Fingerprinting thread

Fingerprinting thread.
Previous thread: browserprint.info/
panopticlick.eff.org/
browserleaks.com/

Google releases limited hangout of how much they know about you:
news.slashdot.org/story/16/06/29/2038257/googles-my-activity-reveals-how-much-it-knows-about-you
>Oh, they're just remembering what YouTube videos I watched, nothing creepy about that, I already knew they were doing it!
>I guess all those people who fear tracking really are just conspiracy theorists!

ReCAPTCHA probably contains fingerprinting code:
archive.is/9K5gs
This means that the majority of Sup Forums users could be being fingerprinted, and Google might know about your shitposting habits.
To fix this you can get a pass (which allows you to be tracked by Sup Forums in a different way), or run Sup Forums with the no JavaScript CAPTCHA (use Sup Forums X to make Sup Forums without JS bearable).

Daily reminder to do all your Facebook / Youtube / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
It's currently the ONLY way to truly defend against fingerprint tracking.
Double points if you have each browser running in a different VM with a different OS.
Triple points if you have each browser's VM configured with a different VPN.
The Tor Browser Bundle is still susceptible to many fingerprinting attacks that can uncover your true OS and browser.
Spoofing your user-agent is counterproductive unless you use a different user-agent for every site, even if you rotate them every x HTTP requests.

In previous threads it was suggested we could create an extension that overrides JS functions and salts their output with a bit of randomness.
Something like this is discussed in the paper: PriVaricator: Deceiving Fingerprinters with Little White Lies
research.microsoft.com/en-us/um/people/livshits/papers/pdf/www15.pdf

Other suggestions are that we could create a system that rolls a fingerprint for each website.

interdasting

I'm unique on Panopticlick because I allow JS on the (spoofed) referrer domain. Most of the hostnames who use this tracking will be affiliated with ad networks = blocked at the system level.

The worrying thing is Google and Facebook (via WhatsApp) because they actually provide necessary services.

Anyone know about setting up custom DNS on Android, besides SSH tunnelling?

>custom DNS on Android
What are you trying to achieve?

This should be a sticky. It's a big damn deal.

What is fingerprinting and why should I care

But user, I ticked the "do not track" box in Chrome. I'm fine

It's the latest way of tracking you across the interwebs.
You should care because you probably don't want Google knowing about what sites you visit and what you do on those sites.
They already give this information to advertisers and law enforcement, so it's not that far of a stretch for them to sell it as a sort of background check for potential employers and the like.
It's quite possible in the future you won't be able to get a job if you visit controversial sites such as Sup Forums

>way of tracking
this is the most vague explanation of anything ever

Who doesn't know that google gathers information about its users, fingerprinting or not

They're tracking you far more than on their own sites.
They're tracking you everywhere that has Google analytics installed or ReCAPTCHA captchas.
Probably more places too.

Fingerprinting is concerning because unlike cookie based tracking which is easy to defeat, just disable cookies, there is currently no particularly good solution to defeat fingerprinting.
You can go completely scriptless, which breaks most of the Internet.
You can use multiple browsers for different things, but this is troublesome, requires discipline, and only partitions your tracking into multiple sets of sites you're tracked across instead of defeating tracking completely.
You can use the Tor Browser Bundle, but it can't defend against the most cutting edge attacks and attacks that are hard to patch.

But I along with millions of others use chrome, why do they bother with fingerprinting and recaptchas

If turning off scripts breaks a website, it does not have content worth consuming.

So they can build a profile on you that they can then sell and use to advertise to you.
We're spiraling into a future where people will be able to learn everything about you, down to your anonymous shitposting habits or your cringey gaia posts from when you were 11, for a price.
You will be unable to hold any kind of controversial or unpopular opinion for fear of being named, shamed, and cyberlynched by SJWs

>So they can build a profile on you that they can then sell and use to advertise to you.
why can't they do this with Chrome and the google account I log into chrome with

If you log in to Chrome, or use Chrome as your main browser, you probably don't give a shit about being tracked.
You have embraced the botnet

you still didn't answer how the actual fingerprinting process is done though

you're a terrible spoonfeeder, I'll look it up myself thank you

They collect data about your setup based on stuff your browser sends to them (such as your user-agent string) and stuff detected using JavaScript.
There's tons of different pieces of information that can be gathered.
For instance they can detect if you're using Linux/Windows/MacOS by looking at the results of a JS math function, different OSes use different math libraries so the results differ slightly.
Or they can look at the list of fonts you have installed.
Or they can generate an image using JavaScript and that image will be unique (or close to) because different combinations of hardware and software produce slightly different images.
Put all that stuff together and they've got a uniquely identifiable fingerprint that they can use to track you.

