What score does your browser(s) get?

I’ll start: I got:

one in ~25000 browsers have the same fingerprint as yours

  • Leraje@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 year ago

    CreepJS is much better (and scarier) at fingerprinting you than EFF. I’ve not managed to completely fool it yet but I’ve got my score down to 0% trust, meaning the fingerprint it generates is pretty useless. I suspect the only way to totally fool it (by which I mean spoof my devices) would be to turn JS off completely.

    • relevants@feddit.de
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      On Safari 17 every time I visit the site it claims it’s my first visit, despite a trust score of 57%. Not sure if I’m interpreting the results wrong or ITP is just doing its job.

      • Leraje@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I’m not 100% sure but I don’t think creep stores anything on its github incarnation so it’ll always look like it’s your first visit.

      • The Dark Lord ☑️@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        iOS 17 Safari (especially with enhanced fingerprint protection on) is really good at fingerprint protection. It rotates a few data points like canvas ID so that it makes you look like a new fingerprint each time.

        Fingerprint analyzers can find out lots about your fingerprint that way, but if your fingerprint keeps changing, it becomes difficult to identify you. Unique fingerprints don’t mean anything if your fingerprint keeps changing.

        • relevants@feddit.de
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          That’s what I was kind of thinking/hoping based on the results, but I wasn’t sure if I was understanding it right. Thanks for elaborating!

          • The Dark Lord ☑️@lemmy.ca
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Imagine I keep a log of everyone I encounter… their race, hair colour, eye colour, glasses shape, accent, gender, fingernail length, ear lobe shape, everything. I would probably encounter the same people every so often, and I would be able to recognize them from my log.

            Now imagine that one of them started dying their hair and putting in coloured contact lenses, and they changed it up every day. I may be able to collect all of the details about them. They’re very unique. But… I couldn’t match them against anyone in my log, even though I’ve seen them multiple times.

            Having a unique browser fingerprint is perfectly fine if it constantly changes. They can collect all of those details about you, but if you keep changing key details, they won’t be able to recognize you.

      • datavoid
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Do you have js enabled?

        Trying to figure out how to accomplish this - doesn’t even work on tor

        • relevants@feddit.de
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Yea, I’m just using the browser on my phone, with Private Relay and intelligent tracking prevention on for all websites. I’ve visited it a bunch of times now and I’ve gotten it to count consecutive visits a few times, but if I just wait a little while and refresh it goes back to 1 and the fuzzy fingerprint is wildly different

    • Dust0741@lemmy.worldOP
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Wow yea this seems really good. And scary. Too bad it doesn’t seem to work with mullvad browser

    • DreadPotato@sopuli.xyz
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I get 0% on CreepJS with default DDG browser set to “strict”, with a crowd blending score of 27%.

      I get 40.7% with Mull + adblocker and 66.5% with FF + adblocker

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Unique among the people who use that website. So if nobody else if you’re configuration ever tried that website… You would be unique

      The bits of entropy are the more important parts of the results. The lower the bits the better

    • Devjavu@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Please also consider things like canvas spoofing. It will create a unique fingerprint that is different every time.

  • dsemy@lemm.ee
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    1 year ago

    There is also fingerprint.com, which I tend to trust more since it’s a company that literally sells fingerprinting tech to other companies.

    It managed to identify me while using the Tor browser on “Safer” (doesn’t work on “Safest” due to JS). Edit: this is likely due to an issue with my install, and not the browser itself.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      How did it identify you via tor? Were you using the browser bundle? Completely vanilla?

      Did you refresh your session between tests?

      • dsemy@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Completely vanilla, fully stopped and restarted the browser. This was right after the 13.0 update.

          • dsemy@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Just did a fresh install on Linux (fresh download too) and unfortunately, with no settings changed except security to “Safer”, it once again identified me across multiple sessions.

            FWIW it does change my ID if I resize the window enough to jump to a different size letterbox.

            Edit: forgot to mention, the fresh install got a different ID ti the previous install.

            • jet@hackertalks.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Something is very curious about your install.

              if you want to debug this: in tor browser, double check your using tor, try out whatismyipaddress.com, change circuits and make sure it changes again.

              Look at the bits of entropy that coveryourtracks.eff.org shows, it could be something funky like an environment variable letting in system fonts.

              • dsemy@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Yeah I’ll do some investigating, good to know that the Tor browser isn’t at fault though (I probably should’ve operated under this assumption in the first place).

