What is fingerprinting? Fingerprinting is a new way of tracking you across websites, it's not theoretical, it's being done right now by companies like Google. Why is it scary? Because unlike cookie based tracking you can't defeat it just by disabling cookies. There is currently NO FOOLPROOF DEFENCE against fingerprinting. Attempts have been made but the technology is just too new.
ReCAPTCHA probably contains fingerprinting code: archive.is/9K5gs This means that the majority of Sup Forums users could be being fingerprinted, and Google might know about your shitposting habits. To fix this you can get a pass (which allows you to be tracked by Sup Forums in a different way), or run Sup Forums with the no JavaScript CAPTCHA (use Sup Forums X to make Sup Forums without JS bearable).
Daily reminder to do all your Facebook / Youtube / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit. It's currently the ONLY way to truly defend against fingerprint tracking. Double points if you have each browser running in a different VM with a different OS. Triple points if you have each browser's VM configured with a different VPN. The Tor Browser Bundle is still susceptible to many fingerprinting attacks that can uncover your true OS and browser. Spoofing your user-agent is counterproductive unless you use a different user-agent for every site, even if you rotate them every x HTTP requests.
>run Sup Forums with the no JavaScript CAPTCHA (use Sup Forums X to make Sup Forums without JS bearable). I just get a black box if I disable the Google scripts, is it only certain 4chanX forks that do this?
Alexander Ramirez
Yeah I'm in the same boat. When I disable all scripts the CAPTCHA stops working. It's buggy as fuck. Only works for some people. Sup Forums X doesn't do anything for the CAPTCHA, it just makes Sup Forums not shit with scripts disabled. Jackie Sup Forums should really fix this
Nathaniel Johnson
Trying Sup Forums X now, it doesn't seem to work very well.
Bentley Sanders
Check "Force Noscript Captcha".
Landon Cox
Yeah mine's only captcha option is "Use Legacy Captcha"
Wyatt Walker
Sounds like you're using one that doesn't have it then. The one at Sup Forums-x.net/ can do it.
Chase Gray
I got the noscript captcha working. It seems that I still need to allow scripts on Sup Forums to post with the quickreply window and 4cdn to use the autorefresh, and the catalog.
I'm using version 1.11.35.9 (shows up in the top right hand side of the settings menu) and have the options: >Captcha Fixes: Make captcha easier to use, especially with the keyboard. >Use Recaptcha v1: Use the old text version of Recaptcha in the post form. >Use Recaptcha v1 in Reports: Use the text captcha in the report window. >Force Noscript Captcha: Use the non-Javascript fallback captcha even if Javascript is enabled (Recaptcha v2 only).
Josiah Smith
Am I fine if I use a mobile app?
Elijah Diaz
Probably not unless it presents you with the no-JS CAPTCHA
Oliver Martinez
So google can still track my shitposts if I used overchan or clover?
Nathan Baker
Do you have Gapps installed?
Alexander Edwards
I'd assume that's the case. Problem is loadletter's fork is the only one that works for my browser
Oliver Scott
No. I haven't removed that yet.
Brody Lopez
Potentially. Check if your app has a force-no-JS-CAPTCHA option
Chase Cruz
I don't think overchan has that option because I would have seen it by now.
Carter Martinez
If you haven't removed Gapps then Google is collecting basically everything you do on your phone, including your call info and your texts.
John Flores
>Sup Forums-x.net/ That site and ccd0.github.io/Sup Forums-x/ are the exact same site made by the same person, right?
Julian Nguyen
Yes. The script was moved to Sup Forums-x.net so that updates still work if Github ever decides they don't want it there.
Brandon King
Opera 12?
Benjamin Wilson
Yup
Dominic Bennett
What if I get new ISP and a new computer every time I want to google something?
Jayden Lee
>retrieving your browser info is 'new technology' god you people are so fucking retarded
Bentley Scott
That might work. Until you log in to a website.
Caleb Perry
Well fuck. were all screwed. fuck this Im moving to sweden.
Grayson Thompson
Oh look, newbabby just discovered a """new""" type of supercookie! Congrats! Are you impressed with yourself now?
>it's being done right now by companies like Google. You can't make a claim without showing proof.
Christian Powell
It's not the collection of information, it's the use of information to track you across websites.
I do all my creepy shit on a secure laptop via the neighbors wifi. The local cable company sets the default password as the users phone number, so it's just a matter of bruteforcing a 10 digit number.
