Shared networks, tracking and fingerprinting
-
@chas4 The DNT setting does not really work - most sites don't follow suit.
Other than that: Cookies can be set to "session only" and if you then click on the security badge and then on the the left arrow to go to the common settings, you can set up white- and blacklists for local data. My whitelist is quite short, so I loose all tracking cookies as soon as I restart the browser (which happens some several times per day).Other than that - whom do they track when they see something like this?
This guy seems to use different OS's and different browsers every time, some of them don't even support JS or WebGL, can change his IP on the whim (Which is IMHO the only advantage of having a dynamic IP - others might need a masking proxy aka "VPN" to do that) and sometimes changes stuff like his geolocation etc. pp.
Fun aside:
No I don't do that on a regular base, but as you can see it was all done all with the same browser, even a clean install (yes, I forgot to switch the language, was only meant as quick QED) and on the same OS. So, if we really need to pretend to be someone else, we can do it - but usually it is sufficient to just kill all that tracking **** they store in Cookies, Web Databases, Local Storage etc and maybe occasional light script blocking to throw them off a bit. -
Apropos of privacy. You know what would be great? If you could add a password to the stack cards.
-
@fang What are the stack cards?
-
@ayespy: I mean this: https://help.vivaldi.com/article/tab-stacks/ (I apologize for the bad description)
I call the stack "Work" or something similar. I set the password and no one can see what cards are inside. -
@fang I see. In English, that would be a tab stack. You can make a Feature Request.
-
Great article!! Well written and presented.
Looking forward to the rest of the series. -
@luetage: Another is: https://panopticlick.eff.org/
EFF also have many other resources for users interested in Privacy/Security. -
@lonm: My last Panopticlick.eff.org test with Vivaldi:
How well are you protected against non-consensual Web tracking? After analyzing your browser and add-ons, the answer is ...
Yes! You have strong protection against Web tracking, though your software isn’t checking for Do Not Track policies.
Help us defend the Web against tracking:Test Result
Is your browser blocking tracking ads? ✓ yes
Is your browser blocking invisible trackers? ✓ yes
Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist? ✓ yes
Does your browser unblock 3rd parties that promise to honor Do Not Track? ✗ no
Does your browser protect from fingerprinting? loading...The fingerprinting did not finish or failed. Or perhaps I did not give it enough time.
Also I find DNT rather useless as it is neither adhered to by most sites nor is it enforced in any way. -
@greybeard DNT is completely useless. I haven't heard of one single site which respects this setting. Google introduced it and doesn't care about it either afaik. If anything it gives another indicator for fingerprinting
-
I still see a way to go from here. Mozilla removed the battery API because of fingerprinting. It has other disadvantages. I.e. Uber uses the battery API (of android) to raise the price when you're low on battery.
Regarding the user agent ... my current one is: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.183 Safari/537.36 Vivaldi/1.96.1147.19
This has the exact Webkit Version chrome is emulating, the exact chromium version to the minor-patchlevel and the vivaldi version to the minor patchlevel. Furthermore it includes my platform and processor architecture and even the window system.
Does a site need to know if I use X11 or wayland? Does it need to know my architecture? Or the OS? Why is the Vivaldi-Version not truncated to major and minor and the chrome version can even be truncated to major alone. Safari could be dropped from the user agent, as it is a legacy part from where chrome were mostly unknown anyway.
I think user agent sniffing is long dead, HTML and Javascript is progressing to fast to make it feasible to use the user agent as criterion. a simple "Vivaldi" would be enough. Or completely dropping the header, if you want to be bold.
-
-