  • Dust0741@lemmy.worldOP
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    1 year ago

    More of my stats:

    Fennec (privacy badger + unlock origin): 1 in 23301.0

    Fennec private tab (privacy badger + unlock origin): 1 in 20712.44

    Firefox hardened (arkenfox + privacy badger + unlock origin): 1 in 37281.6

    Firefox hardened private tab(arkenfox + privacy badger + unlock origin): 1 in 31069.5

    Mullvan browser (dafaults with unlock): 1 in 147.48

  • aindriu_b@feddit.uk
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 year ago

    I got “unique among the 185,973 tested in the past 45 days”

    Edit: this is using Firefox Android Nightly with UBlock + Canvas Blocker

    • TrenchcoatFullOfBats@belfry.rip
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 4330.4 browsers have the same fingerprint as yours.

      Currently, we estimate that your browser has a fingerprint that conveys 12.08 bits of identifying information.

      Using Mull with NoScript through Mullvad

  • akilou@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Am I looking for a high number or a low number?

    Looks like Chrome randomized my fingerprint but Firefox doesn’t. Does that mean I should be using chrome instead of FF?

    • dsemy@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      Mullvad browser + extensions is pointless, might as well use LibreWolf or just harden Firefox yourself.

      The point of the Mullvad browser is to not stand out from the crowd; by installing extensions you are definitely standing out.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        librewolf doesn’t do auto updates.

        I don’t need to harden firefox myself, mullvad comes pre harded.

  • akilou@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 93387.5 browsers have the same fingerprint as yours.

    Currently, we estimate that your browser has a fingerprint that conveys 16.51 bits of identifying information.

    But also

    Your browser has a nearly-unique fingerprint

    I don’t get it

    • dsemy@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Almost no browser has the same fingerprint as yours, which makes it nearly unique.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      There’s a couple issues going on here. Number one is it’s unique amongst the people who go to EFFs website cover your tracks. That’s not all of the internet users. Hell that’s not even most of the internet users. It’s pretty niche community.

      The bits of identifying information are the critical key here. 16 bits, 2 ^ 16… 65,000 different possibilities. Each piece of information you give, makes it a little bit easier to track you. Things like language, time zone… The more bits, the easier it is to identify you. The less bits, the more you blend into the crowd.

      This is why multiple people, including myself, have talked about fingerprint.com they’re professional service, who’s targeting websites, who want to track users. So they’re incentivized to track as best as able.

      Even if you’ve got a great EFF score, you should always check fingerprint.com, to see if they can track you.

    • Mr_Blott@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Mine said -

      Your browser fingerprint appears to be unique among the 184,486 tested in the past 45 days.

      Don’t get it either, just stock FF on stock Android

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Stock browsers give a lot of information, supported system fonts, supported system languages, time zone, canvas size, browser window size, there’s a lot of data that leaks out from the browser itself.

        Install a weird game that installed a weird font into your system? Well now the entire world can uniquely identify your font combination as you.

        • Mr_Blott@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Makes sense, thanks!

          Though, no idea how that would affect your average Joe so I’ll not worry about it!

    • paradox2011
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Not necessarily bad, the lower the number the harder it is to fingerprint you. In other words, your browser stands out much less and is less noticeable from the masses than the OPs browser.

      Generally the more security/privacy tweaks and add-ons you apply to your browser the more secure it gets, but you tend to stand out from the masses more because of the changes, resulting in the 1 in 4,000 type stat. It becomes easier to differentiate your traffic from others.

      Whether anonymity or security is more desirable depends on your threat model.

      Edit: “Your browser fingerprint appears to be unique among the 186,867 tested in the past 45 days.” Evidently I stand out quite a bit 😂

    • GrappleHat
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Same here. Is there a way to spoof a more generic fingerprint or something?

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It seems that my screen resolution is the problem. Brave beats Firefox based browsers because it spoofs the screen resolution

  • Zerush
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    I’ve an unique fingerprint, but different fp results in every test run, with mostly wrong sys specs, only it shows correct my country, nothing else. Same in Browserleaks.

  • alt
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    On LibreWolf, which I use to surf daily, I got one in 180k+.

    Afterwards, I tried Tor Browser -which is honestly almost never used- and this was a lot better at one in 6k+. Though this was only in “Safer” mode, I tried testing it on “Safest” afterwards, but an update screwed it up and I somehow couldn’t get it back to its standard opening size.

    Interestingly, my best result I got once again on LibreWolf. This time, I changed two things:

    1. Enable letterboxing
    2. Disable Javascript entirely through uBlock Origin

    This resulted in a one in 800+. I am interested to know how Mullvad browser users fare on Mullvad VPN.

      • dsemy@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Many parts of your browser’s fingerprint which can be randomized are well known to tracking companies, so your strategy isn’t perfect.

        Your Mullvad result seems too high btw, though I don’t have access to my computer right now to compare.