript? Sure it breaks websites, but that's what I do with ubo advanced, which I also use to block webrtc, etc. (I really miss umatrix for this purpose). Am I fingerprinted because a site can't run JavaScript? If I use a VPN too?
I did but I don't think I understand how it's that bad, random IP address with JavaScript disabled is 2 data points that can't, as far as I can see, be really helpful in identifying me. Seems like you're fingerprinted anyway so the less you give the better...
Just having JS disabled narrows you down by a lot. Yeah, fingerprinters can't use a lot of their more sophisticated techniques, but they still have a lot to work with as I understand it. I'm no expert though.
Browser data points can make it easy to identify a browser or in some cases even a specific machine, but that doesn’t necessarily equate to identifying a user. What frustrates me is that it takes a service I trusted with my personal data to be the one that attaches an identifier to those metrics. The best practice for privacy is to always keep profiles and identities separated, rotate P.O. boxes, email addresses, phone numbers, and payment methods so that when someone identifies your browser or device, the accuracy of linking it to you stays low. Of course, this approach comes with its own problems...
To extend the closing remarks from a SIGINT perspective, sure some fingerprints are non unique and short lived, have little data. But hang onto it long enough and sure enough some slower data from another band might eventually correlate it with something else.
The last time I looked at this seriously I was trying to find out how much fidelity (if it was possible at all) was necessary to identify someone by their mouse and keyboard input.
You missed one of our best guarded secrets: ja3 hashes and their successors.
Basically, we can identify browsers based on the supported ciphers in TLS handshake (order matters too AFAIK). Then when your declared identity is not matching the ja3 hash, you're automatically suspicious, if not blocked right away. I think that's the reason for so many Capchas.
I built a nice tool to visualize that: https://tls.peet.ws.
Its not that secret anymore though, more and more libraries are starting to allow spoofing for browser tls configs.
There isnt really a cat/mouse game here - once you match the latest chrome, there is nothing to fingerprint
I do not think I understand that website. I see that JA3 always gets changed after refresh, but not sure what JA3 is. Why is it always different, and is it good or bad?
Modern browsers randomise parts of the handshake, which results in an unstable ja3. ja4 and others normalize the relevant details to make the fingerprint constant again.
It tends to identify your platform/browser version, with relatively low granularity. Unless you have an unusually rare OS/browser config, it won't deanon you on on its own. But it can be combined with other fingerprinting vectors.
> Since almost every web browser in the world now supports JavaScript, turning it off as a measure to protect privacy is like going to the shopping mall wearing a ski mask.
I'm going to steal this nice analogy, for when I try to explain this point and some related points.
I switched to the Mullvad browser. The other recommendation, LibreWolf, provides the following warning on install which scared me away: "Warning: librewolf has been deprecated because it does not pass the macOS Gatekeeper check! It will be disabled on 2026-09-01."
FYI I wouldn’t say that the Mullvad browser is any better at anti-fingerprinting than Librewolf. I always point people to http://fingerprint.com/ so they can see how difficult it is to beat even JS based tracking and this doesn’t even get into the server-side methods (i.e. just fetching a stylesheet) of tracking users.
That’s not to say you shouldn’t use a browser that blocks ads etc but I don’t think people should immediately think that they’re not fingerprintable because they’re running these. There definitely needs to be more discussion on the reality of how much these browsers can “protect” you.
tldr -- it's fine.
MacOS Gatekeeper will create warnings about products that are not signed via the apple developer program, which is $99/year
librewolf is an open source product, that is very strictly a "community" libre / FOSS project. naturally, having an individual take up notarization
assumedly, you are using brew -- brew recently decided to stop supporting / deprecate all casks that does not pass gatekeeper checks, for some reason I cannot fully determine.
Why would I trust any software that doesn’t pass the gatekeeper test? Even if it claims to be “open source” with links to some code repo there is no guarantee the binary blob you are running was built using only that code and nothing else.
Sure even with the gatekeeper test you can’t be sure it’s built against only the claimed code but it does guarantee:
1) the binary hasn’t been modified since it was signed
2) the binary was signed by somebody in possession of the private key
3) there is some measure of identification via Apple on who or what signed the binary
4) somebody was willing to fork over $99 to sign the binary
It’s not perfect security by any means but it is something. Otherwise the binary you are running might as well have come from some sketchy email attachment. And fuck that. Why would I want that on my machine?
I get that the $99 might be a hurdle for “non-organized open source” (ie most open source… doesn’t have a non-profit entity to take up the expense and credential management, etc…)… and there are probably ways apple could make it easier for such “collectives”… but ultimately I’d argue that signed binaries are good for everybody. While imperfect, they provide some form of traceability and accountability.
obviously it’s not a 100% guarantee of being fuckery-free. The private key might have been compromised, the appleid might have been hijacked and the developer program might have been enrolled with stolen credit cards… but it’s still a hurdle to filter out a large swath of low effort nonsense.
Sure but most people aren’t going to do that. It automatically limits the audience willing to use the software.
This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface…
The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key.
So for Linux, generally you are installing packages from your distro's repo so they are signed by the repo itself. I would have assumed that it would be the same on Mac with brew/macports/etc signing the code, but from what you are saying I guess not, I don't see why.
Edit: Apparently Brew doesn't sign stuff because they don't trust the code they are being asked to sign. Apparently you can just get brew to build the package locally with `brew install --build-from-source librewolf` though which is useful.
On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.
The article rants about how turning off JavaScript is actually harmful because it makes you more fingerprintable, then in the same breath recommend switching to an obscure browser nobody else uses?
If you want to avoid being uniquely identifiable stick to Chrome, signed into a Google account, running on a PC from Best Buy.
seeing projects like https://github.com/jonasstrehle/supercookie kind of fill me with a dread about just how many holes would need to be plugged in the web for "privacy" to be assured, and how that would degrade my experience as an end user
when PayPal tells you that they already know you and don't require you to log in: that's fingerprint.com behind the scenes.
There are pros/cons.
It should be obvious by now that using any free service of scale is being paid for by your interactions which are made more valuable through fingerprinting.
Trying to circumvent that just makes it more expensive for the rest of us.
>when PayPal tells you that they already know you and don't require you to log in: that's fingerprint.com behind the scenes.
Why use a third party service when cookies can do exactly that? They load their .js from the same domain they set up a cookie and there's no limitation to read that cookie, correct?
It is not really fingerprinting but I realized that ipinfo can place my IP on my house. I guess some stupid phone sent the GPS location. Isn't that supposedly under GDPR in Europe? Can I delete it somehow?
There is no good technical solution here. But the damage could be limited if browsers at least limited entropy somewhat. Stuff like reading back canvas contents should need user approval.
Just make sure it’s sufficiently illegal to keep this info. Find and make big visible examples of fining companies that trade in this info. If a company sells a product that fetches ads based on an ”identifier” their little js snippet computed then just pay them a visit. Fine both them and their customers to the max extent of the gdpr (or equivalent).
A combo of your IP, browser fingerprint plus the fact that you logged in somewhere and that links to your actual name etc. Identify you in isolation is not very useful. It's connecting that identity to another place that's valuable.
The browser history is collected across multiple sites to form a profile. If the user ever enters their email address or logs in, their entire history is deanonymized.
I don't mind advertisers knowing more about me. If they can display ads that are relevant to me, this is a better experience on both sides.
Unfortunately there is no way to tell advertisers, "No, I'm not interested in your product. I never will be. Don't waste your money."
