Some time ago I noticed that in Chrome, every time you click "Never translate $language", $language quietly gets added to the Accept-Language header that Chrome sends to every website!
My header ended up looking like a permuted version of this:
en-US,en;q=0.9,zh-CN;q=0.8,de;q=0.7,ja;q=0.6
I'd be surprised if anyone in my vicinity share my exact combination of languages in that exact order, so this seems like a pretty strong fingerprinting vector.
There was even a proposal to reduce this surface area, but it wasn't adopted:
https://github.com/explainers-by-googlers/reduce-accept-lang...
Is Chrome trying to assume that, since you don’t want it to translate those pages/languages, that you can read them/want them in your header? Interesting
PSA Don't use chrome.
That will just make you stand out more.
Definitely a good STEP1, but it’s not like Firefox and Safari are finger printing secure.
Firefox does pretty damn well though, especially with privacy.resistFingerprinting set to true
Modern Safari is pretty damned good at randomizing fingerprints with Intelligent Tracking Prevention. With IOS 26 and MacOS 26, it's enabled in both private and non private browser windows (used to be only in private mode).
All "fingerprint" tests I've run have returned good results.
what about duck duck go? We need a simple chart: 1. What browsers are good at resisting finger printing 2. tell for each browser, does it work on android ad ios and apple and windows and linux 3. what setting are needed to achieve this
for bonus points, is there no way to strip all headers on chrome on control it better?
Tor Browser (based on Firefox) is.
I only use it when I want to be tracked.
> There was even a proposal to reduce this surface area, but it wasn't adopted:
>> Instead of sending a full list of the users' preferred languages from browsers and letting sites figure out which language to use, we propose a language negotiation process in the browser, which means in addition to the Content-Language header, the site also needs to respond with a header indicating all languages it supports
Who thought that made sense? Show me the website that (1) is available in multiple languages, and also (2) can't display a list of languages to the user for manual selection.
Using Chrome and caring about privacy? I thought, after Google killed uBlock Origin, it had become beyond clear these two things were incompatible, https://news.ycombinator.com/item?id=41905368
uBlock origin just got replaced with uBlock lite for most people
There's a way to enforce loading UBo in Chromium but you need to download the extension by hand (git clone it from GitHub) and load it in "developer mode" in the extension settings. Also, you need to enable some legacy options related to extensions in about:flags.
Which, by design, doesn't protect you from actual spying, https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
Hmmm...YouTube has been getting confused about the language and displaying random languages for the closed captions on videos. This was happening to me across smart TVs but I access YouTube randomly from various devices and browsers...but mostly Chrome when using a browser.
Firefox w/ the Arkenfox user.js is probably as good as it gets in terms of privacy. By default, this config burns cookies on exit, standardizes the time zone to UTC, spoofs the canvas fingerprint, and does other helpful things. Basically, it makes Firefox expose the same information as the Tor browser.
In addition, I block most known advertizing/tracking domains at the DNS level (I run my own server, and use Hagezi's blacklists).
Finally, another suggestion would be to block all third party content by default using uBlock Origin and/or uMatrix. This will break a lot of websites, but automatically rules out most forms of tracking through things such as fonts hosted by Google, Adobe and others. I manually whitelist required third party domains (CDNs) for websites I frequently visit.
There's no point unless a critical mass of people use these tools. You will be the only one on your IP address using this configuration of masked fingerprinting, which is itself a fingerprint.
That's also why it's indeed useful when using Tor, because you're not identified by your base IP.
Unless we make this part of the culture, you have basically 0 recourse to browser fingerprinting except using Tor. Which can itself still be a useful fingerprint depending on the context.
EDIT: I'll add that using these tools outside of normal browsing use can be useful for obfuscating who's doing specific browsing, but it should be emphasized that using fingerprinting masking in isolation all the time is nearly as useful as not using them at all.
Basically the XKCD license plate comic: https://xkcd.com/1105/
Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?
> block all third party content
It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
Also imagine if browser didn't provide drawing API for canvas (if you would have to ship your own wasm rendering library). Canvas would become useless for fingerprinting and its usage would drop manyfold. And the browser would have less code and smaller attack surface.
> Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?
My GPU is reported as simply "Mozilla" by https://abrahamjuliot.github.io/creepjs/.
The number of cores is also set to 4 for everyone using this config and/or Tor.
> It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
This may be true, but allowed third party content makes it trivially easy for Google and others to follow people around the Internet through fonts delivery systems among others.
I had forgotten I was running Ublock origin / Privacy Badger / Ghostry so I was a bit confused with the results from that site.
I think it is Ghostry that is faking the responses but I still have a pretty unique fingerprint according to https://coveryourtracks.eff.org/kcarter?aat=1
If I infiltrate someone else’s computer, secretly run code in order to to exfiltrate data I risk prison time because objectively it seems to satisfy criminal laws over where I live.
How do prosecutors in any modern country/state not charge this behavior when done by a website owner?
The difference is that there's implied consent to run arbitrary (albeit sandboxed) code when you visit a website. Moreover it's not the website causing the code to be executed, it's your browser. Otherwise if the bar is "code is being run but the user doesn't know about it", it would lead to either any type of web pages with javascript being illegal (or maybe without javascript, given that CSS turing complete), or a cookie banner type situation where site asks for consent and everyone just blindly accepts.
> any type of web pages with javascript being illegal
Inshallah
> if the bar is "code is being run but the user doesn't know about it",
.. would lead to all modern electronics being illegal, not just web pages with javascript.
Orion Browser (Kagi Product) prevents fingerprinters from running by default.
https://help.kagi.com/orion/privacy-and-security/preventing-...
Orion browser is also capable of running uBlock Origin (not Lite) on iOS.
How do they reliably detect fingerprinting? Did they solve the Halting Problem? Sounds fishy.
>The only efficient protection against fingerprinting is what Orion is doing — preventing any fingerprinter from running in the first place. Orion is the only browser on the market that comes with full first-party and third-party ad and tracking script blocking, built-in by default, making sure invasive fingerprinters never run on the page.
sounds like they block "known" fingerprinting scripts and call it a day.
This makes you inherently trackable, ironically. No trace is a massive trackable attribute, since almost nobody is untraceable.
Hey look it's that invisible guy again!
> Orion is the only browser on the market that comes with full first-party and third-party ad and tracking script blocking
I love Kagi, but that is a laughable statement. Brave has been offering ad and fingerprint blocking for years now. The reason why they don't have full first party blocking ("aggressive" mode blocking) on by default is because it tends to break things.
unfamiliar with the Arkenfox user.js but are any of these things that are beyond what firefox enables out of the box if you turn on privacy.resistFingerprinting ? Because what you describe seems to be all stuff it does just by flipping flag.
All javascript based anti-fingerprinting is detectable and is also a major source of uniqueness!
Sure but if you are always unique for every website then you can’t be tracked overtime.
They meant a signal of uniqueness for your setup that could still assist with tracking, not being unique for every site.
"This will break a lot of websites, but automatically rules out most forms of tracking…"
Whether one breaks a lot of websites or not depends on the type of user one is. People who regularly use the Google ecosystem, Amazon and Social Media etc. cannot afford to break sites for obvious reasons, they too are those that websites are most interested in tracking and fingerprinting.
Those who use the web in the way advertisers and Big Tech intend users to use it are the most vulnerable, they're the ones who most need protection.
I break websites regularly but it doesn't worry me, I browse with the premise that there are more websites on the internet than I'll ever be able to visit and if I break sites or are blocked by paywalls then there are usually alternatives and workarounds.
But then I'm not a typical user, I block ads, I usually browse with JS off, kill cookies, use block lists, use multiple browsers (there are six on this deGoogled, rooted phone), browse from multiple machines—Windows, Linux and use multiple ISPs. Also, I've no Social media or Google accounts and rarely ever purchase stuff online. Internet access is via dynamic IP addresses and routers are rebooted often. There's more but you get the picture.
