Fingerprinting thread

So google can still track my shitposts if I used overchan or clover?

Do you have Gapps installed?

I'd assume that's the case. Problem is loadletter's fork is the only one that works for my browser

No. I haven't removed that yet.

Potentially.
Check if your app has a force-no-JS-CAPTCHA option

I don't think overchan has that option because I would have seen it by now.

If you haven't removed Gapps then Google is collecting basically everything you do on your phone, including your call info and your texts.

>Sup Forums-x.net/
That site and ccd0.github.io/Sup Forums-x/ are the exact same site made by the same person, right?

Yes. The script was moved to Sup Forums-x.net so that updates still work if Github ever decides they don't want it there.

Opera 12?

Yup

What if I get new ISP and a new computer every time I want to google something?

>retrieving your browser info is 'new technology'
god you people are so fucking retarded

That might work.
Until you log in to a website.

Well fuck. were all screwed. fuck this Im moving to sweden.

Oh look, newbabby just discovered a """new""" type of supercookie! Congrats! Are you impressed with yourself now?

>it's being done right now by companies like Google.
You can't make a claim without showing proof.

It's not the collection of information, it's the use of information to track you across websites.

>Google releases limited hangout of how much they know about you:
>news.slashdot.org/story/16/06/29/2038257/googles-my-activity-reveals-how-much-it-knows-about-you
>>Oh, they're just remembering what YouTube videos I watched, nothing creepy about that, I already knew they were doing it!
>>I guess all those people who fear tracking really are just conspiracy theorists!

I do all my creepy shit on a secure laptop via the neighbors wifi. The local cable company sets the default password as the users phone number, so it's just a matter of bruteforcing a 10 digit number.

I do wonder what kind of information is stored about me. I used google for years before I paid any attention to privacy.

If you delete your account, they claim all data is "anonymized" within 18 months. I wonder if that's true, and how anonymous it really is..

>You can't make a claim without showing proof.
Ok. Easy.

yro.slashdot.org/story/16/05/19/232216/google-is-a-serial-tracker
>shows that Google, through multiple domains, is tracking users on around 80 percent of all Top 1 Million domains.
>Additionally, besides tracking scripts, HTML5 canvas fingerprinting and WebRTC local IP discover, researchers discovered a new user fingerprinting technique that uses the AudioContext API.
I've read the paper and that summary is accurate.

Using your neighbor's wifi won't help against these techniques, IP address is generally ignored since it's not consistent for most people.

Even if they anonymise the data after 18 months it's still stored in back up and such.

Where does it say specifically that google uses it? Oh right it doesn't.

>Daily reminder to do all your Facebook / Youtube / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit.
>It's currently the ONLY way to truly defend against fingerprint tracking.

Do you have a better solution?
AFAIK there are no extensions out that spoof your fingerprint, except for user-agent, and even if there was those could be defeated by just inventing new fingerprinting attacks.
The Tor Browser Bundle provides some protection against fingerprinting but is still susceptible to AudioContext API fingerprinting and fingerprinting that detects your underlying OS and browser / browser version.
You can go full no JavaScript, but that'll break most of the internet.

Ever heard of a fucking adblocker you fucking imbecile?

I see you've been making them the entire day with no more than ~40 replies. Time to fuck off and go yap this shit to someone who actually cares.

well the real way is not not use facebook at all, but a shill wouldn't know that

>Ever heard of a fucking adblocker you fucking imbecile?
>He thinks an ad blocker will do shit against fingerprinting
>He doesn't even know what fingerprinting is

Are you having a stroke or did you reply to the wrong post? And no I don't use facebook.

Tell me, dumb animeposter, exactly how do tracking scripts get around adblockers? Without resorting to greentext and memery, please.

Not everybody wants to isolate themselves from the world.
Not everybody wants to cut themselves off from the countless services that require a login.

>you need a facebook or it's impossible to stay in touch

Buy a telephone retard if you want to stay in contact with people.

Ad blockers generally only block advertising scripts.
Sure you can use extra lists like the AdBlock Plus anti-social list, but they only block obvious stuff like if your fingerprint script is called fingerprint.js.

Also means you can never buy anything online unless it's with a cryptocurrency.
Also means you can't use government websites or insurance websites that require login.
Also means you can never use an online repository that has your real name attached to it.
Etc etc

>fingerprinting
The buzzword caught on...