The top offender is Hims. No, I don't have hair loss. I don't want hair loss supplements. I also don't have ED, and I object strongly to ads for that showing up unexpectedly when I'm showing a YouTube video to someone else.
The second top offender is whoever it is (they keep changing their name) who thinks that I need some kind of Christian motivational course to get control of "the P-word". (Their phrase, not mine.) No, I don't have a problem with pornography. I am very rarely interested in it. And when it comes up every few months, I don't feel any guilt about it afterwards. Furthermore I'm an atheist. A Christian motivational course isn't going to work well for me regardless.
Yes, Google does offer a report function, and a block function, for ads. The report function seems to have gotten rid of the unwanted ED ads. The block really doesn't work when the ads are all very similar AI slop that is rotated frequently. Block this ad, and then next unwanted ad from the same source will be coming along soon enough. (The reason why I particularly dislike Hims is that they are more aggressively rotating their ads.)
Relevant/personalised ads doesn't mean ads that benefit you. It's means ads that are better able to extract money from you.
It means that, when you need a new dishwasher, you will never see the actual best dishwasher for you, only dishwashers that are a bit more expensive than you actually need but you will end up buying one of them anyways.
It means that you are more likely to see products you would impulse buy just after you get your paycheck. Or slightly inflated prices on things you usually buy.
It means ads designed to take advantage of addictions to sugar, alcohol, gambling etc
Finding stuff you actually want to buy has never been easier, you can find hundreds of reviews and comparisons instantly. People who opt into personalised ads don't end up being more savvy online shoppers, they just end up buying more junk.
My preferences are based on my understanding of myself.
I do not have those problem addictions. Of course I am going to comparison shop for any large purchases. I am good enough about controlling spending that excess junk isn't one of my problems.
But what I do have a problem with is coming up with creative ideas for people in my life. So, for example, I would have never thought to look for https://www.zazzle.com/cup_equation_love-168099175298227864. But I'm very glad that someone out there knew enough about me to guess that this might be an item that I'd like. And my wife liked the cup a whole lot.
Does this happen often? No. But I'm perfectly happy to pay a premium for a product when an advertiser gets it right.
There are always situations where an advert is useful and we remember those. However, when an advert causes you to spend more than you would, you have no idea it has happened.
Maybe you truly are above the influence of advertising. However, almost no one believes that they are affected by advertising yet clearly almost all of those people are wrong.
I find it safer to assume I am part of the vast majority of people who would be influenced by personalised advertising. Given that online advertising is basically the biggest business in the world, I assume that it would find a way to get money from me.
You do you. If you believe that you are helpless in the face of the temptation of advertising, you should avoid advertising.
But it would be nice if you worked on your listening skills as well.
You gave a list of major evils that consuming advertising leads to. I don't suffer from those evils. Or at least if I do, then I must also in serious denial to be unaware of it.
You also seem to think that I said that I am unaffected by advertising, and it doesn't lead to me spending money. This is a bizarre conclusion given that I said that I am affected by advertising, and I gave an example of where it did lead to me spending money.
But the critical difference is this. You treat advertising as an assault on your mind. Whose job is to enable evil corporations to steal your money. I view advertising as a discovery method. The world is full of innovators coming up with things that they think others may want. They then use advertising as a way to let people know that there is a thing that they may want. I rarely want it. But I'm willing to waste a bit of time on the pitch.
And on the rare occasions that I do get something, I actually enjoy it regularly. That cup I mentioned? I just made tea for my wife, and served it to her in that cup.
We are different people. I have a very different relationship to advertising than you do. The fact that it is different, doesn't mean that I'm wrong to be me.
If you don't mind them knowing but resent the ads, you can just block the ads. You can do dns ad blocking[1], in-browser plugins/extensions[2], finally, patch the apps[3]. Or deploy all of them.
Perhaps you missed that I am willing to deal with ads in general? I am perfectly willing to put up with the annoyance, and like knowing that I am bringing money to the channel that I'm watching. I only want specific advertisers turned off.
A general "show me no ads" solution is not my preference.
That is a loser's proposition. Targeted advertising should be objected to on the grounds that surveillance and manipulation are unethical, it doesn't matter how useful it may or may not be in your personal experience. Them suddenly being more useful wouldn't make them any more ethical.
JavaScript disabling helps a lot, regardless of what author says. It disables most of the tracking attempts, improves security and most of all pages load faster and hardly break if you're just browsing anyway.
The whole article never mentions the gold standard of anti-fingerprinting, Tor Browser. It just shows how shallow the article is when it mentions Mullvad Browser, a fork of TBB, instead of TBB itself! There's also no mention of using an upto-date DNS block list to thwart fingerprinting attempts even more
Yeah, I don't get it. Tor browser alone, with no additional configuration and basic hygiene, is enough to stop any fingerprinting and tracking. The only problem is that it's too private, and tor traffic is often associated with crime, so it's sometimes blocked, notably by cloudflare.
I don't use it for daily browsing, but when I want to search for something I don't want associated with me (for example, health concerns) I just use tor browser and don't worry about tracking.
The Tor Browser won’t effectively stop fingerprinting, if anything it makes you more unique due to the low amount of people worldwide using it, and then you add points of data by using different DNS providers, extensions etc.
The Tor Browser as a privacy measure is likely no better than a normal browser with uBlock if you’re also using it like a “normal” browser, signing into the same accounts you always use etc. My opinion obviously but I dislike people recommending the Tor Browser as a lot of it’s primary benefits are lost if you’re just using it as a daily driver browser.
I always point people to https://fingerprint.com/ to see if their browser can defeat it. Most of the time you can’t without clearing cookies, changing device resolution, change VPN location etc. something the average person can’t/won’t do. Even JS aside there are a ton of different ways to track people based off even just getting server side data when a site’s stylesheet is fetched.
Not trying to be sarcastic; I may be unaware of some relevant legal framework for the US, could you please elaborate which one is a right and how is it enshrined and enforced?
Not American here, but I'm aware of both privacy in mixed forms (privacy act 1974, HIPAA, COPPA, and CCPA in California); as well as anonimity in First Amendment et al since there's case law (IANAL) demonstrating the requirement of anonimity to avoid persecution of free speech.
All of these have limitations and exceptions in a complex legal system. But to issue a blanket statement like the comment above is no really correct - just trying to make a point, I guess
Arguments for both are derived from, but not explicit in, the Bill of Rights. Privacy has broad points of support while anonymity is primarily attributed to the First Amendment, but only in narrow circumstances.
The only way to have privacy in a semi public location, like the Internet, is anonymity.
Ask any celebrity how much privacy they have. They can’t even buy Starbucks without people commenting on how fat their comfy clothes make them look. Because they have no anonymity.
On the pros of fingerprinting: it's practically the only consistent tool to prevent malicious use in certain usecases, such as app hosting and similar bot protection.
Email validation doesn't work. Ip blocking doesn't work. Captcha? Kind of. Fingerprinting? Very efficient.
The real problem here is not technical, it's political. None of this should be legal, let alone the basis of companies worth hundreds of billions. This is surveillance capitalism, and is incredibly harmful to society in a multitude of ways. And as long as the owning class is able to dictate what's legal, this injustice will continue.
Gemini and Gopher are better than the existing WWW, (although there are others as well, such as Spartan (uses the same file format as Gemini, but it is a different protocol without TLS), Scorpion (my own format, intended to be between Gemini and "WWW as it should be if it was designed better"), and others).
