Shared networks, tracking and fingerprinting
-
In our series on privacy and security, we look at tracking and how shared access to computers or networks affects your privacy. We also show you common mistakes to avoid if you want to start taking control of your privacy.
Click here to see the full blog post
-
Therefore for best privacy on desktops use Google Chrome stable on Windows 10, don't change a setting or install an extension and regularly delete cookies manually.
-
@luetage I guess it all depends on whether you want to be:
- A tree amongst a forest where it's difficult to pinpoint you (but if someone does, they can spray paint on you - you then need to wash it off)
- OR a tree all alone in the middle of nowhere (but if you get found once, then people know where to look next time).
-
@lonm The point is if you are using Vivaldi you are already in a tundra-like environment, with tress being miles and miles apart before you even make any change to the browser settings or add extensions. I regularly do fingerprint checking and in my case the result has always been unique, even when using Opera or Firefox back in the day.
-
@luetage I'm signed up right now to https://browser-fingerprint.cs.fau.de/ whereby I contribute all my browser fingerprints weekly to their data set. I'm not sure what they'll be able to do with it (and I very much hope they don't abuse it), but it will be interesting to see what research comes out of it.
When using V I've always been unique. Only when using FF do I occasionally become lost amongst the crowd.
-
@lonm The problem with all the fingerprint sites is that they aren't popular, they can only check the prints of people who visit and these are all specialists, who don't represent the average internet user. For quick info without signup and a rundown of the information obtained this site is decent: https://browserprint.info/test
-
@luetage said:
The problem with all the fingerprint sites is that they aren't popular, they can only check the prints of people who visit and these are all specialists, who don't represent the average internet user.
Well put
As a result, they make everyone who tests look more unique, and more at risk. And that's not an accurate picture. It adds an unintended bias to the data, because of the small selection of people that are likely to test, and the number of things those people will have changed.
Fingerprinting sites are also limited (in the other direction) by how poorly they cover all of the hundreds of things that might be possible to test.
just because they give you a "not unique" score with certain browsers doesn't mean that you are not unique - it just means that they are not testing enough data points.A truly determined person could use more data points.
But in reality, a fingerprint testing site often persuades people only to be more worried about something that they cannot really control, and don't really need to be so worried about. It is interesting that it is possible, but not something that should dictate how you use your browser, or what settings you should use.
-
How well has DNT worked for privacy? I know when I visit a site in the EU as I see the 'this site uses cookies' (I find it strange as cookies have been in use for over 20 years). Some sites might not work right if 3rd party cookies are blocked.
Flash Player has its own cookies & local storage. -
@chas4 The DNT setting does not really work - most sites don't follow suit.
Other than that: Cookies can be set to "session only" and if you then click on the security badge and then on the the left arrow to go to the common settings, you can set up white- and blacklists for local data. My whitelist is quite short, so I loose all tracking cookies as soon as I restart the browser (which happens some several times per day).Other than that - whom do they track when they see something like this?
This guy seems to use different OS's and different browsers every time, some of them don't even support JS or WebGL, can change his IP on the whim (Which is IMHO the only advantage of having a dynamic IP - others might need a masking proxy aka "VPN" to do that) and sometimes changes stuff like his geolocation etc. pp.
Fun aside:
No I don't do that on a regular base, but as you can see it was all done all with the same browser, even a clean install (yes, I forgot to switch the language, was only meant as quick QED) and on the same OS. So, if we really need to pretend to be someone else, we can do it - but usually it is sufficient to just kill all that tracking **** they store in Cookies, Web Databases, Local Storage etc and maybe occasional light script blocking to throw them off a bit. -
Apropos of privacy. You know what would be great? If you could add a password to the stack cards.
-
@fang What are the stack cards?
-
@ayespy: I mean this: https://help.vivaldi.com/article/tab-stacks/ (I apologize for the bad description)
I call the stack "Work" or something similar. I set the password and no one can see what cards are inside. -
@fang I see. In English, that would be a tab stack. You can make a Feature Request.
-
Great article!! Well written and presented.
Looking forward to the rest of the series. -
@luetage: Another is: https://panopticlick.eff.org/
EFF also have many other resources for users interested in Privacy/Security. -
@lonm: My last Panopticlick.eff.org test with Vivaldi:
How well are you protected against non-consensual Web tracking? After analyzing your browser and add-ons, the answer is ...
Yes! You have strong protection against Web tracking, though your software isnβt checking for Do Not Track policies.
Help us defend the Web against tracking:Test Result
Is your browser blocking tracking ads? β yes
Is your browser blocking invisible trackers? β yes
Does your blocker stop trackers that are included in the so-called βacceptable adsβ whitelist? β yes
Does your browser unblock 3rd parties that promise to honor Do Not Track? β no
Does your browser protect from fingerprinting? loading...The fingerprinting did not finish or failed. Or perhaps I did not give it enough time.
Also I find DNT rather useless as it is neither adhered to by most sites nor is it enforced in any way. -
@greybeard DNT is completely useless. I haven't heard of one single site which respects this setting. Google introduced it and doesn't care about it either afaik. If anything it gives another indicator for fingerprinting
-
I still see a way to go from here. Mozilla removed the battery API because of fingerprinting. It has other disadvantages. I.e. Uber uses the battery API (of android) to raise the price when you're low on battery.
Regarding the user agent ... my current one is: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.183 Safari/537.36 Vivaldi/1.96.1147.19
This has the exact Webkit Version chrome is emulating, the exact chromium version to the minor-patchlevel and the vivaldi version to the minor patchlevel. Furthermore it includes my platform and processor architecture and even the window system.
Does a site need to know if I use X11 or wayland? Does it need to know my architecture? Or the OS? Why is the Vivaldi-Version not truncated to major and minor and the chrome version can even be truncated to major alone. Safari could be dropped from the user agent, as it is a legacy part from where chrome were mostly unknown anyway.
I think user agent sniffing is long dead, HTML and Javascript is progressing to fast to make it feasible to use the user agent as criterion. a simple "Vivaldi" would be enough. Or completely dropping the header, if you want to be bold.
-
-