I assume browsing sans JS makes me a first-class target for fingerprinting and that websites know about me but it doesn't matter. Whatever I'm doing seems to work, over the years I've had very little trouble doing everything on the web that I want to do. Clearly I'm of little interest to advertisers and I never see ads let alone targeted ones. I used to use uBlock Origin but I don't bother now as browsing sans JS is just so effective at blocking ads.
I'm lucky in the fact that I use no service that would benefit from fingerprinting me. Whilst my web browsing is atypical of most users I reckon many could benefit by being more proactive—using multiple machines, browsers, ISPs etc.—to disrupt the outflow of personal data. For example, this is being written on a rooted Android using Privacy Browser from F-Droid sans JS and with block lists. If I really need to go to a site where JS is required, I can simply hit a toggle and turn on JS or alternatively use another browser.
As someone who utilizes these tools for anti-fraud purposes, Firefox is just as trackable if not more trackable than Chrome (especially because you stand out by using a niche browser in the first place).
Firefox exposes a massive amount of identifiable information via canvas, audio device and feature detection methods. There's also active methods to detect private windows, use of the developer console and more.
Of course. There's data where there isn't data.
-make client load something
-client doesn't load it
-add.fingerprint.point(client,'doesnltloadthings',1)
-detect if client does something only a certain browser does
-client does it
-add.fingerprint.point(client,'doesthisbrowsderthing',1)
-window was resized/moved, send a websocket snitch to the backend
- keep a consistent web socket open, or fetch a backend-api call for updates on X events - more calls are made, means user is probably scrolling, inject more things/different things.
I see some js obfuscators out there where I look at the js file and it's all mumbo jumbo.
It is indeed a privacy nightmare, where whatever we do feeds the algorithms to aide in making other people do things.
But it's also used in network security, organizations etc. Staff/employees will use the system a certain way, if something enters it without the behaviors, it's detectable. I assume that's what you mean in anti-fraud.
Sad part is we don't know what the data is ever used for, and it's often bought and sold and the cycle repeats.
There is also server side fingerprinting like JA4+ and others. Also, if you somehow evade fingeprinting, you have to prepare yourself to solve some very slow Google and Cloudflare captchas.
So there seems to be some confusion around fingerprinting related to identifying characteristics and tracking. These are two different things. Setting your timezone to UTC, masks that one characteristic of your "identity". But there are better signals for location than timezone, like GeoIP. Same with hiding capabilities. All this does is make the web harder for you but it doesn't make your untrackable. Trackability comes from a combination of factors both within and out of your browser's control. If you share your IP with a family of 4, and you go changing your request headers you are only making yourself MORE trackable. The fact that one request comes across with UTC as a timezone and others come back with EST or other timezones, means I now can track a single user on this single IP. This is made worse if you and your family are using different browsers or different devices.
So what do we care about? If you care about being untrackable, then you have a couple of options, rotate VPNs, or cycle your public facing IP often. Additionally, every request you make MUST change up the request headers. You could cycle between 50 different sets of headers. Combine these two and you will likely be very hard to fingerprint.
If you only care about being identified, use Tor + the Tor browser which makes A LOT of traffic look identical.
Self-plug but if anyone is interested in learning more about how browser fingerprinting works and the different protections browser makers deploy against it, I wrote a longer post about this a few months ago: https://pitg.network/news/techdive/2025/08/15/browser-finger...
its consistent cross site, so you get all the same privacy problems as with 3rd party cookies
The article is missing links to one of the first fingerprint diagnostic tools, https://coveryourtracks.eff.org/ , formerly called something like panopticon.net.
or don't trust the EFF!
I agree with the points in the article. Fingerprinting of any kind is a major risk for personal freedom. At the same time I want to make sure that content creators are compensated for their work. Ad firms that employ fingerprinting stand between me and the content creator. That said, I'm not going to pay $5/month for every blog that I occasionally read. The ad based model provides a more streamlined approach to compensation, but at the unacceptable price of privacy. I'm not quite sure what the answer is.
> content creators are compensated for their work
I have a gut feeling that we've been tricked (by ad companies) into thinking that this is somehow realistic and that casual "content creators" can get meaningful money from us reading their articles.