However, you might also want to access HTTP and HTML, and to do so without needing to load fonts, pictures, etc; you might use a web browser that omits many of these features. However, it also can result in some problems; there are a few ways to work around some of these, such as adding your own scripts to handle some services, adding proxy services for handling some services (although some of these can use other protocols such as Gemini), and/or using the HTML/CSS commands in other ways (e.g. using ARIA to decide the formatting rather than using CSS). However, there are other issues, e.g. if the web page you download includes more junk than the actual main text.
>And even though my personal safety and liberty probably aren’t at stake, I don’t want to give any support to the global advertising behemoth, by allowing advertisers access to better information about me.
Giving the surveillance economy access to your habits means making them slightly better informed about everyone. That won't directly endanger you; the SE will just become slightly better informed about how people like you function.
This will enable it to increase the amount of risk faced by some other person that you will never hear of (and vice versa) if any of you is even suspected of endangering the SE, in proportion to the risk to the SE which people like you may hypothetically pose, as quantified by the methods of nepotism-powered pseudoscience.
When an individual stalks a person without their consent, it is considered unlawful. Why is it ok for websites to do this?
Perhaps what is missing is a criminal law that forbids deliberate non-consensual tracking of a person's activity. Even in public.
Recording someone as you happen to be recording something in public (including CCTV) is not deliberate or targeted towards an individual. But even in public, if someone followed you around tracking what you're doing (even without recording you), that shouldn't be lawful. Public figures and law enforcement activity based on probable cause being the exceptions.
Can anyone think of any reasonable counter-arguments to this?
A counter argument is that stalking in itself, in the US at least, is not unlawful. It becomes unlawful once someone starts threatening another person. So the digital analog would be to allow tracking as long as the site doing the tracking doesn't threaten the people that are being tracked.
My header ended up looking like a permuted version of this:
I never manually configured any of those extra languages in the browser settings. All I had done was tell Chrome not to translate a few pages on some foreign news sites. Chrome then turned those one-off choices into persistent signals attached to every request.I'd be surprised if anyone in my vicinity share my exact combination of languages in that exact order, so this seems like a pretty strong fingerprinting vector.
There was even a proposal to reduce this surface area, but it wasn't adopted:
https://github.com/explainers-by-googlers/reduce-accept-lang...
Clearly it thinks you prefer Chinese to German. Was that correlated with the frequency of your requests on Google Translate? With your browsing history? With your shopping history?
If the browser header says windows but the fonts available says linux, that's a very distinctive signal.
And if the UA says Chrome but some other signal says not-chrome, that's very distinctive as well.
All "fingerprint" tests I've run have returned good results.
for bonus points, is there no way to strip all headers on chrome on control it better?
>> Instead of sending a full list of the users' preferred languages from browsers and letting sites figure out which language to use, we propose a language negotiation process in the browser, which means in addition to the Content-Language header, the site also needs to respond with a header indicating all languages it supports
Who thought that made sense? Show me the website that (1) is available in multiple languages, and also (2) can't display a list of languages to the user for manual selection.
I use to do some work in this area. The first question is difficult and the second is no. We had the best results when we used various methods to detect the preferred language and then put up a language selector with a welcome message in that language. After they made a selection, it would stick on return visits.
Judging by... a large number of websites, you make the list available in a topbar, and each language is named in itself. You don't apply one language to the entire list.
Here's the first page that popped into my head as one that would probably offer multiple languages (and it does!):
https://www.dyson.com/en
They've got the list in a page footer instead of a header, but otherwise it's an absolutely standard language selector. It does technically identify countries rather than languages. The options range from Azərbaycan to Україна. They are -- of course -- displayed to every visitor.
Why would you want to force someone to consume your website in the wrong language?
And why would the list be in a single language, again?
In addition, I block most known advertizing/tracking domains at the DNS level (I run my own server, and use Hagezi's blacklists).
Finally, another suggestion would be to block all third party content by default using uBlock Origin and/or uMatrix. This will break a lot of websites, but automatically rules out most forms of tracking through things such as fonts hosted by Google, Adobe and others. I manually whitelist required third party domains (CDNs) for websites I frequently visit.
That's also why it's indeed useful when using Tor, because you're not identified by your base IP.
Unless we make this part of the culture, you have basically 0 recourse to browser fingerprinting except using Tor. Which can itself still be a useful fingerprint depending on the context.
EDIT: I'll add that using these tools outside of normal browsing use can be useful for obfuscating who's doing specific browsing, but it should be emphasized that using fingerprinting masking in isolation all the time is nearly as useful as not using them at all.
I’d like a feature in my HN reader that sticks a red button at the bottom anytime XKCD has already made the points I’m reading.
I’m not kidding at all, that my guess is he was doing drugs and stopped.
Specifically it was at this point in 2016: https://xkcd.com/1756/
> I’m not kidding at all, that my guess is he was doing drugs and stopped.
I don’t know if he stopped or started, but something changed.
> block all third party content
It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
Also imagine if browser didn't provide drawing API for canvas (if you would have to ship your own wasm rendering library). Canvas would become useless for fingerprinting and its usage would drop manyfold. And the browser would have less code and smaller attack surface.
My GPU is reported as simply "Mozilla" by https://abrahamjuliot.github.io/creepjs/.
The number of cores is also set to 4 for everyone using this config and/or Tor.
> It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
This may be true, but allowed third party content makes it trivially easy for Google and others to follow people around the Internet through fonts delivery systems among others.
I think it is Ghostry that is faking the responses but I still have a pretty unique fingerprint according to https://coveryourtracks.eff.org/kcarter?aat=1
All that said, the main project looks to be open sourced under a GPL3 license, so distrust and verify: https://github.com/ghostery
I have had it installed so long I don't even remember when I did it.
Ill look more into it and perhaps re-evaluate
How do prosecutors in any modern country/state not charge this behavior when done by a website owner?
Inshallah
.. would lead to all modern electronics being illegal, not just web pages with javascript.
Is it based on the Tor browser?
Some solutions, like Tor browser or GrapheneOS, are engineered for the purpose.
Some free online tools are an aggregation of ideas from social media and someone's personal understanding. These solutions can have limited benefits or be worse than the problem. Many settings don't work as expected, there are unintended consequences (such as making the browser more unique and easier to fingerprint), unusual combinations of settings can have unintended consequences or break things (Mozilla can't test every combination of about:config settings).
https://help.kagi.com/orion/privacy-and-security/preventing-...
(Also, what is a 'fingerprinter'? Isn't it something that runs server-side, out of reach of the browser, based on data collected?)
sounds like they block "known" fingerprinting scripts and call it a day.
I love Kagi, but that is a laughable statement. Brave has been offering ad and fingerprint blocking for years now. The reason why they don't have full first party blocking ("aggressive" mode blocking) on by default is because it tends to break things.
Firefox exposes a massive amount of identifiable information via canvas, audio device and feature detection methods. There's also active methods to detect private windows, use of the developer console and more.
-make client load something
-client doesn't load it
-add.fingerprint.point(client,'doesnltloadthings',1)
-detect if client does something only a certain browser does
-client does it
-add.fingerprint.point(client,'doesthisbrowsderthing',1)
-window was resized/moved, send a websocket snitch to the backend
- keep a consistent web socket open, or fetch a backend-api call for updates on X events - more calls are made, means user is probably scrolling, inject more things/different things.
I see some js obfuscators out there where I look at the js file and it's all mumbo jumbo.
