Have you heard of digital fingerprinting? It's when a website looks at the information of your device or browser you are connecting from such as but not limited to your device hardware, IP, time zone, language, screen resolution, etc. This digital profile is compared to other digital profiles and chances are there is a match that they can use to identify you and your behaviors online to serve you more targeted ads and results. www.deviceinfo.me should give you an idea of what data websites are able to collect about you.
Yeah pretty much all of those.
On firefox most of my info is either spoofed or unknown. I'm in strict mode with ublock origin (medium), localcdn, canvasblocker, and temp containers, no about:config settings.
don't know about youtube but use this site to find out what your devices are telling about you, online..via browser ofc..it will give you an idea about what you're asking,
It is actually possible to detect the true browser rendering engine someone is using, even if they've changed their user agent. Check out the "browser core" at this site: https://www.deviceinfo.me/
Doesn't matter what user agent you pick, it will still report you're using Firefox.
This actually makes you more unique as very few people go through the trouble of changing their user agent to be different from the default
This site (https://www.deviceinfo.me/ ) detects my GPU and the number of cores and that I have over 8GB of RAM and that my "battery" is at 100% and charging (I'm on desktop wtf but still can give sites a pretty neat idea) and can detect the sensors in your phone (rotation, acceleration etc.).
In Firefox you can disable the Web Audio API "AudioContext" to prevent this.
In "about:config", search for "dom.webaudio.enabled", and set it to "false".
To make sure it's properly disabled check the "AudioContext" section on https://www.deviceinfo.me
There's also browser extensions that exist to disable the API, but using the setting directly in Firefox is all that's needed.
Looking at stats for nerds, I've seen different codecs used for the same video based on what hardware, browser and OS I'm using.
I have an older notebook without a GPU and it usually gets served H.264 video rather than the AV1 or VP9 my desktop with GPU gets.
It's probably based on the Media Capabilities that /u/190n mentioned and where those are not available, it's probably making an educated guess based on other information that the browser presents.
https://www.deviceinfo.me/ will show the information that your browser is sending. I can't see Media Capabilities listed, but I can see Browser, OS, CPU architecture, GPU driver, plugins and so on.
Your browser may or may not be as unique as it claims to be. It's possible that some fingerprinting sites have databases that contain a lot of data that's either too old or too recent, also some of the information collected often changes for most people, for example the user agent when a browser gets updated. Perhaps it's better to focus on what information you don't want your browser to give out, you can use https://www.deviceinfo.me to work on that.
If you use the "about:config > privacy.resistFingerprinting" setting, then canvas fingerprinting is already blocked, so using the CanvasBlocker extension is redundant. Even if you use the "fake" setting in CanvasBlocker, the "privacy.resistFingerprinting" has priority so canvas fingerprinting remains blocked, and not faked/spoofed. I only know this for sure because I tried various similar combinations of settings and tested on Device Info at https://www.deviceinfo.me using the "Canvas" section. Easiest way to know.
If you use the "about:config > privacy.resistFingerprinting" setting, then canvas fingerprinting is already blocked, so using the CanvasBlocker extension is redundant. Even if you use the "fake" setting in CanvasBlocker, the "privacy.resistFingerprinting" has priority so canvas fingerprinting remains blocked, and not faked/spoofed. I only know this for sure because I tried various similar combinations of settings and tested on Device Info at https://www.deviceinfo.me using the "Canvas" section. Easiest way to know.
That's because that extension is not being used as part of their fingerprinting method. Different sites will collect different information/methods to build their own fingerprint databases. https://www.deviceinfo.me is a good one that shows a lot of information, but doesn't collect it to build a fingerprint database.
I would like to know as well if there's a setting or add-on specifically for this. The only way I know of currently is to use an add-on like NoScript and to only allow JavaScript when needed, which is not really convenient. That takes care of the JavaScript side of it, but even then if you're using a mobile device and your user agent is not spoofed, websites can still know. You can test it (among other things that contribute to one's fingerprint) on Device Info https://www.deviceinfo.me/ ("Device Pointing Method" section).
Some of the add-ons you mentioned, plus: -uBlock Origin -Ghostery -Privacy Badger -NoScript
I disable NoScript on some sites sometimes otherwise they don't work properly. Try different add-ons and compare/test what information your browser still leaks on Device Info https://www.deviceinfo.me/. When using NoScript for example it definitely disables all JavaScript.
Technically all websites are fingerprinting you to optimize the content for your device. Sometimes it can also be used to track or recognize your device. It's way harder to defend against it.
librewolf with the strictest settings has much better canvas fingerprinting prevention and also spoofs your cpu/gpu/monitor resolution/audio devices and such.
For anybody down voting this comment, take a look at https://www.deviceinfo.me/. Try spoofing your user agent to Chrome on Windows (or whatever you want) while using Firefox on Linux (or really, any browser on any OS) and see that it can detect your true OS and true browser core.