Realistically, while professional content creators can make a living, writing a blog post every once in a while will not provide meaningful income. Instead of trying to "monetize" everything, we would be better off with free content like on the internet of old. There are other means of making money.
It seems that the current situation means that the "content creators" earn insignificant money, while ad companies earn huge money because of scale, and we all somehow keep believing that this is necessary for content to appear.
You mean I shouldn't make a comfortable living off my valuable HN comments? I was about to consider this comment a good days work. Maybe if I put this comment on my own webpage it would be more valuable?
> writing a blog post every once in a while will not provide meaningful income
Nor, generally, should it. Sitting down one or two Saturday afternoons a month to write a blog post shouldn't be generating the income of a FTE.
Allow me a second to play Devil’s Advocate.
What if it could? Or should (be able to produce FTE or close income)?
In that world, the amount of pointless shite - questing to “go viral” - would be reduced to near zero. That is, if the incentive were more quality, and less quantity, we’d be better off, yes?
That's tempting, but I still don't think it should. There would still be the quest to go viral. "Quality" would still be determined in the aggregate, which means that your income depends on appealing to the widest audience possible, which means high quality niche bloggers still don't get paid much.
Metrics are hard. Just making sure they reward one particular desired outcome doesn't mean you'll escape the unintended consequences.
Also, note that we are past the point of being able to reasonably able to manage any of this. Today, you'd need to come up with a reward function that cannot be maximized by AI. (And lest you think you can fix that by using site visitors to evaluate, most of them will be bots too.)
So there's an element of truth to that. And there are those who can contribute enough value, have enough audience, etc., that they can "coast" on those 2 blog posts a month and make significant income...
... but that's also not, nor should it be the median. I'm not sure how the economy functions if, say 8h/mo effort generates a median living wage.
Tbf in a post-scarcity society, that should be expected, if historical inertia doesn't prevent it.
> I'm not quite sure what the answer is.
It's very simple, it's what they've been doing in print media for centuries: contextual advertising.
Yes seriously - I'm old enough to have enjoy reading magazines that had ads throughout them. They were fine.
I'd venture to say contextual advertising would be more effective than whatever we've been trying to squeeze out of fingerprinting etc. All this supposed "data" they are gathering feels like a scam perpetuated by ad companies about how important it is to the people who buy ads. It's not.
Even Facebook and Instagram, which pretty much should know you to a tee is completely ineffectual at advertising to me - like at all.
Same here. By the time I was old enough to have an income, reading comics had already made it possible for me to -not even see any- advertising. That carried over to newspapers, magazines... all those advertisers were wasting their money.
Later on in life I got pissed at cable-TV advertisers shoved into my favorite movies every 5-10 minutes ... ruining any ambience or artistic merit in them ... so I got rid of cable TV. By the time analog TV went away, I'd got rid of my television set. No return address on an envelope? junk mail, into the garbage unopened.
Now the pollution's ruined the 'net ... it's YouTube (re-routed) and some websites (blocked). So long, boing-boing and wired and your 'native ads'. Sites demand subscription? blocked. How much longer before advertisers realize how much they're getting ripped off?
> Sites demand subscription? blocked.
Odd. In the midst of a (well-deserved) anti-ad rant, you throw in the primary non-ad alternative and discard it.
> How much longer before advertisers realize how much they're getting ripped off?
A while longer, if the same people who reject ads are also the people who reject alternatives to ads. The advertisers can safely ignore those people's opinions.
(I'm not saying subscriptions are the answer. I don't have an answer. I'm just saying that companies wanting subscription money is not part of the problem where companies want to shove ads in our faces 24/7.)
Print media did also include e.g. coupons with discount codes with which advertisers could learn which lead led through a sale.
Without any transactions or user tracking it’s difficult to separate ‘legitimate’ content farms from those using bot farms to boost their page views.
Print media was also trying to guarantee their audience was an actual person by charging nominal fees, the difference was how much info required to do so.
The main “problem” with contextualized advertising is that the people producing the content get a larger share of the ad spend.