It is indeed a privacy nightmare, where whatever we do feeds the algorithms to aide in making other people do things.
But it's also used in network security, organizations etc. Staff/employees will use the system a certain way, if something enters it without the behaviors, it's detectable. I assume that's what you mean in anti-fraud.
Sad part is we don't know what the data is ever used for, and it's often bought and sold and the cycle repeats.
Whether one breaks a lot of websites or not depends on the type of user one is. People who regularly use the Google ecosystem, Amazon and Social Media etc. cannot afford to break sites for obvious reasons, they too are those that websites are most interested in tracking and fingerprinting.
Those who use the web in the way advertisers and Big Tech intend users to use it are the most vulnerable, they're the ones who most need protection.
I break websites regularly but it doesn't worry me, I browse with the premise that there are more websites on the internet than I'll ever be able to visit and if I break sites or are blocked by paywalls then there are usually alternatives and workarounds.
But then I'm not a typical user, I block ads, I usually browse with JS off, kill cookies, use block lists, use multiple browsers (there are six on this deGoogled, rooted phone), browse from multiple machines—Windows, Linux and use multiple ISPs. Also, I've no Social media or Google accounts and rarely ever purchase stuff online. Internet access is via dynamic IP addresses and routers are rebooted often. There's more but you get the picture.
I assume browsing sans JS makes me a first-class target for fingerprinting and that websites know about me but it doesn't matter. Whatever I'm doing seems to work, over the years I've had very little trouble doing everything on the web that I want to do. Clearly I'm of little interest to advertisers and I never see ads let alone targeted ones. I used to use uBlock Origin but I don't bother now as browsing sans JS is just so effective at blocking ads.
I'm lucky in the fact that I use no service that would benefit from fingerprinting me. Whilst my web browsing is atypical of most users I reckon many could benefit by being more proactive—using multiple machines, browsers, ISPs etc.—to disrupt the outflow of personal data. For example, this is being written on a rooted Android using Privacy Browser from F-Droid sans JS and with block lists. If I really need to go to a site where JS is required, I can simply hit a toggle and turn on JS or alternatively use another browser.
No. It's LARP. You either don't care or go with Tor Browser and/or commercial antidetect browsers.
But you shouldn't care, this issue of fingerprinting is overblown. (really reminds me of AI)
So what do we care about? If you care about being untrackable, then you have a couple of options, rotate VPNs, or cycle your public facing IP often. Additionally, every request you make MUST change up the request headers. You could cycle between 50 different sets of headers. Combine these two and you will likely be very hard to fingerprint.
If you only care about being identified, use Tor + the Tor browser which makes A LOT of traffic look identical.
I have a gut feeling that we've been tricked (by ad companies) into thinking that this is somehow realistic and that casual "content creators" can get meaningful money from us reading their articles.
Realistically, while professional content creators can make a living, writing a blog post every once in a while will not provide meaningful income. Instead of trying to "monetize" everything, we would be better off with free content like on the internet of old. There are other means of making money.
It seems that the current situation means that the "content creators" earn insignificant money, while ad companies earn huge money because of scale, and we all somehow keep believing that this is necessary for content to appear.
Nor, generally, should it. Sitting down one or two Saturday afternoons a month to write a blog post shouldn't be generating the income of a FTE.
What if it could? Or should (be able to produce FTE or close income)?
In that world, the amount of pointless shite - questing to “go viral” - would be reduced to near zero. That is, if the incentive were more quality, and less quantity, we’d be better off, yes?
Metrics are hard. Just making sure they reward one particular desired outcome doesn't mean you'll escape the unintended consequences.
Also, note that we are past the point of being able to reasonably able to manage any of this. Today, you'd need to come up with a reward function that cannot be maximized by AI. (And lest you think you can fix that by using site visitors to evaluate, most of them will be bots too.)
... but that's also not, nor should it be the median. I'm not sure how the economy functions if, say 8h/mo effort generates a median living wage.
It's very simple, it's what they've been doing in print media for centuries: contextual advertising.
Print media was also trying to guarantee their audience was an actual person by charging nominal fees, the difference was how much info required to do so.
I'd venture to say contextual advertising would be more effective than whatever we've been trying to squeeze out of fingerprinting etc. All this supposed "data" they are gathering feels like a scam perpetuated by ad companies about how important it is to the people who buy ads. It's not.
Even Facebook and Instagram, which pretty much should know you to a tee is completely ineffectual at advertising to me - like at all.
Later on in life I got pissed at cable-TV advertisers shoved into my favorite movies every 5-10 minutes ... ruining any ambience or artistic merit in them ... so I got rid of cable TV. By the time analog TV went away, I'd got rid of my television set. No return address on an envelope? junk mail, into the garbage unopened.
Now the pollution's ruined the 'net ... it's YouTube (re-routed) and some websites (blocked). So long, boing-boing and wired and your 'native ads'. Sites demand subscription? blocked. How much longer before advertisers realize how much they're getting ripped off?
Odd. In the midst of a (well-deserved) anti-ad rant, you throw in the primary non-ad alternative and discard it.
> How much longer before advertisers realize how much they're getting ripped off?
A while longer, if the same people who reject ads are also the people who reject alternatives to ads. The advertisers can safely ignore those people's opinions.
(I'm not saying subscriptions are the answer. I don't have an answer. I'm just saying that companies wanting subscription money is not part of the problem where companies want to shove ads in our faces 24/7.)
Targeted ads concentrate control over the market into a few players, which can do things like acquire competitors or run them out of business with loss leaders.
With AI, the supply of ad real estate will go to infinity, so the only thing that will matter is the quality of the places the ads run.
This would be a good time to ban targeted advertising, or for the content producers to form a cartel that only purchases contextual ads.
That cartel will probably be even worse than what we have now, since it’s going to be 2-3 mega conglomerates like Disney, and they already have handed editorial control over to the White House.
Hopefully the invisible hand of capitalism will somehow fix this.
How does tracking me and invading my privacy make ads perform better? In my case it does not. As the tracked ads are usually worse as they will keep advertising me things I don't need anymore. Context based ads worked fine in the past and I don't really see why they cannot.
Also why does every web store need to show me ads? Don't they make money out of selling things? If they really have to, do they have to invade privacy? This is like walking into a physical store and them doing facial recognition, then showing you tailored ads/inventory. That feels creepy to me.
If you don’t want to be tracked, you shouldn’t be, but how could it not? At a very simple level, an ad targeted towards a 50 year old woman isn’t going to be the same ad to show a 14 year old boy. Different people like different things and ads targeting you as an advertising profile are going to be better than ones that aren’t. You may not like the targeting and think it's invasive, because it is, but let's not pretend the tracking doesn't do something.
Would you pay per view? Most people (me included) would probably hesitate to say yes, because we’re used to not paying for that. But what if it meant that ad based model is gone and everything you buy is cheaper because the price does not include the cost of running ads?
Except in practice we see the opposite.
There's something interesting going on with companies when they want to get paid directly versus by ads: they demand 3x - 4x or more for subscriptions or pay per view versus what they make from ads.
Easiest place to see this is ad supported non-linear TV in the years you could get without ads, or with ads. You pay significantly more to not see the ads, than they make from the ads.
Perhaps this is justified because ad-free subscriptions reduce the audience size for ad buys, but when you look at the numbers watching with ads versus paying, it wouldn't seem like the "no ads" buyers make a dent in whatever pricing tier.
