bullshoy55
Member
- Joined
- Dec 18, 2023
- Messages
- 14
- Likes
- 2
Or you can just use iVPN like a normal person. It has a built-in AntiTracker mode and Firewall, plus IPv6 and WireGuard support for Quantum Resistance.
Sure, it's a cat and mouse game. There's always interested parties that are looking for ways to fingerprint your identity online. Browsers and browser extensions are fighting back against fingerprinting. You're saying that the browser and browser extensions are losing this war, and that could be the case. But that doesnt mean consumers (or browser vendors) should stop trying to fight against fingerprinting.If at least one of the fingerprinting methods identifies the user, then all those privacy settings become useless. And they are in fact useless, because the commercial solutions I use in my work, as well as the open source telemetry research projects, easily captures a specific browser user.
Shocked pikachu face.Your methodology is completely wrong, which just reinforces my impression that you don't know what you're doing.
Your message is conflicting. According to you, I have to look at "views count", which doesnt exist on CreepJS. You probably meant "visits count". Also, you probably meant if you visit the page again (after closing tab) and if the "visits count" increases past 1, then the browser loses against real world tracking.You're supposed to look at total views count, not browser trust score. Visit creepjs, wait for a couple of seconds, close and reopen your browser, visit again. If the number is <1 — congratulations, your browser loses against real world tracking![]()
Sure, but Brave's Safe Browsing doesnt report your website visits to Google, as per official documentation.Brave browser has Safe Browsing as well
Sure, but what operating system or browser doesn't track your telemetry?as well as telemetry enabled by default, which literally tracks your activity.
What libraries are you referring to?And, once again, Brave doesn't protect against real world tracking libraries.
Good idea. I will test for that.Have you tried adding noscript add ons for these tests?
NSA has entered the chat.Let em track me! I have nothing to hide!
Settings, "enhanced tracking protection", change from 'standard' to 'custom', then under 'cookies', change from 'isolate cross-site cookies' to 'all third-party cookies (may cause websites to break)'
I get same results as you on both versions of Firefox. Using an Android phone.What's concerning me right now is why Firefox for Android keeps failing the 3rd-party GRC's cookie test!?
That's after I changed the settings to ensure all 3rd-party cookies are blocked:
Here's my Firefox for Android version 120.1.1:
For comparison, here's Firefox Focus (where 3rd party cookie blocking works after you make the setting change):
Can anyone else confirm this?
I figured it out.I get same results as you on both versions of Firefox. Using an Android phone.
FP ID value is based on a multiple fingerprinting techniques. different FP ID doesn't necessarily mean that fingerprinting libraries can't track you down, since, if one metric jumps within a certain pattern/stays the same, a tracking algo will eventually figure it out. creep.js is the only good enough fingerprinting demonstration i could find.If you open CreepJS and the "FP ID" on top keeps changing to a different value with every visit, this means the CreepJS will report the "visits count" as 1, because CreepJS thinks it's a different visitor with every visit. That's how you know the browser is randomizing your fingerprint on this website, with every visit.
Yes. But there's no way to change chromium engine properties on-the-fly, hence why spawning new browser session, not closing tab, is necessary.Also, you probably meant if you visit the page again (after closing tab) and if the "visits count" increases past 1, then the browser loses against real world tracking.
How so? There used to be a trust score rating instead of the total views count, i swearYour message is conflicting
Tor Browser, Arkenfox.js, one nasty, close sourced Anti-detect browser for affiliate marketing purposes can pass the creep.js test as well as fool a real world tracking.I haven't published my results on this yet, but I'd like to know which browser you know that passes this CreepJS test. I await your results.
Cool. It used to proxy Safe Browsing requests.Sure, but Brave's Safe Browsing doesnt report your website visits to Google, as per official documentation.
Different flavours of *NIX, many browsers.Sure, but what operating system or browser doesn't track your telemetry?
You're saying this like it's unique to Brave or something.
Everybody on the internet is tracking your telemetry.
Unfortunaely, no. I have to plug the "trust me bro" assertion on that.Are these libraries publicly available?
All i'm saying is that Tor Browser is the only consumer-friendly option that really protects your privacy. Everything else gives users a false feeling of privacy, and, essentially, is a privacy theatre. Simply disabling 3rd party cookies and turning Firefox Enhanced Tracking protection won't harden your browser at all.You're saying that the browser and browser extensions are losing this war, and that could be the case. But that doesnt mean consumers (or browser vendors) should stop trying to fight against fingerprinting.
For years, I used to use NoScript for both Chrome/Firefox, where I was blocking javascript.I tend to think the only way to truly block tracking from the people you'd care about (Google, Amazon, Facebook, Apple) inside a normal browser, is to block all Javascript and cookies. This breaks many websites, so you'd probably have to use several browsers to achieve something approaching this. Some browsers you'd use with scripts/cookies disabled, others with these things enabled (where you need to login to a website), essentially various browsers for various activities. It becomes messy/difficult to sustain quickly.
The problem is that cookies aren't the only things doing tracking. People clear cookies all the time and yet are still tracked, so javascript browser identification is what is being used. Without blocking javascript, how do you get around that? I'm not sure you can, which bring us back to this:Then I just blocked 3rd-party cookies for as long as I can remember. Which made all website work again, and stopped me from fiddling with each website's javascript.
Javascript blocking is really not a user-friendly approach.
My point about "it makes you stand out more" was that some of the things that supposedly increase user privacy by making tracking impossible actually make it easier for tracking libraries, because when you don't harden your entire browser (as Tor Browser does), such tracking only narrows the circle of suspected devices, since fewer people have certain features enabled. An already classic example of this reverse effect in action would be uBlock regional lists. if you were to enable it, the tracking libraries will immediately realize that you are using it, which would enable them to narrow the pool of similar fingerprints.
Which why this response to my question was informative, but discouraging. It means most of the web is constructed so you cannot use it without being tracked. Using Tor browser or noscript with a browser breaks so many things it is near useless.The problem is that cookies aren't the only things doing tracking. People clear cookies all the time and yet are still tracked, so javascript browser identification is what is being used. Without blocking javascript, how do you get around that? I'm not sure you can, which bring us back to this:
Some of the browsers you've mentioned are literally spyware. Not to mention they export browser profiles to their servers.To get around this, try using some kind of anti-detection browser.
After some quick browser testing, using Little Snitch (host-based traffic analyzer) for MacOS, along with a basic DNS ad-list, I don't trust or recommend this "Arc" browser.What a fantastic piece of work, thank you so much for taking the time!! If you get a chance, check out Arc Browser (https://arc.net/) I ran it through a few of the tests you posted and it did pretty well.
api.segment.io
(which is data analytics platform hosted on segment.com). That's just me opening the browser and not visiting any websites, so it's running in the background. That's about 2 DNS entries for every minute that it's running. While you can block this easily with DNS, I don't see any reason to recommend this browser, knowing they do this at this frequency.