I do wonder what kind of information is stored about me. I used google for years before I paid any attention to privacy.
If you delete your account, they claim all data is "anonymized" within 18 months. I wonder if that's true, and how anonymous it really is..
Joseph Edwards
>You can't make a claim without showing proof. Ok. Easy.
yro.slashdot.org/story/16/05/19/232216/google-is-a-serial-tracker >shows that Google, through multiple domains, is tracking users on around 80 percent of all Top 1 Million domains. >Additionally, besides tracking scripts, HTML5 canvas fingerprinting and WebRTC local IP discover, researchers discovered a new user fingerprinting technique that uses the AudioContext API. I've read the paper and that summary is accurate.
David Rivera
Using your neighbor's wifi won't help against these techniques, IP address is generally ignored since it's not consistent for most people.
Even if they anonymise the data after 18 months it's still stored in back up and such.
Nolan Jones
Where does it say specifically that google uses it? Oh right it doesn't.
Elijah Foster
>Daily reminder to do all your Facebook / Youtube / LinkedIn / botnet shit in a completely separate browser to your Googling or buying shit. >It's currently the ONLY way to truly defend against fingerprint tracking.
Ian Roberts
Do you have a better solution? AFAIK there are no extensions out that spoof your fingerprint, except for user-agent, and even if there was those could be defeated by just inventing new fingerprinting attacks. The Tor Browser Bundle provides some protection against fingerprinting but is still susceptible to AudioContext API fingerprinting and fingerprinting that detects your underlying OS and browser / browser version. You can go full no JavaScript, but that'll break most of the internet.
Isaac Kelly
Ever heard of a fucking adblocker you fucking imbecile?
I see you've been making them the entire day with no more than ~40 replies. Time to fuck off and go yap this shit to someone who actually cares.
Justin Brooks
well the real way is not not use facebook at all, but a shill wouldn't know that
Logan Barnes
>Ever heard of a fucking adblocker you fucking imbecile? >He thinks an ad blocker will do shit against fingerprinting >He doesn't even know what fingerprinting is
Joshua Fisher
Are you having a stroke or did you reply to the wrong post? And no I don't use facebook.
Tell me, dumb animeposter, exactly how do tracking scripts get around adblockers? Without resorting to greentext and memery, please.
Gavin Martin
Not everybody wants to isolate themselves from the world. Not everybody wants to cut themselves off from the countless services that require a login.
Evan Gonzalez
>you need a facebook or it's impossible to stay in touch
Gabriel Price
Buy a telephone retard if you want to stay in contact with people.
Grayson Jenkins
Ad blockers generally only block advertising scripts. Sure you can use extra lists like the AdBlock Plus anti-social list, but they only block obvious stuff like if your fingerprint script is called fingerprint.js.
Gavin Taylor
Also means you can never buy anything online unless it's with a cryptocurrency. Also means you can't use government websites or insurance websites that require login. Also means you can never use an online repository that has your real name attached to it. Etc etc
Dominic Flores
>fingerprinting The buzzword caught on...
Austin Stewart
>tinfoil hatter to the point that he won't use websites that require login >uses a fucking cellphone TOP KEK. That's some bizarre double standards
Blake Sullivan
>Also means you can never buy anything online unless it's with a cryptocurrency. What the fuck? I haven't had a Facebook in years and buy shit online all the time. >Also means you can't use government websites or insurance websites that require login. I've never seen a site where it was mandatory to have a Facebook to log in other than Facebook. Sure there are a lot where you can use your Facebook account, but it's nothing more than an option. >Also means you can never use an online repository that has your real name attached to it. Sure you can.
Carson Bell
The whole point of tracking you is so they can serve you relevant ads. What incentive is there for them to go out of their way to track you when you've already blocked their ads and their *most obvious* trackers?
Give me a live example of the non obvious stuff before you spout FUD.
Alexander Nelson
Not him but you're a fucking idiot. In firefox it's currently difficult (impossible?) to hide system fonts from websites. Canvas information is also hard to hide, as is screen size. The tor browser has patches for these things, but it's not available as simply an add-on, they compiled it in.