In the 90s when we were young and naive, we imagined a library card model, with a library fee and then you have fractions of a cent cost to read a post, and using (hand waving) technology to uncouple viewing history from payables to content creators. That, or the British TV license model, an Internet license of some kind.
It's curious to me the ad networks haven't gotten together to preemptively offer this. Arguably Brave tried, but from an adversarial (to the ad companies) stance. It would work better from the inside with a simple regulation: if you serve ads for ad-supported content, you have to participate in the library card system at CPM rates no greater than you receive for ads to skip the ads for card holders.
The only companies that we directly allow to do this are schools, but having a premium version lets you approximate this.
it takes a lot of $0.10-$0.25 views to make up for the loss of a $5/month recurring revenue stream that might last for years.
https://sheep.horse/2024/11/on_micropayments.html
The problem is skewed incentives, of course. Advertising is acceptable to most users and easy to integrate, so why should website authors go out of their way to please a minority of their users who object to it?
you're describing the model of a product called blendle, a service which i loved but which totally failed. they failed to attract users, and they failed to attract publishers. this isn't some new idea that nobody had tried. it's been done. and it failed, not just for blendle. people have tried micropayments, they've tried subscriptions, if you can imagine a PPV model, it's probably been tried. readers and publishers both hate it.
The PPV model, like Ads, works well for websites that you're not well associated with. Random blogs and websites that you otherwise wouldn't be willing to share your credit card info with.
I can't speak for all web sites, but I reckon a combination of factors could explain why such a solution hasn't been deployed:
1. Advertising is ubiquitous, easy to integrate, and provides a safe revenue stream.
2. There is little to no infrastructure for the PPV model. Whoever builds it would need to maintain their own version of it.
3. People expect the web to be "free". This is even true within technical crowds who understand that it's really not free. And a large part of that group doesn't mind advertising.
So, really, it would require a substantial amount of effort to implement, it would add additional friction to users, and ultimately only a minority would appreciate it.
Had this model been in place from the beginning of the web, things might be different today. Alas, if my grandma had wheels...
A critical mass of publishers would need to team up and form a cooperative/etc where a user could register once, deposit some money, and then that money would be spent every time they view an article. But that requires cooperation between competitors, which is already hard enough, and the cancer that is the advertising industry wouldn't like this potential existential threat and would be more than happy to pour fuel onto the fire to ensure it never succeeds.
What's surprising is why the card networks themselves don't get in on it. They could do so in a completely backwards-compatible manner, introducing a new card number range that only works with transactions under a certain amount and have different fraud protection/chargeback rules.
i don't believe NYT has ever tried a pay-per-view model.
Spotify's model is more that your monthly amount gets disproportionately redistributed to the artists that bring more interest and listens to Spotify, regardless of whether you were one of those listeners. Smaller and niche artists suffer under Spotify's model.
That's what people are bemoaning the loss of: the before times, when people did interesting stuff without regard for whether it could be monetized or not.
Yes, but only after viewing, of else I'd pay for "editorial" or AI generated slop which would be generated like link farms pointing to Amazon etc.
And that's the chicken-and-egg problem ...
In theory that could be resolved by registering for free at reputable sites and then paying per view with micropayments. Or by a scheme where one would register and only pay when I actually did read stuff, not with the currently en-vogue monthly fee for each and every site.
It is a shame that this feature gets lumped together with claims of crypto scams, and similar nonsense. Yet this is precisely the right model that could work at scale to eliminate the advertising middleman, and make the web a safer and more enjoyable experience for everyone.
From my perspective I couldn't care less if one bad guy is stealing from another bad guy.
I wrote a longer post on this[0] but to save you the click I will state the biggest problem from a privacy point of view - if you think privacy is bad now with ads imagine how much worse it would be with a payment processor knowing your every click.
Yes, I know about certain cryptocurrencies that maintain privacy, they are a non-starter for micropayments for different reasons.
Even if a magically technical solution to privacy were to emerge there is nothing more valuable than information about paying customers and sites would use browser fingerprinting anyway.
[0] https://sheep.horse/2024/11/on_micropayments.html
The article you lists assumes a "conventional" credit card system with chargebacks, massive fees, etc. which makes micropayments ecosystem impractical in the first place. Proposals for micro-payment systems usually describe a way top enable low-fee payments.
The author doesn't take into account modern cryptocurrency tech like payment channels. I really doubt that payments have a natural fixed floor of 10s of cents - Payment providers charge these fees simply because they are in a natural monopoly position, thanks to lock-in and regulation. The need to control fraud is caused by regulatory requirements, which are in turn caused by monopolization.
Despite being technologically less efficient, even traditional cryptocurrency payments are cheaper than bank transfer fees due to competition and low regulation.
Secondly, you assume that no one wants to do micropayments. The infrastructure doesn't exist for it yet. If you don't build it, they will not come.
As for browser fingerprinting, it can be solved on the client side with enough effort. Look at tor browser. Just have a system where cookies, WebGL, etc. are opt in on a browser level in the same way that WebUSB is. Artificially limit the performance of javascript to prevent bench-marking. I think it is possible to solve this architecturally.
Check it out!
https://en.bitcoin.it/wiki/Payment_channels
https://lightning.network/lightning-network-paper.pdf
Also, there are GNU Taler/Chaumian cash type systems that inherit the efficiency of centralized systems with an added privacy benefit.
That “if” is doing a lot of heavy lifting there.
But my point is that even if a magical technical solution existed tomorrow then the same sites that collect data for ads would continue to do so for the much more valuable data on paying users.
There have been a number of proposals, I think the oldest is DLSAG: https://eprint.iacr.org/2019/595.pdf There are other ones based on time-lock puzzles, but those have always been kinda crappy.
It may be possible with some ZK magic I'm unfamiliar with. But the core of the problem is that we need to find a way to make a transaction valid but only after a certain block height, and make it so that validators can't learn any specific heuristics about the transaction (like what the block height is exactly).
>But my point is that even if a magical technical solution existed tomorrow then the same sites that collect data for ads would continue to do so for the much more valuable data on paying users.
Sure, but after the micropayments revolution there will also be a change in the types of sites people use, enabled by the new form of monetization. You could rely more on people posting things like videos to their personal blogs and interlinking them instead of having to shack up with one of the few sites large enough to support ad-funded monetization. The internet would have a basic spam-resistance function, so it would be less reliant on the existing players to gatekeep (for example, email, forum moderators, etc).
I think it would be more competitive. Let's say you have a site like twitter that says "now that there are micropayments, we will charge you 1 cent per pageview AND force you to login and collect your data", well then you will have a competitor like xcancel.com which can charge 2 cents per pageview and not require login. The market would decide what the best model is. Right now proxy sites like xcancel have to do it for free. Even if they wanted to run ads, the ad market isn't competitive in the same sense because it is more profitable for larger players.
I think you mention in your blogpost that no one would want to support micropayments because of piracy. I consider this a massive advantage of the micropayment system. It's pro-piracy by default. If you look at the origins of ad-funded sites like youtube, they started out as hubs of (light) piracy. The content of social media sites should be pirated and mirrored: they are just getting rich off of network effects in the first place. If you combine micropayments with some sort of bittorrent-like system, this could be very powerful. Imagine a decentralized archive site, where you take advantage of TLS to archive a verifiably timestamped version of a page, and anyone else can send you money that is conditional on you providing them a copy of that archive in return.