Targeted ads concentrate control over the market into a few players, which can do things like acquire competitors or run them out of business with loss leaders.
With AI, the supply of ad real estate will go to infinity, so the only thing that will matter is the quality of the places the ads run.
This would be a good time to ban targeted advertising, or for the content producers to form a cartel that only purchases contextual ads.
That cartel will probably be even worse than what we have now, since it’s going to be 2-3 mega conglomerates like Disney, and they already have handed editorial control over to the White House.
Hopefully the invisible hand of capitalism will somehow fix this.
Do you see how the discourse has been shifted here? Some of us have nothing against ads per-se. We care about tracking.
How does tracking me and invading my privacy make ads perform better? In my case it does not. As the tracked ads are usually worse as they will keep advertising me things I don't need anymore. Context based ads worked fine in the past and I don't really see why they cannot.
Also why does every web store need to show me ads? Don't they make money out of selling things? If they really have to, do they have to invade privacy? This is like walking into a physical store and them doing facial recognition, then showing you tailored ads/inventory. That feels creepy to me.
> How does tracking me and invading my privacy make ads perform better?
If you don’t want to be tracked, you shouldn’t be, but how could it not? At a very simple level, an ad targeted towards a 50 year old woman isn’t going to be the same ad to show a 14 year old boy. Different people like different things and ads targeting you as an advertising profile are going to be better than ones that aren’t. You may not like the targeting and think it's invasive, because it is, but let's not pretend the tracking doesn't do something.
A 14-year-old is unlikely to read/look at the same content as a 50-year old woman. That's how contextual advertisement works.
contextual advertising isn't targeted advertising, yes.
> I'm not going to pay $5/month for every blog that I occasionally read
Would you pay per view? Most people (me included) would probably hesitate to say yes, because we’re used to not paying for that. But what if it meant that ad based model is gone and everything you buy is cheaper because the price does not include the cost of running ads?
> what if ... everything you buy is cheaper because the price does not include the cost of running ads?
Except in practice we see the opposite.
There's something interesting going on with companies when they want to get paid directly versus by ads: they demand 3x - 4x or more for subscriptions or pay per view versus what they make from ads.
Easiest place to see this is ad supported non-linear TV in the years you could get without ads, or with ads. You pay significantly more to not see the ads, than they make from the ads.
Perhaps this is justified because ad-free subscriptions reduce the audience size for ad buys, but when you look at the numbers watching with ads versus paying, it wouldn't seem like the "no ads" buyers make a dent in whatever pricing tier.
In the 90s when we were young and naive, we imagined a library card model, with a library fee and then you have fractions of a cent cost to read a post, and using (hand waving) technology to uncouple viewing history from payables to content creators. That, or the British TV license model, an Internet license of some kind.
It's curious to me the ad networks haven't gotten together to preemptively offer this. Arguably Brave tried, but from an adversarial (to the ad companies) stance. It would work better from the inside with a simple regulation: if you serve ads for ad-supported content, you have to participate in the library card system at CPM rates no greater than you receive for ads to skip the ads for card holders.
This is price discrimination. Everybody would love to charge more money to rich people and less money to poor people, since that increases the total profit.
The only companies that we directly allow to do this are schools, but having a premium version lets you approximate this.
Steam also does this. Most games are significantly cheaper in low-income countries like mine because otherwise they wouldn't make a dime here.
That's because you usually pay via credit card (or some other financial mean) which is cumbersome (and may be illegal) to spoof. But yeah, it can be hard to justify a subscription when it's the price of a full meal. Especially when other essential subscriptions (electricity, water, internet, cell services,...) is straining your monthly budget.
Steam is not the one doing that. Publishers decide regional pricing.
The PPV model has been tried a bunch of times, and it always turns out that the rate people are willing to pay per view is not a rate that is high enough to be a viable revenue source for the content owners.
it takes a lot of $0.10-$0.25 views to make up for the loss of a $5/month recurring revenue stream that might last for years.
I wrote about this exact problem last year. To anyone who disagrees, would you pay me 5 cents to click on the following link?