Tenhum, os sites com "https" já estão completamente encriptados, se quiser ter mais privacidade bloqueie anuncios, javascript e diminua os rastros que seu computador deixa.
Têm esse site que mostra as informações que os sites conseguem pegar da sua maquina.
A modern internet valóban szar, de a FF-nak már van egy ResistFingerPrinting projektje, ami javarészt counterelni tudja ezeket.
Szól is csomószor, ha nincs beállítva, hogy megenged-e, hogy xyz.com canvas datát szedjen ki a böngésződből. Illetve még egy jó megoldás, ha spoofolod.
A https://www.deviceinfo.me/ oldal elég jó teszt többek között erre.
>All incognito does is not hand personal identifier cookies and the like to the down stream systems UNLESS generated after this sessions first access.
to add onto this, it's still possible to (mostly) identify a device even with incognito mode turned on... from things most people don't understand like fonts installed on your device, to all the other various possible combinations that your browser sends to servers.
I have my doubts about the second, but what stops a site from (server-side) checking to see if another site is up ?
On the second, maybe a better example is https://www.deviceinfo.me/ More focused on what the browser reveals, than on what the route is.
In Firefox at least, probably not (incognito mode or not), as it blocks that attitude by default. But just try doing something in any tab (incognito or not) and go to the recommended test site: https://www.deviceinfo.me. It will show in detail what a site can technically know of you in any moment (which does not mean the sites will use, they are restrited by their privacy policies, but they are technically able to know).
That's how, after all, you received offers in one site ads in your computer or by mail of something you visited in you phone on another unrelated sites etc. The visible part of tracking is ads, for now (that's because so many just does not care about tracking, even when informed), but information is power and, potentially, control. ;)
1) yes 2) yes better but not the best (not using them is far better option and foss client is good enough option prefer native foss client as they don't have any tracking build in and they avoid as much as they can)
3) if you install mobile apps it's like completely bad if other invasive apps is in your phone both app will talk to each other they try to pull every single bit of you data as much as they can so basically it's nightmare.
WebApp is better in term of apps but still far from recommend in my thought WebApp can pull every single info about device and not easily but how much is available is still more then enough that you shouldn't be using it.
Native foss client is good for me knowing there limitations (they can't somehow magically protect me dm or post) but to see other people post and anonymous stuff it's pure 24k gold.
4) in normal case yes in other case if you hardened your browser it's can be blocked but it's again some what unique fingerprint. deviceinfo.me does a pretty good job in telling this.
5) device data not completely but to some extent like as much as they can check out deviceinfo.me for exactly what and how much
That's a big oof.
Reddit is far from anonymous. Unless you take appropriate steps, assume anything you post online can be traced back to you. You may be anonymous to other users, but Reddit itself (and by extension, law enforcement) can easily locate you.
to: u/bat-chriscat
Is Brave planning on removing the battery api from Brave in the future?
When I had used https://www.deviceinfo.me/ , it was able to figure out the battery status.
Also for some reason, it was able to determine the screensize even when I do not have the browser full-screened.
Your browser routinely sends some data to each web site you access, so the site might present a better web page to you. Data such as what browser and operating system you're using, and what language, what time-zone, etc.
The web page you get from a site could have Javascript code in it that interrogates your browser to find out more: is Canvas enabled, what is display size, is Flash enabled, etc. If you've enabled location services, it could get ZIP code or GPS coordinates.
Together, all of this can be used to distinguish you from other users, even if you never log in to the site.
See for example https://www.deviceinfo.me/
Your browser routinely sends some data to each web site you access, so the site might present a better web page to you. Data such as what browser and operating system you're using, and what language, what time-zone, etc.
The web page you get from a site could have Javascript code in it that interrogates your browser to find out more: is Canvas enabled, what is display size, is Flash enabled, etc. If you've enabled location services, it could get ZIP code or GPS coordinates.
Together, all of this can be used to distinguish you from other users, even if you never log in to the site.
See for example https://www.deviceinfo.me/
True public IP address, browser fingerprint, DNS, OS, etc. And you're gonna have a hard time masking your IP because of the posting ban on VPNs & Tor unless you sign up and pay for a 4chan Pass. In which case, given you're wanting to do that, you can use a prepaid Visa/Mastercard in an amount enough to pay for a year of it. Otherwise paying with a Credit/Debit card is a bad idea because then you're actually tying your real name to your account, which ties it to all your posts.
Some websites can tell when it's installed. I use https://www.deviceinfo.me as my main one-stop website for testing these things (for Ghostery it's under Content Filtering).
It might be taking your fingerprint from Canvas or Audiocontext settings, do you have those blocked? Test both on https://www.deviceinfo.me to make sure they are, if not then fix that, and then re-test your uniqueness.