Micropayments don't fund the development of new intellectual work, but they let you recoup the cost of bandwidth. He who does not host, also does not earn. If you want to fund the development of new work, I think you need patronage. We are already seeing this with a lot of videographers from youtube depending mostly on sites like patreon and donations from dedicated fans. In a micropayments world, you wouldn't have sites like patreon taking a cut. Aside from just having ~0.1c micropayments-per-pageview, you could have very easy p2p "mini-payments" on the order of ~$1 in exchange for donation rewards.
With less money in the annoying ads economy, google and others would have less power to alter the web standards to their whim, and we could claw back features that enable fingerprinting. I don't know, that is just my dream.
Sending emails costs $0.50.
Also wonder if it will really work out, i open too many articles that are pretty bad when you start reading them. So i quit after 1 or 2 paragraphs.
Now if you get the first 2 paragraphs for free, contents writers will start to optimize for good first 2 paragraphs, and afterwards quality will drop. Also, many blog posts or news articles don't have more than 2 paragraphs of good content.
But yes, I always thought some form of network syndication would emerge on the Web, where creators could register for their share of aggregated periodic payments made by users.
Still not sure why that's not a thing. I would pay $50/month to a syndicate in return for never having to deal with paywalls on any sites affiliated with them. But only as long as the vast majority of sites participated, and that is probably the showstopper, I guess. We'd end up paying 20 different 'syndicates' for absolutely no good reason, just as we now have to deal with 20 different streaming services.
One option: a fund where you buy tokens, that you can spend reading an article. That will, however, lead to more clickbait and AI slop and snowing under serious blogs with low volume.
Aggregation of tips and payouts would help, but that requires network effects (achievable only at scale) to be viable. I believe this approach has been tried in recent years, but I am not sure where those efforts went.
The point of paying creators is so that they can focus on creating content instead of making other things. Giving money to a creator is basically saying "you're so good at what you do, and it has so much cultural/intellectual value, I'd rather have you make content instead of stocking shelves or making food". But this should be reserved for people that publish good content because they can and are passionate about it, not just anyone putting out slop with the instrumental goal of paying their bills. If the friction of clicking a button and filling in payment details is enough to deter people from paying them, then maybe their content isn't worth paying for and they should find some other way to make a living instead.
With like 12 students, that's 4 bits, and it often ends up with 2-3 questions. It starts off with the obvious ones - man/woman/diverse, but then a realization comes in: An answer usually contains more information than just that one bit. If you have long hair, you're most likely a woman and/or a metalhead for example. That part will get shaken out later on.
And those thoughts make these browser fingerprinting techniques all the more scary: They contain a lot of information and that quickly cuts the possible amount of people down. Like, I'm a Linux Firefox user with a screen on the left. I wouldn't be suprised if that put me in a 5-6 digit bucket of people already.
That means there is less information in the question "do they have long hair?", not more. Asking "long hair?" and then "woman?" is probably, in most groups, roughly the same as just the first or second question alone. So the second question added much less than one bit of information because the answer is probably "yes". "Long hair" and then "metalhead" is the same, except that the answer to the second question is probably "no".
Yes/no questions on average contain the most information each when they partition the remaining possibilities 50:50. Then each answer gives you exactly one more bit. The closet you get to either a 100:0 or 0:100 yes:no split, the smaller the fraction of a bit you encode in the answer.
"Metalhead?" usually gives you lots of bits of information (probably 4 in an "average" group of 16 containing at least one metalhead) if the answer is "yes", but on average that's outweighed by the very high chance that the answer will be "no". If there are no metalheads or only metalheads, it gives you zero information.
In this case, it was often an interesting exercise in bias as well. "Woman?" would usually single out 1-2 persons out of the 15, so it was a terrible question. It was CompSci after all. "Long hair?", lumping women and metal heads into one group would often split it into half and half. That was much better, and then spurred creative thoughts like travel distance, or bus stations.
Isn't the point to ask yes or no questions?
You can think of all sorts of questions and answers like this, and when you combine with the assumptions and answers from previous answers you can make even more assumptions. They won't always be correct, but you don't have to be "perfect", depending on your use-case. For example for advertising purposes assumptions(even if incorrect) can still go a long way.
There is a reason Target got sooo good at identifying pregnant women[0] before the women knew they were pregnant that they creeped out women, and had to pull back what they did with that information. This was like a decade or more ago. It's only gotten more accurate since then.
0: one example from 2012: https://techland.time.com/2012/02/17/how-target-knew-a-high-...
https://www.predictiveanalyticsworld.com/machinelearningtime...
Why would they do that, if they didn't think their system was that good?
That's why I pay with cash and do not have a loyalty card (other customers often offer theirs at cash register anyway). And of course I don't even go to Target.
The goal of these decision trees is to have as few questions that divide the group in two balanced halves (and also recursively).
If you imagine a binary tree with questions in each internal node, and in each leaf there is a person. You want the height of the tree to be minimized.
It is indeed not possible for it to give more, because it only has a single bit answer, which by the pigeonhole principle can't give you more than one bit.
The best yes/no questions are the ones which are independent of each other and bisect the group evenly. "Are you female" is typically good because it will be approximately half the population. Then you want independent questions that bisect the population again, like "does your first name have more than the median number of letters" which should be mostly independent of the first question. Another good one is conditional questions like "are you taller than the median for your sex" since a pure height question wouldn't be independent of sex but that one is.
Whereas bad questions would be ones with highly disproportionate responses, like "do you have pink hair with black and green highlights" which might be true for someone somewhere but is going to have >99% of people answering no, or "were you born on the planet Mercury" which will be 100% no and provide zero bits of information.
I do block ads on the web with UBlock Origin because there’s no pay option to opt-out of it and ads ruin the experience. But I don’t give a fig about tracking. Change my mind. Why would the average person enjoy a better life if they became untrackable on the Web?
However, just because the average person doesn't notice and doesn't care, it doesn't mean that their life can't be ruined at some point because of these things. You never know when you're suddenly going to be targeted for something you may or may not have done.
I think it’s not possible for me to say if my life is really better, because it’s the whole road not taken thing. It’s not possible to know and so it’s not worth agonising over, but I’m choosing to live according to my values at least, and that seems valuable.
Though, from what I understand, overall the fingerprinting success rate is only about 30%.
This reminds me of the anti-vax logic a tad in that they lack the imagination on the seemingly obvious effects of their ideal world.
Being indifferent to companies and political parties (which becomes your Gov't when voted into power) indirectly states that you are indifferent to others attempts to influence you and/or foolhardy enough to believe that all of your beliefs consistently originates from objective personal experience.
Another way is the security and peace of mind it gives me while living in a country that has a behemoth population of bad actors online. Everyone I know has fallen to at least one targeted cyber-scam or the other. I haven't.
It really isn't, because there's plenty of fingerprinting scripts that run on the same domain, especially fingerprinters from security providers like cloudflare or akamai.
When I was young I used to think of him as that eccentric pedantic mit guy but now I see him as a true warrior for freedom.
Imagine if you said: I'm going to undermine facebook by building another social network which will be Free software, and will be compatible with facebook. I'll federate facebook whether they like it or not, and I'll do that by reverse engineering how facebook servers talk to each other. That wouldn't work because it takes you huge effort to pull off, and it takes facebook zero effort to change the interface in a tiny way that breaks everythign for you. (Ok the analogy isn't perfect, but hopefully you get the idea of diminishing something's value by forcefully opening it up)
But he hugely contributed to win a battle like this in the late 80s, then Linus Torvalds came in and finished the job in 1991 or so. RMS doesn't get the credit or even appreciation he deserves. I think he's one of the most tragic figures in the history of computers.