>tinfoil hatter to the point that he won't use websites that require login
>uses a fucking cellphone
TOP KEK.
That's some bizarre double standards

>Also means you can never buy anything online unless it's with a cryptocurrency.
What the fuck? I haven't had a Facebook in years and buy shit online all the time.
>Also means you can't use government websites or insurance websites that require login.
I've never seen a site where it was mandatory to have a Facebook to log in other than Facebook. Sure there are a lot where you can use your Facebook account, but it's nothing more than an option.
>Also means you can never use an online repository that has your real name attached to it.
Sure you can.

The whole point of tracking you is so they can serve you relevant ads. What incentive is there for them to go out of their way to track you when you've already blocked their ads and their *most obvious* trackers?

Give me a live example of the non obvious stuff before you spout FUD.

Not him but you're a fucking idiot. In firefox it's currently difficult (impossible?) to hide system fonts from websites. Canvas information is also hard to hide, as is screen size. The tor browser has patches for these things, but it's not available as simply an add-on, they compiled it in.

You don't seem to understand.
It doesn't matter if they get your real name from facebook, your credit card, or your github account, once they have it your browsing habits are no longer anonymous

You don't seem to understand. The claim was that you need a Facebook account to do that shit. You don't need it for any of it
>credit card
I've only got a prepaid debit card

>difficult (impossible?) to hide
Difficult things like BLOCKING JAVASCRIPTS? Because that's how they get you system font or whatnot, VIA JAVASCRIPT

You're the fucking idiot. Learn how a computer works you fucking retard.

If you use the same browser on the new machine with saved settings, there's a chance it still wouldn't help. Especially if you imported cookies or something dumb like that.

Well, if you just want proof that large tracking companies are using it, AddThis was the first to be outed, and they've since admitted it.

Why would they stop tracking you just because you block ads?
That doesn't make sense at all.
Your info is still valuable as statistical info.
Your info is still valuable to governments.
Your info is still valuable for customizing your web experience (e.g. showing you items on Amazon you're more likely to want to purchase).
Your info is still valuable to employers, and we might see a future where they can buy your browsing habits as a sort of background check when you apply for a job.

Where did I claim facebook was a requirement?
It's just an example of an obvious pool of personal info

...

Oh really? Are you going to keep talking out of your ass now?

Also, OP can you add the site:

ip-check.info

to the OP next time? It's a good site, just ignore their push for their own product.

By not serving ads, and hence never being added to a block list. Even so, there are fingerprintable exploits that don't involve running scripts or user agent strings. Other HTTP header exploits, TCP header and timing analysis, or really any of the same stuff used in OS fingerprinting. No existing adblocker currently even defeats the simple panopticlick demo from the EFF.

Will do.
It's a good site

Do government websites really use google analytics now? We should complain to our senators of the privacy breach that represents.

They never stop looking for ways to make ads unblockable. We shouldn't let them get away with making us un-untrackable.

I'M talking out of MY ass? HOW THE FUCK IS FINGERPRINTING DONE WITHOUT JAVASCRIPT HOLY FUCK YOU FUCKING MORON

YOU'VE NEVER WRITTEN A SINGLE FUCKING LINE OF CODE IN YOUR LIFE, HAVE YOU

YOU MUST BE SOOO PROUD OF YOURSELF HAVING JUST FOUND THIS BOARD AND READ A FEW SHITPOSTS AND THINK YOU KNOW SHIT ALL ABOUT COMPUTERS

GET THE FUCK OUT

Oh look, more tinfoil bullshit and still no live instance where this is actually happening.

Let me guess, you found Sup Forums, or maybe Sup Forums in general too, a couple months ago?

Literally addressed none of my arguments.

You didn't make an argument. You asked what incentive to blah blah blah blah blah.

Well, I'm sure some pool your basic info with trackers, but I doubt they all do.
I probably got a bit ahead of myself.
That being said both the Australian Liberal and Labor party's websites serve Google scripts.
Pretend I didn't say government websites and instead said job applications.

I literally showed a screenshot of that site (ip-check.info) grabbing my screen size and detecting my system fonts. I'm convinced at this point you're simply trying to troll; either that or stop using all caps, it's annoying.

The best fingerprinting tests rely on JavaScript, that's true.
But not all of them do.
Additionally some websites require JS to be enabled to work, so it's a choice between risking being fingerprinted or not using the site at all.
Disabling JavaScript completely is far too restrictive for normies and casuals to do

It's a troll, dude.

