SchemeFlood. Sigh.
-
@guigirl What are you talking about?
-
yes! you get a passion filled night with the mod. of your choice!
-
I was just about to post these links as well! I found it interesting that Vivaldi was the only browser that protected me from these scheme floodings. Skype was the only app on my setup that was able to be identified through Vivaldi where Chrome for example showed many more.
Anyone with insight in what makes Skype show up here but not other apps? Must be a privacy configuration Vivaldi team has worked on under the hood somewhere.
-
I also realised just now perhaps I misread my result. It says my identifier was "95.84% unique" which I suppose means they can quite surely Identify me even in Vivaldi.
Anyway would be interesting to hear if Vivaldi team has any thoughs on this.
-
I'm thinking if Vivaldi prides it self being the browser to protect your integrity it should at least have someone looking into this. Perhaps they already are. But until someone with actual insight says anything it's just speculations.
And for now I'm sure the uBO plugin is a good complement.
-
My ID was 1 - the only program they looked for that I had was Skype (and only because it came with this version of Windows).
The test fails in Opera/Blink. They did determine I had Skype, but the test failed to complete as the main window did not keep focus.
As with any other fingerprinting, the best result is if your ID matches the greatest number of other people. In that sense, my result may be better than @guigirl as it indicates a standard Windows computer.
-
In our research into anti-fraud techniques, we have discovered a vulnerability that allows websites to identify users reliably across different desktop browsers and link their identities together.
BS.
Tested in a new fresh Vivaldi profile, showed I had Skype installed.
Tested in Firefox, showed I had Steam installed.
Tested in Chromium, showed I had Spotify, Skype, Zoom, vscode installed.Now how is my identity linked reliably together lol.
Of all these I had only Steam installed, so ironically, only Firefox "got it right".
-
"We have generated your identifier based on 0 applications you have installed." in the first link
4 attempts in the second with 4 different results
Nothing to sniff here -
@guigirl just positive PR for a fingerprinting company.
-
Tor users, beware: 'Scheme flooding' technique may be used to deanonymize you
https://www.theregister.com/2021/05/14/browser_fingerprinting_flaw/βScheme Floodingβ Allows Websites to Track Users Across Browsers
https://threatpost.com/scheme-flooding-website-tracking/166185/ -
@dr-flay , what about of CNAME cloaking? it's the most used for tracking users
-
@dr-flay In Vivaldi using Tor:
There were a lot of requests like "Open xdg-open? A website wants to open the application," all of which I cancelled. It said I have WhatsApp installed, which is not true. But, it doesn't even matter because if a website started trying to open applications when it wasn't supposed to I would leave the site. At the end, I got a special surprise: they tried to fingerprint me using FingerprintJS.In Tor browser, it had no such warnings and worked as it was supposed to, so the Tor browser is more vulnerable on this one. It did correctly guess that I have zoom, but the first time it ran, it also guessed 14 other random applications.
I'm not too worried about this one, they are probably disclosing it because it wouldn't be so good to use it themselves.
-
@code3 , CNAME cloaking is worse and the most used and more difficult to block in the browser (only on DNS level, for this I use Quad9 and DNScrypt).
It's an arms race on the net, between big companies that do everything to track down the user and developers who create protections against this
Ad and tracker blocers are going to be obsolete soon.
They're getting worse and worse these days. -
@catweazle I dont really understand, aren't these cloaked domains separated from other sites?
-
@code3 , no, since most users use an ad and trackerblocker, there are more and more pages, supported by Google and others, to use all kinds of dirty tricks to override them, CNAME cloaking and that Scheme Flooding are two of these techniques that is increasingly used, thus making the current blockers obsolete, leaving the user only the illusion of being protected.
I said another time, monopolies invariably lead to abuse.
And be prepared, Google and Facebook have their Quantum Computers ready soon.