Colton Williams
You don't seem to understand. It doesn't matter if they get your real name from facebook, your credit card, or your github account, once they have it your browsing habits are no longer anonymous
Blake Wilson
You don't seem to understand. The claim was that you need a Facebook account to do that shit. You don't need it for any of it >credit card I've only got a prepaid debit card
James Turner
>difficult (impossible?) to hide Difficult things like BLOCKING JAVASCRIPTS? Because that's how they get you system font or whatnot, VIA JAVASCRIPT
You're the fucking idiot. Learn how a computer works you fucking retard.
Julian Green
If you use the same browser on the new machine with saved settings, there's a chance it still wouldn't help. Especially if you imported cookies or something dumb like that.
Easton Torres
Well, if you just want proof that large tracking companies are using it, AddThis was the first to be outed, and they've since admitted it.
Carson Brooks
Why would they stop tracking you just because you block ads? That doesn't make sense at all. Your info is still valuable as statistical info. Your info is still valuable to governments. Your info is still valuable for customizing your web experience (e.g. showing you items on Amazon you're more likely to want to purchase). Your info is still valuable to employers, and we might see a future where they can buy your browsing habits as a sort of background check when you apply for a job.
Elijah Ross
Where did I claim facebook was a requirement? It's just an example of an obvious pool of personal info
Kevin Mitchell
...
Jonathan Torres
Oh really? Are you going to keep talking out of your ass now?
Jack Green
Also, OP can you add the site:
ip-check.info
to the OP next time? It's a good site, just ignore their push for their own product.
Anthony Young
By not serving ads, and hence never being added to a block list. Even so, there are fingerprintable exploits that don't involve running scripts or user agent strings. Other HTTP header exploits, TCP header and timing analysis, or really any of the same stuff used in OS fingerprinting. No existing adblocker currently even defeats the simple panopticlick demo from the EFF.
Hudson Sanders
Will do. It's a good site
Jayden Richardson
Do government websites really use google analytics now? We should complain to our senators of the privacy breach that represents.
Luis Jackson
They never stop looking for ways to make ads unblockable. We shouldn't let them get away with making us un-untrackable.
Brandon Price
I'M talking out of MY ass? HOW THE FUCK IS FINGERPRINTING DONE WITHOUT JAVASCRIPT HOLY FUCK YOU FUCKING MORON
YOU'VE NEVER WRITTEN A SINGLE FUCKING LINE OF CODE IN YOUR LIFE, HAVE YOU
YOU MUST BE SOOO PROUD OF YOURSELF HAVING JUST FOUND THIS BOARD AND READ A FEW SHITPOSTS AND THINK YOU KNOW SHIT ALL ABOUT COMPUTERS
GET THE FUCK OUT
Oh look, more tinfoil bullshit and still no live instance where this is actually happening.
Let me guess, you found Sup Forums, or maybe Sup Forums in general too, a couple months ago?
Literally addressed none of my arguments.
Cooper Watson
You didn't make an argument. You asked what incentive to blah blah blah blah blah.
Camden Ross
Well, I'm sure some pool your basic info with trackers, but I doubt they all do. I probably got a bit ahead of myself. That being said both the Australian Liberal and Labor party's websites serve Google scripts. Pretend I didn't say government websites and instead said job applications.
David Barnes
I literally showed a screenshot of that site (ip-check.info) grabbing my screen size and detecting my system fonts. I'm convinced at this point you're simply trying to troll; either that or stop using all caps, it's annoying.
Jordan Foster
The best fingerprinting tests rely on JavaScript, that's true. But not all of them do. Additionally some websites require JS to be enabled to work, so it's a choice between risking being fingerprinted or not using the site at all. Disabling JavaScript completely is far too restrictive for normies and casuals to do
Thomas Hughes
It's a troll, dude.
Mason Hughes
>There is currently NO FOOLPROOF DEFENCE against fingerprinting. Can't you just block scripts and randomize your user agent? It seems like almost all of the currently available fingerprinting techniques require javascript and the information they would be able to get through the ones that don't really wouldn't be enough to reliably identify you out of all the other people who care about privacy on the internet.
Jackson Bennett
Which is why we need something new. A way to make javascript lie tactically to be less fingerprintable but still potentially let websites function.
Noah Reed
Nope. They have enough other stuff to stiil track you. Try out the provided fingerprinting demos. JS+UA doesn't work.
