Fingerprinting thread go

Fingerprinting thread go
browserprint.info/
panopticlick.eff.org/

Some kind user in the last threads posted a link to a story that indicates Google is injecting fingerprint code into their CAPTCHAs.
That means you can't post on Sup Forums without being fingerprinted.
This means it's not paranoid to think Google knows about your shitposting habits.
archive.is/9K5gs

Daily reminder to do all your Google / Facebook / LinkedIn / botnet shit in a completely separate browser to your shitposting.
It's currently the ONLY way to truly defend against fingerprint tracking.
The Tor Browser Bundle is still susceptible to many fingerprinting attacks that can uncover your true OS and browser.
Spoofing your user-agent is counterproductive unless you use a different user-agent for every site, even if you rotate them every x HTTP requests.

Other urls found in this thread:

pastebin.com/eV8k25r2
browserleaks.com/
twitter.com/SFWRedditGifs

I wish I could develop fingerprinting methods and then patent them so nobody can use them.
Shit is expensive though.

>flash
>javascript

why bother using a seperate browser if you are still going to be retarded

This should justify getting rid of google's captcha service, unless Sup Forums was a honeypot

You may not realise this but JavaScript is required for most sites these days, including Sup Forums.
And the reason flash isn't disabled in that fingerprint is because it's an old version of opera with no extensions, from before browsers disabled flash until explicitly enabled.
It's not my main browser, it's my 4th.
I enjoy /f/

>not using legacy captcha
Fagggggot

Good thing cripplechan axed Google captcha

if ever people used fingerprinting for bans, this will kill ban evaders.

With exception of virtual machines and browser that allow spoofing of information like CPU/GPU/HD/Fonts/etc. There is no such addon/extension available right now.

>injecting fingerprint code
ReCaptcha queries google servers to provide the authentication service. Their business model is to analyze all the traffic from their free services to gain profiles on groups and individuals based on what they do and believe and resell or exploit this information for targeted advertising or other market research. ReCaptcha on Sup Forums means they can correlate your post numbers (and thus contents) with your IPs and any other tracking they've managed to do on your machines and applications, like your browser. So google already knows and analyses the contents of your posts and associates them with who they think you are and your demographic(s) is/are. They do not need fingerprinting to do this. ReCaptcha does not work if their servers are not queried, even with Sup Forums Pass (you can verify this by monitoring the network activity of a post using the pass). There is currently no way to post on Sup Forums without being tracked and profiled.

Even the best methods are too prone to false positives. The current method of clearing all localstorage/cookies and changing IPs in an extremely generic browser like vanilla chrome appears identical to a new user showing up using vanilla chrome.

Yeah, thats why you use multiple sources and check a likely percentage. If done correctly, the likely hood of false positive decreases.

>done correctly
You have no idea what you're talking about.

God damn, my list of system fonts made me unique.

Who even has access to this info?

What info?

Is my browser being unique bad? Isn't the goal to make it seem as common as possible to blend in?

Like all this info from your browser and stuff. Who would even see it and what would they use it for. How would it identify me specifically?

>what would they use it for

To attack you in your sleep

Yeah, the more unique your browser is, the more it narrows down the possibilities of who you are on the fingerprint.

>ReCaptcha does not work if their servers are not queried

Doesn't that mean that pass owners are immune?

They'd use it to build a profile on you so they can sell you things, sell your information to people who would be interested in buying it, and to share with the government.

no, not really. my fingerprinting code has about 80 bits of real world entropy.

What fingerprinting code?
And how do you calculate that?

pastebin.com/eV8k25r2

Going to make a fingerprinting site or sell it to Google?

Are there really people who think that posting (or hell, even browsing) Sup Forums in your primary browser is a good idea? I've had it cordoned off in its own browser for years now

>javascript disabled
>only thing they can get is my http header and UA
>still this much identifying info
i don't really understand how but okay

No, a Sup Forums Pass doesn't exempt you from it. It still confirms the pass token with google servers with every post because that's how all captchas work, which puts your IP and a post number in google's logs. If you use any other website from the same browser or IP that knows your name (e.g. due to you being logged in) or uses any google service (like analytics, recaptcha, maps, etc), then google knows who you are and everything you post on Sup Forums. Someday, someone's gonna buy this information from them with tor purpose of identifying what a candidate for high political office has been doing online and find out they post shit from their secret flash drive in shota threads on Sup Forums or something. I really hope it happens sooner rather than later, so people get as scared about online privacy violations by AI as they should be.

That relies on local storage. B& evading requires clearing local storage. My point stands.

I'm a special snowflake, my fingerprint is unique on both sites.

WHY IS that a bad thing?

Google can still track you faggot

Best post on Sup Forums today.

first off (with the code i gave), the fingerprint is predictable... meaning clearing local storage doesnt do anything unless you change something about your browser. next time you generate the same exact fingerprint.

>moving on, and refering to the current state of my project...
theres a server side component as well.a lot of steps would have to be done all at once. clearing all local storage would be one thing, but changing your ip, screen, things about your browser, and potentially even removing stuff on devices that also frequent the website would all have to be done, all at the same time.

the code i gave you is like a year old... the client code doesnt ship back the md5 hash, it ships back each componant, and i try to cluster different metrics into single identities. if you have multiple devices on a single ip, i can use content types you look at to try and figure out that its really you on a computer and a cell phone, and not your parents. i can track what school you go to, what places you

metadata collection is very powerful. way more powerful then what most people realize.

i threw together a demo that i would frequent (set as a home page on my phone), as well as injected js into websites. within a few days, i had a map of related things to my day to day life. arround lunch time i saw that indian food was popular, as well as burgers (i normally eat at a burger palce, or go to an indian resturaunt / bar combo). computer parts were trending, especiall e5's since i was looking into a new server. heat maps of my movement... it was scary. and that was 90% from injected js, not even the server side stuff. oh, and i had my phone clearing local storage daily.... i was even in private browsing and it would get a link.

Without scripting

Within our dataset of 1405 visitors, your fingerprint has appeared 2 times.

One in 702 browsers have the same fingerprint as yours.

With scripting

Your browser fingerprint appears to be unique among the 1,406 tested so far.

As a linux user running no script I'm fairly certain I stick out like a sore thumb to anyone watching. As long as Google only wants money and ad serving they'll just be creepy. If they go forth with their world domination plans we are all doomed.

how do they actually get my fingerprint scanned without any optical scanning tool? i dont even have a cam in my room

I feel so naked. Do any browser extensions stop your thing cold?

Wait... what?
You created some fingerprinting code and then used it to track yourself?

I mean...if you install an extention, I can just track you better off that, or lump you into a group of people who have it installed and be extra evil / make whatever website your trying to use unusable (but, in all reality it would still be

You could try to fork the browser and randomize stuff. (font order, add fake non existing fonts and add-ons. Off by 1 the screen rez)

I don't think any big tech company is running something like I have. At least currently. I know some are working on it though.

Yes user, one has to debug and develop code somehow.

How well does it work on Tor Browser?

You left out this one OP, it goes more into exactly what can be seen to fingerprint you from:
browserleaks.com/