Lets see what he says on the subject.
https://www.gnu.org/philosophy/javascript-trap.html
And neither does the page on LibreJS, which is the tool he created to attempt to address the problem[1]
[1] https://www.gnu.org/software/librejs/
> By following users over time, as their fingerprints changed, they could guess when a fingerprint was an ‘upgraded’ version of a previously observed browser’s fingerprint, with 99.1% of guesses correct.
https://coveryourtracks.eff.org/static/browser-uniqueness.pd...
https://mullvad.net/en/browser/browser-fingerprinting
See: https://xkcd.com/1105/
Services with a large enough fingerprinting database can filter out implausible values and flag you as faking your fingerprint, which is itself fingerprintable.
The point is that a sufficiently motivated actor could use a very broad array of tactics, some automated and some manual, to identify, observe, track, and/or locate a target. Maybe they can’t pin you down with your browser fingerprints because you’ve been smart enough to use tools that obfuscate it, but that’s not happening in a vacuum. Correlating one otherwise useless datapoint that happens to persist long enough to tie things together at even low-ish confidence is still a hugely worthwhile sieve with which to filter people out of the possibility pool.
The problem isn’t that it doesn’t affect most average people, or that it it’s terribly imprecise. The problem is that it’s even a little effective, while being nearly impossible to completely avoid. It’s also a problem if that’s used by a malicious state actor against a journalist, to pick a rather obvious example. Because even in isolation, this kind of violation of civil liberties necessarily impacts all of society.
The public should be given more information and control, broadly speaking, for when they are asked to trade their rights for convenience, security, and/or commerce. In particular, I think the United States has allowed bad faith arguments against regulatory actions and basic consumer rights so corporate lobbyists can steamroll any chance of even baseline protections. It would behoove all of us to be more distrustful of companies and moneyed interests, while being more engaged with, and demanding of, our governments.
The ironic thing is that because of GDPR and CCPA, ad tech companies got really good at "anonymizing" your data. So even if you were to somehow not have an alias linking your various anonymous profiles, you will still end up quickly bucketed into a persona (and multiple audiences) that resemble you quite well. And it's not multiple days of data we're talking about (although it could be), it's minutes and in the case of contextual multi-armed bandits, your persona is likely updates "within" a single page load and you are targeted in ~5ms within the request/response lifecycle of that page load.
The good news is that most data platforms don't keep data around for more than 90 days because then they are automatically compliant with "right to be forgotten" without having to service requests for removal of personal data.
"Get me all the individuals in this geo area that have atypical communication patterns..."
I don't understand how temporary containers are still not a built-in Firefox feature, it seems like such a no-brainer solution for privacy.
If you're on a VPN and using Firefox containers, is the only way to identify me to look at my mouse movement and correlate it?
The best browser for protection is https://mullvad.net/en/browser because it makes the connection uniform, to better blend in.
I guess that really depends on how you classify "best"
Tor is pretty good for protection. Then there's always i2P as well…
Saying one browser can protect the best is pretty hard to prove.
I wouldn't say Tor Browser is the best because it requires custom configuration to be usable conveniently, which will make the connection non-uniform (and the user will stand out).
>Tor is pretty good for protection. Then there's always i2P as well…
Tor and i2P does nothing for (anti)fingerprinting - the program which render the web pages does.
>Saying one browser can protect the best is pretty hard to prove.
Not a proof but things to consider: https://privacytests.org/
Among all the available browsers, mullvad/tor browser is the best we have in terms of fingerprinting resistance.
I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
Is the implication that there are certain graphical operations that - perhaps unintentionally - end up becoming akin to a physically unclonable function in hardware?
per combination of hardware(GPU, resolution of display) and software(exact drivers)
We've made our world a scary place.
This feels like a regulatory question, not a technical one. We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points. The long-term solution seems like it should be severe consequences for data breaches (as in, corporation-destroying penalties for disclosure of PII, including fingerprint data) such that everyone only collects the data they need to provide the service in question and not a single bit more, deleting it as soon as it's no longer necessary. Right now there's no consequence if Google or Meta disclose huge swaths of user data, and thus no disincentive to collecting as much as they possibly can.
Punish the leaking of data, and suddenly you've raised it's cost to the point that casual players will nope out entirely. From there, it's the eternal back and forth of governments waffling between business and electorate interests.
I'm very skeptical of this claim, especially in practice. Contrary to what many fingerprinting sites claim ("you're unique of everyone we fingerprinted!!"), browser fingerprinting can't possibly uniquely identify someone. Smartphones are pretty locked down and there's very few customization options that allow for fingerprinting. In the US Apple has around 50% market share in the US, and there are 30 iPhones models that are still in support. That means if you're an iPhone user in a city of 1 million, there are, on average, approximately 16.6k (500k / 30) other people with the same exact model of iPhone (and therefore fingerprint) as you. As long as you don't do anything to stick out (eg. living in the US but setting Denmark as your locale), you'll be reasonably anonymous.
Often had the same thought, if not shared same opinion. On the other hand, stiffer penalties have the trade off of incentivizing cover-ups, i.e. disincentivize honest disclosure.
The last time I looked at this seriously I was trying to find out how much fidelity (if it was possible at all) was necessary to identify someone by their mouse and keyboard input.
It's not just what you do but how you do it.
https://amiunique.org/
Basically, we can identify browsers based on the supported ciphers in TLS handshake (order matters too AFAIK). Then when your declared identity is not matching the ja3 hash, you're automatically suspicious, if not blocked right away. I think that's the reason for so many Capchas.
At best they identify the family of browser, and spoofing it is table stakes for bad actors. https://github.com/lwthiker/curl-impersonate
These will still help against the masses of dumb actors flooding your stuff.
It's a better explanation that I can provide.
I'm going to steal this nice analogy, for when I try to explain this point and some related points.
I switched to the Mullvad browser. The other recommendation, LibreWolf, provides the following warning on install which scared me away: "Warning: librewolf has been deprecated because it does not pass the macOS Gatekeeper check! It will be disabled on 2026-09-01."
That’s not to say you shouldn’t use a browser that blocks ads etc but I don’t think people should immediately think that they’re not fingerprintable because they’re running these. There definitely needs to be more discussion on the reality of how much these browsers can “protect” you.
Sure even with the gatekeeper test you can’t be sure it’s built against only the claimed code but it does guarantee:
1) the binary hasn’t been modified since it was signed 2) the binary was signed by somebody in possession of the private key 3) there is some measure of identification via Apple on who or what signed the binary 4) somebody was willing to fork over $99 to sign the binary
It’s not perfect security by any means but it is something. Otherwise the binary you are running might as well have come from some sketchy email attachment. And fuck that. Why would I want that on my machine?
I get that the $99 might be a hurdle for “non-organized open source” (ie most open source… doesn’t have a non-profit entity to take up the expense and credential management, etc…)… and there are probably ways apple could make it easier for such “collectives”… but ultimately I’d argue that signed binaries are good for everybody. While imperfect, they provide some form of traceability and accountability.
obviously it’s not a 100% guarantee of being fuckery-free. The private key might have been compromised, the appleid might have been hijacked and the developer program might have been enrolled with stolen credit cards… but it’s still a hurdle to filter out a large swath of low effort nonsense.