...

excuse my blogposting.

anyone else feel like a disillusioned guerrilla fighter?

sure i can, and do, self-host my shit, install loonix, and avoid proprietary garbage but for what end?

I don't know why I feel like this, it's not like I want to start facebooking and snapshotting, but it just feels I expend all this effort for naught.

anyway, first time I've gone in these threads, just felt like typing this shit out as someone who does most of his online interactions on chans and thus I don't have many people to talk about this to.

Yeah sometimes I feel like that.
I wonder if giving in to the botnet is really that bad.
But then I remember that I'd be deeply embarrassed and ashamed if everything I did online was public knowledge, and I remember how much I like being anonymous.
We're fighting for a better world.
We might not win, but we're still making a difference.
Someone has to resist, otherwise things would be much worse.
I don't want the future world to be one where privacy is forgotten.

>Your browser fingerprint appears to be unique among the 138,927 tested so far.
what is 138,927, compared to 3,424,971,237 internet users in 2016 so far?

Getting every internet connected device in the world to visit the same website would be difficult, unless you're Google

Terrifying.

I miss Paul who is a Ghost.

This should justify removing captcha if the point of Sup Forums was still to remain anonymous.

Dont be so paranoid goy, if you're not doing anything ilegal theres nothing to worry about.

>tfw using the least botnet captcha possible

This is a way with no existing technical way to avoid. There are no cookies to delete.

>It's quite possible in the future you won't be able to get a job if you visit controversial sites such as Sup Forums
Or even because of what you post here. Because of recaptcha, google knows which posts are yours, and does text analysis when sorting your profile into demographics. And now that they do fingerprinting to, you can't prevent them from knowing to add your posts to the profile for whatever accounts you have with them, or that for visitors to sites that use their ubiquitous analytics service.

>to advertise to you
You're underselling that point. Ad targeting algorithms are reaching the point of being automatic seduction. People (you) don't appreciate how easily they (you) are manipulated by technology, or how malicious the intent of your manipulators ultimately is. Lets say for example, 2 years from now you're feeling down because of some terrible event in your life, which you will have expressed somewhere online. Doesn't matter where. Could be Sup Forums, since google can link people to posts. You'll be shopping for groceries, and go to check the price for something or your twitter or whatever. All the ads will be about your life. The coke will have her name. There will be more alcohol, subtly interspersed with shapes that exploit your unique sexual preferences. Some of the ads will be nostalgic, flooding your mind with memories of better days and products you already associate with them, unique to experiences shared by your micro demographic. This is something about yourself no human technically knows, not even you, since it will be automatically derived from your behavior, but it's still a weakness you have that someTHING knows and will exploit. All this information will be planted in your mind in a quick wash of colors and shapes you won't really register, because your attention is occupied. But you'll walk out of the store with 3x as much stuff as you intended, because you want to feel better, and fucking motherbrain knows how you're feeling and where you are. This or something like it will eventually happen to you every week. These things will always play their best hand to make you buy more, and the house always wins in the end. We are giving up our free will by degrees by allowing ourselves to be tracked and datamined to train these AIs to manipulate us, and making faceless people rich from it. And now we can't stop it. Fingerprinting exploits require rewriting browser features to break standards to fix. We are fucked. This is fuck world.

I don't save cookies on my computer so I'm probably good? But it's more tricky on my phone. I don't even know how to clear my cookies on Firefox on Android without clearing all data which would also erase my bookmarks

>They collect data about your setup based on stuff your browser sends to them (such as your user-agent string) and stuff detected using JavaScript.
And other HTTP header info, facts about how your browser responds to certain kinds of CSS, TCP headers and timing, and even the order resources are requested from their servers in. It's a complex problem with many parts that probably cannot be solved with one piece of software, or even existing software at all.

You're not anonymous on Sup Forums to google. Their AI knows you by what you post as much as your searches and what other sites you go to.

This is a toy fingerprint implementation for demonstration purposes. It uses approaches that are easy to explain in a simple way, and it's database is exclusively people who visit it wanting to know about fingerprinting. Papers on the subject have had success tracking users across changes in their fingerprint using higher order logic and heuristics.

Sup Forums gets flooded with spam without some kind of captcha, but rolling your own is a technically difficult problem given the financial incentive to spam Sup Forums. A better method might actually be for Sup Forums itself to do strong fingerprinting, for a while anyway. Then at least fewer companies (and NOT GOOGLE) would know who posts what, and suddenly there would be lots of people motivated to defeat fingerprinting, since b& evasion would no longer be possible.

>I don't save cookies on my computer so I'm probably good?
Not remotely. That actually makes it worse.