On https://www.deviceinfo.me what browser version does it show that you have? If it's not the latest one then my best guess is that you have "privacy.resistFingerprinting = true" in about:config.
I compared with and without the fingerprinting setting enabled in Firefox on https://www.deviceinfo.me and it does mess up the system time, and time zone shows UTC+00:00 which is not my time zone.
There's extensions that can help sure, but Firefox already has a lot of settings available. For fingerprinting protection start with these about:config
:
privacy.resistFingerprinting
(true)
dom.webaudio.enabled
(false)
Then make sure your settings are active by testing with https://www.deviceinfo.me
These should block canvas fingerprinting, audiocontext fingerprinting, and other things.
https://www.deviceinfo.me shows all the possible browser fingerprinting information leaks. For MAC address though the only place where I've ever seen this shown is under "Hostname", and I believe that's up to the ISP of the connection you're on. However Tor or a good VPN would prevent that from showing.
Yes Firefox is one of the better ones, but by default they respond to WebGL, HTML Canvas, and AudioContext fingerprint requests. Go to deviceinfo to see the crazy amount of data your browser gives any requesting site.
Chrome is a privacy disaster, with exploiters making a sport out of patch-gapping.
There's already a lot less fingerprinting information when JavaScript is disabled, however some information does remain available. You can see everything on https://www.deviceinfo.me, use the tool with and without JavaScript. Tor does do a great job.
Yes. When you install it, by default it works in fake mode (spoofed), but you can also change the setting so that it's it works in block mode instead. I tested it on Device Info - https://www.deviceinfo.me under the Canvas section and both settings work great.
I don't usually rely on what my uniqueness score appears to be from one site to another because it's never the same, but I do change some browser settings to disable some of the information available.
For example in Firefox you can go to about:config and set fingerprinting resistance (privacy.resistFingerprinting) (it spoofs the user agent, among other things), and turn off audiocontext fingerprinting (dom.webaudio.enabled), webrtc (media.peerconnection.enabled).
You can check what your settings change on Device Info's website https://www.deviceinfo.me (test before and after changing settings).
There's many settings in about:config that can be changed, some of them can already do what some extensions do.
There's also other type of information that can be detected by websites and that can be used for browser fingerprinting. https://www.deviceinfo.me/ is a good proof of concept site.
It can slightly affect your privacy like using full screen mode in the sense that a website could guess your actual full browser/screen size, in this case your browser window width, since you're giving it your browser window height.
For fingerprint blocking extensions there's at least a few good ones available, but Firefox also has its own settings that you can modify to disable certain components, example:
"dom.webaudio.enabled" - Disable to block AudioContext fingerprinting
"privacy.resistFingerprinting" - Enable to block various components that can be used for browser fingerprinting, like Canvas.
You can test these on Device Info - https://www.deviceinfo.me, check "Browser window size", "Browser full screen mode", "AudioContext fingerprinting", "Canvas fingerprinting".
Canvas Blocker is not needed if you use privacy.resistFingerprinting:true
in about:config
.
Other useful settings:
To block AudioContext fingerprinting: dom.webaudio.enabled:false
To block WebRTC: media.peerconnection.enabled:false
Then compare your settings on https://www.deviceinfo.me
"privacy.resistFingerprinting
" also blocks other things, such as browser plugins, and displays different values for some things like your screen resolution.
They can always see the IP, and other things. Check https://www.deviceinfo.me to see what else. They can track by IP but IPs aren't always static, they can periodically change. So tracking by IP may not always be the best way to track sessions, at least not for long term. A VPN service is always handy, and a good one would allow to change your IP on demand.
Yes and much more. https://www.deviceinfo.me is a good place to see and test everything that websites can check. Recent versions of Firefox have an option called privacy.resistFingerprinting
in about:config
to resist fingerprinting, which also blocks websites from seeing what Plugins are installed, but I'm not sure about Extensions.
The problem really isn't detection of private mode or specifically targeting Firefox users as the title claims.
It's just that there are at least two sites (latimes.com and bloomberg.com) that rely on indexedDB functionality which is disabled in private mode.
OP's user script fakes indexedDB functionality, but it's specifically only allowed to operate on those two sites. To verify that it's working, try those sites, or edit the script to add https://www.deviceinfo.me/*
to the allowed sites and try there again, but specifically look at what it says about indexedDB functionality.
Private mode detection is irrelevant, despite the headline.
It's not working for me. I tested the userscript's effect on https://www.deviceinfo.me, using Firefox 69.0.3, and Greasemonkey 4.9. Does anyone know how to fix this? Or should I be using a different extension other than Greasemonkey?
On Firefox it was barely able to determine anything, and almost everything it did determine was wrong.
On Brave it determined everything correctly with all their privacy measures enabled (including disabling 3rd party cookies, history, mic, camera, turning on fingerprint protection etc). It even gave out my location even though I had vpn on (probably because it didn't mask system time).
