Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quite far from the truth, as interacting with internet services like websites leaves a significant fingerprint. In a study by [RTINGS.com] this browser fingerprinting was investigated in detail, showing just how easy it is to uniquely identify a visitor across the 83 laptops used in the study.
As summarized in the related video (also embedded below), the start of the study involved the Am I Unique? website which provides you with an overview of your browser fingerprint. With over 4.5 million fingerprints in their database as of writing, even using Edge on Windows 10 marks you as unique, which is telling.
Good luck I’m behind 7 proxies
I’m here with multi-hop VPN with the first two hops staying in-country and the rest all random + a shit load of DNS blocking lists and browser extensions + blocking Google. I use different VPN providers too. I’m also introducing variable delays to my traffic to make NetFilter data less helpful.
Hops don’t matter at all against fingerprinting, which includes things like fonts you have installed, the os, os version number, browser version, extensions, some browser settings/flags, timezone, keyboard layout, your screen resolution, dpi, and what ever the crap the ”canvas” has stored. So pretty much no matter what you do, you’re unique.
You can use some browsers that resist fingerprinting but guess what, those are so rarely used that again you shine like a beacon. I’m still yet to find an browser extension that would fake all my fingerprint parameters by setting them as what is the most common one in each category. So a Windows user running latest Chrome full screen on Fullhd monitor.
And there is nothing stopping websites running the fingerprinting services and scripts on their own server, albeit most rely on third parties for convenience, and these at least can be blocked.
Right, that’s why I mentioned all the blocking at the DNS and browser extension level — most fingerprinting is being done by third-parties — I generally don’t see first parties fingerprinting but if they do it’s likely a website I chose to be on rather than some shady
<script>from God knows where.Some privacy browsers will randomize your fingerprint
Randomized = unique, unless it is done ”smartly” by setting some very very common combo. Or unless it randomizes for every page load (which I recon would mess up many site functions, window width/height for example). And if there is not that many users having this on you shine like a beacon again as ”that randomizer guy”.
…no
I imagine it’s somewhere between what both of you are saying.
I imagine “randomized” means a random common “fingerprint” (with parameters like user agent, language, etc) rather than just a unique set of randomized parameters (say, time zone in US but language set to Farsi which would be unique to an extent).
I mean it doesn’t matter if it’s unique or not. What matters is that your fingerprint changes as you browse.
Sorry but that’s totally wrong.
The entire point is that if it’s unique it can be considered a fingerprint — in fact the entire reason it’s called “fingerprint” is that in theory it’s unique like a real fingerprint.
If it’s common then it’s unreliable as a fingerprint because it’s no longer unique. Therefore whether it’s unique or not is the entire point and relevant to the topic.
Laughs in Tails Linux
Please understand that browser extensions make you more easy to track. I used to be under the same assumption, but uBO is as far as you should go. fingerprints include your extensions.
That depends on whether your browser exposes them, and if/how they affect your fingerprint. If you go to deviceinfo.me it will show you what your browser is exposing.
Yeah, there’s also the covermytracks.eff.org and amiunique.org and https://abrahamjuliot.github.io/creepjs/index.html which is my favorite
My thinking is that most of the fingerprinting is happening by third parties, and where it’s the website operators themselves I’m not super concerned about being fingerprinted.
Look at the uBO trackers on each site and you’ll br surprised how often Google comes up.
From their domain that I’ve already blocked with DNS? Or are you talking about first-party scripts calling Google (which I’ve also seen though much more rare)?
In any case I block those too.
If you go to the site, what does it think of your fingerprint?
That’s the point. It doesn’t matter how many middle layers there are, if you’re using a web browser, there are hundreds of pieces of information that can still be used to uniquely identify you. Do you have WebGL enabled? If so, you could be identified with 100 constantly changing proxies.