This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface…
The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key.
Edit: Apparently Brew doesn't sign stuff because they don't trust the code they are being asked to sign. Apparently you can just get brew to build the package locally with `brew install --build-from-source librewolf` though which is useful.
On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.
If you want to avoid being uniquely identifiable stick to Chrome, signed into a Google account, running on a PC from Best Buy.
https://aol.codeberg.page/eci/
There are pros/cons.
It should be obvious by now that using any free service of scale is being paid for by your interactions which are made more valuable through fingerprinting.
Trying to circumvent that just makes it more expensive for the rest of us.
Why use a third party service when cookies can do exactly that? They load their .js from the same domain they set up a cookie and there's no limitation to read that cookie, correct?
Just make sure it’s sufficiently illegal to keep this info. Find and make big visible examples of fining companies that trade in this info. If a company sells a product that fetches ads based on an ”identifier” their little js snippet computed then just pay them a visit. Fine both them and their customers to the max extent of the gdpr (or equivalent).
Unfortunately there is no way to tell advertisers, "No, I'm not interested in your product. I never will be. Don't waste your money."
The top offender is Hims. No, I don't have hair loss. I don't want hair loss supplements. I also don't have ED, and I object strongly to ads for that showing up unexpectedly when I'm showing a YouTube video to someone else.
The second top offender is whoever it is (they keep changing their name) who thinks that I need some kind of Christian motivational course to get control of "the P-word". (Their phrase, not mine.) No, I don't have a problem with pornography. I am very rarely interested in it. And when it comes up every few months, I don't feel any guilt about it afterwards. Furthermore I'm an atheist. A Christian motivational course isn't going to work well for me regardless.
Yes, Google does offer a report function, and a block function, for ads. The report function seems to have gotten rid of the unwanted ED ads. The block really doesn't work when the ads are all very similar AI slop that is rotated frequently. Block this ad, and then next unwanted ad from the same source will be coming along soon enough. (The reason why I particularly dislike Hims is that they are more aggressively rotating their ads.)
It means that, when you need a new dishwasher, you will never see the actual best dishwasher for you, only dishwashers that are a bit more expensive than you actually need but you will end up buying one of them anyways.
It means that you are more likely to see products you would impulse buy just after you get your paycheck. Or slightly inflated prices on things you usually buy.
It means ads designed to take advantage of addictions to sugar, alcohol, gambling etc
Finding stuff you actually want to buy has never been easier, you can find hundreds of reviews and comparisons instantly. People who opt into personalised ads don't end up being more savvy online shoppers, they just end up buying more junk.
I do not have those problem addictions. Of course I am going to comparison shop for any large purchases. I am good enough about controlling spending that excess junk isn't one of my problems.
But what I do have a problem with is coming up with creative ideas for people in my life. So, for example, I would have never thought to look for https://www.zazzle.com/cup_equation_love-168099175298227864. But I'm very glad that someone out there knew enough about me to guess that this might be an item that I'd like. And my wife liked the cup a whole lot.
Does this happen often? No. But I'm perfectly happy to pay a premium for a product when an advertiser gets it right.
Maybe you truly are above the influence of advertising. However, almost no one believes that they are affected by advertising yet clearly almost all of those people are wrong.
I find it safer to assume I am part of the vast majority of people who would be influenced by personalised advertising. Given that online advertising is basically the biggest business in the world, I assume that it would find a way to get money from me.
But it would be nice if you worked on your listening skills as well.
You gave a list of major evils that consuming advertising leads to. I don't suffer from those evils. Or at least if I do, then I must also in serious denial to be unaware of it.
You also seem to think that I said that I am unaffected by advertising, and it doesn't lead to me spending money. This is a bizarre conclusion given that I said that I am affected by advertising, and I gave an example of where it did lead to me spending money.
But the critical difference is this. You treat advertising as an assault on your mind. Whose job is to enable evil corporations to steal your money. I view advertising as a discovery method. The world is full of innovators coming up with things that they think others may want. They then use advertising as a way to let people know that there is a thing that they may want. I rarely want it. But I'm willing to waste a bit of time on the pitch.
And on the rare occasions that I do get something, I actually enjoy it regularly. That cup I mentioned? I just made tea for my wife, and served it to her in that cup.
We are different people. I have a very different relationship to advertising than you do. The fact that it is different, doesn't mean that I'm wrong to be me.
[1] https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#...
[2] https://ublockorigin.com/
[3] https://revanced.app/patches?pkg=com.google.android.youtube
A general "show me no ads" solution is not my preference.
The whole article never mentions the gold standard of anti-fingerprinting, Tor Browser. It just shows how shallow the article is when it mentions Mullvad Browser, a fork of TBB, instead of TBB itself! There's also no mention of using an upto-date DNS block list to thwart fingerprinting attempts even more
I don't use it for daily browsing, but when I want to search for something I don't want associated with me (for example, health concerns) I just use tor browser and don't worry about tracking.
The Tor Browser as a privacy measure is likely no better than a normal browser with uBlock if you’re also using it like a “normal” browser, signing into the same accounts you always use etc. My opinion obviously but I dislike people recommending the Tor Browser as a lot of it’s primary benefits are lost if you’re just using it as a daily driver browser.
I always point people to https://fingerprint.com/ to see if their browser can defeat it. Most of the time you can’t without clearing cookies, changing device resolution, change VPN location etc. something the average person can’t/won’t do. Even JS aside there are a ton of different ways to track people based off even just getting server side data when a site’s stylesheet is fetched.
All of these have limitations and exceptions in a complex legal system. But to issue a blanket statement like the comment above is no really correct - just trying to make a point, I guess
Ask any celebrity how much privacy they have. They can’t even buy Starbucks without people commenting on how fat their comfy clothes make them look. Because they have no anonymity.
Email validation doesn't work. Ip blocking doesn't work. Captcha? Kind of. Fingerprinting? Very efficient.
Because the sites that still offer feeds, at least those for which a feed makes sense, well, you can read them comfortably via RSS.
Yes, I know that's ski-mask bla bla bla, but I still don't want my browser to be doing this nonsense.
When I think of all the tracking that goes on, these are becoming more lucrative.
However, you might also want to access HTTP and HTML, and to do so without needing to load fonts, pictures, etc; you might use a web browser that omits many of these features. However, it also can result in some problems; there are a few ways to work around some of these, such as adding your own scripts to handle some services, adding proxy services for handling some services (although some of these can use other protocols such as Gemini), and/or using the HTML/CSS commands in other ways (e.g. using ARIA to decide the formatting rather than using CSS). However, there are other issues, e.g. if the web page you download includes more junk than the actual main text.
Giving the surveillance economy access to your habits means making them slightly better informed about everyone. That won't directly endanger you; the SE will just become slightly better informed about how people like you function.
This will enable it to increase the amount of risk faced by some other person that you will never hear of (and vice versa) if any of you is even suspected of endangering the SE, in proportion to the risk to the SE which people like you may hypothetically pose, as quantified by the methods of nepotism-powered pseudoscience.
Perhaps what is missing is a criminal law that forbids deliberate non-consensual tracking of a person's activity. Even in public.
Recording someone as you happen to be recording something in public (including CCTV) is not deliberate or targeted towards an individual. But even in public, if someone followed you around tracking what you're doing (even without recording you), that shouldn't be lawful. Public figures and law enforcement activity based on probable cause being the exceptions.
Can anyone think of any reasonable counter-arguments to this?