Jace Scott
I would say that currently that could work, for some cases, provided you didn't use the same user-agent string on multiple websites. But when people start doing that the trackers will just shift their focus away from user-agent string and rely on other parts of your fingerprint that aren't as easy to spoof. It's not a perfect solution
Kevin Lewis
>YOU'VE NEVER WRITTEN A SINGLE FUCKING LINE OF CODE IN YOUR LIFE, HAVE YOU Words you'll never hear: "Is that the code-monkey's Ferrari?" I've never written code in my life, I'm proud to say. And if having written code, even for money, is your life's highlight you must live in pretty humble circumstances. If I need code written there are always dozens of un/under-employed code-monkeys to do it for me.
Luis Nelson
There's a way you can stop it from detecting your system fonts (other than disabling CSS) but I can't remember how.
Nicholas Howard
>By not serving ads, and hence never being added to a block list. Google analytics doesn't serve ads and they still get blocked by ad blockers. You do realize adblockers despite their name block more than just ads, right?
>You asked what incentive to blah blah blah blah blah. That is the argument since I'm saying there's no incentive. And also I asked you to provide an instance where a tracking script bypasses adblockers, which is another argument.
>detecting my system fonts No they didn't. Pic related is what it would show if they can detect your fucking system fonts.
Alexander Perez
>enable "force noscript captcha" >captcha window just says "sorry, something went wrong"
help?
Juan Perry
Doesn't do a thing about e-tags or other HTTP exploits.
Gavin Cooper
I stand corrected, but this is the message they give me.
Chase Howard
How exactly would the server detect your system fonts with javascript disabled? Sure the local page could know what fonts you have, but unless every link on that page then sends a hash of that back to the server in the link (which could be stopped with an addon like Clean Links) how are they going to get that information back to the sever?
Andrew Clark
Nevermind, the @font-face attribute makes your browser request the fonts if you don't have them which is done without javascript. They could tell by what fonts you needed to request.
Chase Jackson
Well let's go for the obvious: Browserprint.info The fingerprinting scripts are not blocked by Adblock, Adblock Plus, or uBlock
Joshua Powell
Yeah noscript captcha is broken for a lot of people
Benjamin Rivera
The fuck? That gibberish is the webfont they fucking sent you. How the fuck does that count as part of your system fonts?
>The fingerprinting scripts are not blocked by Adblock, Adblock Plus, or uBlock Well no fucking shit! They didn't exclude it from blocklists because they weren't aware of it
Jeremiah Powell
Your blind faith in ad blocking software is disturbing. Ad blockers are very primitive and rely on a lot of work by humans
Hunter Ward
>The fuck? That gibberish is the webfont they fucking sent you. How the fuck does that count as part of your system fonts? see
Joseph Brown
I don't have blind faith in adblockers. I have blind faith in ad companies to not bother to spend time and resources on tracking me across websites when they can't even monetize it.
Jacob Lopez
You can block webfonts in ublock.
Liam Phillips
I costs nothing extra to track you despite you blocking ads, in fact it would cost them time to provide you special treatment. And they can monetize it
David Turner
They can still sell the data. We're in the midst of a datamining boom. Everyone wants to do it these days, so they all want huge datasets.
Joseph Davis
It's OK, they can't track me because I have Do Not Track enabled
Grayson Hughes
Really? It costs them no effort, no money having to consistently buy up new, stealth domains to bypass blocklists and invest in tracking solutions beyond javascript?
Aiden Bennett
Nope. They just make their service/content break when you don't run their ad scripts. For a particularly adamant example of this, see streamlive.to/
Austin Scott
Or maybe I'll just not visit malicious streaming websites. Who the fuck even uses those in this day and age?
Dominic Ward
>For a particularly adamant example of this, see streamlive.to/ Source?
Jack Ward
The way to stop the font detection is by setting gfx.downloadable_fonts.enabled to false in your about:config. Only problem is that you would be surprised about how many icons you come across that are actually fonts.
>stealth domains If you didn't see earlier in the thread, Google fingerprints through their Captcha service that they host on google.com and gstatic.com. They aren't stealth domains, they're domains that some websites need you to allow scripts from to function. Stealth domains are easy to take care of if you use uMatrix and simply don't allow the scripts that you don't need, malicious scripts hosted on common websites that also have needed scripts are much worse.
Logan Bailey
Can anybody explain the CSS only font test on JonDo's IP check?
Lucas Barnes
See
David Morgan
BUT there is one FOOLPROOF WAY to avoid being tracked fingerprinted v& for anything on the internet....