>There is currently NO FOOLPROOF DEFENCE against fingerprinting.
Can't you just block scripts and randomize your user agent? It seems like almost all of the currently available fingerprinting techniques require javascript and the information they would be able to get through the ones that don't really wouldn't be enough to reliably identify you out of all the other people who care about privacy on the internet.

Which is why we need something new. A way to make javascript lie tactically to be less fingerprintable but still potentially let websites function.

Nope. They have enough other stuff to stiil track you. Try out the provided fingerprinting demos. JS+UA doesn't work.

I would say that currently that could work, for some cases, provided you didn't use the same user-agent string on multiple websites.
But when people start doing that the trackers will just shift their focus away from user-agent string and rely on other parts of your fingerprint that aren't as easy to spoof.
It's not a perfect solution

>YOU'VE NEVER WRITTEN A SINGLE FUCKING LINE OF CODE IN YOUR LIFE, HAVE YOU
Words you'll never hear:
"Is that the code-monkey's Ferrari?"
I've never written code in my life, I'm proud to say. And if having written code, even for money, is your life's highlight you must live in pretty humble circumstances.
If I need code written there are always dozens of un/under-employed code-monkeys to do it for me.

There's a way you can stop it from detecting your system fonts (other than disabling CSS) but I can't remember how.

>By not serving ads, and hence never being added to a block list.
Google analytics doesn't serve ads and they still get blocked by ad blockers. You do realize adblockers despite their name block more than just ads, right?

>You asked what incentive to blah blah blah blah blah.
That is the argument since I'm saying there's no incentive. And also I asked you to provide an instance where a tracking script bypasses adblockers, which is another argument.

>detecting my system fonts
No they didn't. Pic related is what it would show if they can detect your fucking system fonts.

>enable "force noscript captcha"
>captcha window just says "sorry, something went wrong"

help?

Doesn't do a thing about e-tags or other HTTP exploits.

I stand corrected, but this is the message they give me.

How exactly would the server detect your system fonts with javascript disabled? Sure the local page could know what fonts you have, but unless every link on that page then sends a hash of that back to the server in the link (which could be stopped with an addon like Clean Links) how are they going to get that information back to the sever?

Nevermind, the @font-face attribute makes your browser request the fonts if you don't have them which is done without javascript. They could tell by what fonts you needed to request.

Well let's go for the obvious:
Browserprint.info
The fingerprinting scripts are not blocked by Adblock, Adblock Plus, or uBlock

Yeah noscript captcha is broken for a lot of people

The fuck? That gibberish is the webfont they fucking sent you. How the fuck does that count as part of your system fonts?

>The fingerprinting scripts are not blocked by Adblock, Adblock Plus, or uBlock
Well no fucking shit! They didn't exclude it from blocklists because they weren't aware of it

Your blind faith in ad blocking software is disturbing.
Ad blockers are very primitive and rely on a lot of work by humans

>The fuck? That gibberish is the webfont they fucking sent you. How the fuck does that count as part of your system fonts?
see

I don't have blind faith in adblockers. I have blind faith in ad companies to not bother to spend time and resources on tracking me across websites when they can't even monetize it.

You can block webfonts in ublock.

I costs nothing extra to track you despite you blocking ads, in fact it would cost them time to provide you special treatment.
And they can monetize it

They can still sell the data. We're in the midst of a datamining boom. Everyone wants to do it these days, so they all want huge datasets.

It's OK, they can't track me because I have Do Not Track enabled

Really? It costs them no effort, no money having to consistently buy up new, stealth domains to bypass blocklists and invest in tracking solutions beyond javascript?

Nope. They just make their service/content break when you don't run their ad scripts. For a particularly adamant example of this, see streamlive.to/

Or maybe I'll just not visit malicious streaming websites. Who the fuck even uses those in this day and age?

>For a particularly adamant example of this, see streamlive.to/
Source?

The way to stop the font detection is by setting gfx.downloadable_fonts.enabled to false in your about:config. Only problem is that you would be surprised about how many icons you come across that are actually fonts.

>stealth domains
If you didn't see earlier in the thread, Google fingerprints through their Captcha service that they host on google.com and gstatic.com. They aren't stealth domains, they're domains that some websites need you to allow scripts from to function. Stealth domains are easy to take care of if you use uMatrix and simply don't allow the scripts that you don't need, malicious scripts hosted on common websites that also have needed scripts are much worse.

Can anybody explain the CSS only font test on JonDo's IP check?

See

BUT there is one FOOLPROOF WAY to avoid being tracked fingerprinted v& for anything on the internet....

QUIT THE INTERNET.

gud idea.

Nice blog