So much for the "privacy-focused" browser.
Firefox doesn't need a lot of plugins though, I'd say start with about:config (especially setting privacy.resistFingerprinting
to true
), and go from there. You can test with sites like www.deviceinfo.me, some plugins are just not necessary after that (plugins for blocking canvas fingerprinting, hiding browser plugins, etc). The NoScript extension also works very well, but I disable it for some sites otherwise they don't work properly.
Thanks for your privacy guide. Another site similar to Panopticlick that I use for testing is https://www.deviceinfo.me/, it doesn't test the uniqueness but it does test a lot of different information that's accessible through browsers.
Thanks for your privacy guide. Another site similar to Panopticlick that I use for testing is https://www.deviceinfo.me/, it doesn't test the uniqueness but it does test a lot of different information that's accessible through browsers.
I've tested this addon a few times and it seems to work for the most part. I don't know anything about their privacy policy though. The one thing I noticed with user agent switcher addons/extensions though is that I can't seem to find one that properly changes the browser used, but they work fine when it comes to changing the operating system. I've been testing with https://www.deviceinfo.me where it shows the true browser core. Does anyone know of a good user agent changer addon that would mask/hide the browser core too?
Try switching the "about:config > privacy.resistFingerprinting" setting to true. I believe it should help. If you check on Device Info https://www.deviceinfo.me it changes a lot of the information, like browser version, blocks canvas fingerprinting...
There's a lot that can be used to identify us through web browsers, like browser name & version & core, graphics card name, CPU, browser plugins/sometimes extensions, assigned tab name, etc. Device Info at https://www.deviceinfo.me is another site you can check for a more complete list and proof of concept.
You can test it on Device Info @ https://www.deviceinfo.me, it shows us results where the "Fingerprinting Resistance" and "Canvas Fingerprinting" sections are (shows for allowed/blocked/spoofed).
"privacy.resistFingerprinting" specifically does a lot. If you compare with the setting set to "true" vs "false" on https://www.deviceinfo.me, it shows that it blocks (not spoof) canvas fingerprinting, blocks the graphics card name/driver, changes the browser version number, and more.
With default settings I find Tor to be more private. Unless you tweak Firefox a bit after a fresh install, it does allow websites to see a lot more information: https://www.deviceinfo.me
When using Firefox I always start with changing the "about:config" setting "privacy.resistFingerprinting" before adding any extensions, just to avoid installing unnecessary extensions that do the same thing, then test everything using Device Info https://www.deviceinfo.me/
Even with CPU architecture information omitted from the user agent, the browser still shows a lot of information to websites. Sites like https://www.deviceinfo.me prove that.
Also https://www.deviceinfo.me/. It detects/tests various fingerprinting resistance settings, also tells you if canvas fingerprinting is blocked/spoofed/allowed, and other things.
There's a section specific for testing canvas fingerprinting on Device Info @ https://www.deviceinfo.me/. Try with and without add-on, it tells you if canvas fingerprinting is allowed or blocked or spoofed.
Interesting. I'm not sure what setting would make a difference for this, but out of curiosity does it do the same thing if you check the "Device Pointing Method" on Device Info @ https://www.deviceinfo.me/ for each profile?
Interesting. I'm not sure what setting would make a difference for this, but out of curiosity does it do the same thing if you check the "Device Pointing Method" on Device Info @ https://www.deviceinfo.me/ for each profile ?
It does seem to be intentional and part of the "privacy.resistFingerprinting" feature. When set to "true" and testing it on Device Info @ https://www.deviceinfo.me/ it shows my that my screen resolution, browser window outer size, and browser window inner size, are all the same. It also tells me that both my screen resolution and browser window outer size specifically are spoofed.
I use it often it's a good browser. On their site it says:
"Iridium is a free, open, and libre browser modification of the Chromium code base, with privacy being enhanced in several key areas. Automatic transmission of partial queries, keywords, metrics to central services inhibited and only occurs with consent. In addition, all our builds are reproducible, and modifications are auditable, setting the project ahead of other secure browser providers."
You can also check what kind of information it can leak on Device Info.
If you use a good VPN it shoudn't leak your WAN and local IP addresses, it should only show the IPs of the VPN. I haven't tested many VPN services but you can check your IPs and WebRTC status on Device Info www.deviceinfo.me.
You could try Pale Moon, Iridium, or Brave. I still like to add a few extensions, and then compare what different information does or doesn't show on sites like www.deviceinfo.me
I think you may have a couple of redundant addons... try using one addon (or small combinations) at a time and test what information is still being leaked on a site like deviceinfo.me
https://www.deviceinfo.me still shows some information but it doesn't seem to load any JS when using the "Anonymous View". It also takes a bit longer to load for me (~ 4 more seconds).