The fact that advertising is more profitable doesn't mean that the PPV model is not viable. It could certainly be so. Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
The problem is skewed incentives, of course. Advertising is acceptable to most users and easy to integrate, so why should website authors go out of their way to please a minority of their users who object to it?
>Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
you're describing the model of a product called blendle, a service which i loved but which totally failed. they failed to attract users, and they failed to attract publishers. this isn't some new idea that nobody had tried. it's been done. and it failed, not just for blendle. people have tried micropayments, they've tried subscriptions, if you can imagine a PPV model, it's probably been tried. readers and publishers both hate it.
Do you think the fact that NO major content websites (NYT, substack, WSJ, ...) have settled on a PPV model is simply because they haven't thought of it? Or is it more likely that the numbers absolutely do not work?
No one uses the PPV model because there isn't sufficient payment infrastructure (402 payment required). The friction for entering your credit card information into a website is ridiculous, you might as well target the high end of the market with a monthly subscription.
The PPV model, like Ads, works well for websites that you're not well associated with. Random blogs and websites that you otherwise wouldn't be willing to share your credit card info with.
I think it might be because with ad model you can sell profiling data many times over to different parties. You can’t do the same with a single charge.
That's a false dichotomy.
I can't speak for all web sites, but I reckon a combination of factors could explain why such a solution hasn't been deployed:
1. Advertising is ubiquitous, easy to integrate, and provides a safe revenue stream.
2. There is little to no infrastructure for the PPV model. Whoever builds it would need to maintain their own version of it.
3. People expect the web to be "free". This is even true within technical crowds who understand that it's really not free. And a large part of that group doesn't mind advertising.
So, really, it would require a substantial amount of effort to implement, it would add additional friction to users, and ultimately only a minority would appreciate it.
Had this model been in place from the beginning of the web, things might be different today. Alas, if my grandma had wheels...
Have any of them actually tried it though? If they have and I missed it, then I apologize, but I can't recall the NYT letting me read an article for $1 with zero friction via Apple or Google Pay or Stripe link or something. It they tried it and the numbers didn't work, that's one thing, but I don't recall that happening.
WSJ was available on blendle (pay-per-view microtransactions). Washington Post was available on scroll (monthly subscription, divided up amongst the publishers you read each month). neither service still exists.
i don't believe NYT has ever tried a pay-per-view model.
Doing it via conventional card networks won't work, the fees would eat most/all of the payment.
A critical mass of publishers would need to team up and form a cooperative/etc where a user could register once, deposit some money, and then that money would be spent every time they view an article. But that requires cooperation between competitors, which is already hard enough, and the cancer that is the advertising industry wouldn't like this potential existential threat and would be more than happy to pour fuel onto the fire to ensure it never succeeds.
What's surprising is why the card networks themselves don't get in on it. They could do so in a completely backwards-compatible manner, introducing a new card number range that only works with transactions under a certain amount and have different fraud protection/chargeback rules.
I would. Or alternatively I'd also pay for a Spotify style model where my monthly amount get redistributed amongst the articles I read.
At the risk of pedantry, though it's still germane to this context, that's more the Tidal model than the Spotify model.
Spotify's model is more that your monthly amount gets disproportionately redistributed to the artists that bring more interest and listens to Spotify, regardless of whether you were one of those listeners. Smaller and niche artists suffer under Spotify's model.
You're presupposing that these blogs are producing content worth paying for. The unfortunate truth is that the overwhelming majority of blogs (99.9%+) are not.
The PPV model can at least cover the cost of bandwidth. If you are loading the page, it must be at least some value to the user, say 1/10th of a cent.
Then why is everyone so nostalgic for the old days of the blogosphere to return? If blogs are all worthless, then we shouldn't care that they're disappearing and/or being put behind paywalls; we haven't lost anything.
> Would you pay per view?
Yes, but only after viewing, of else I'd pay for "editorial" or AI generated slop which would be generated like link farms pointing to Amazon etc.
And that's the chicken-and-egg problem ...
In theory that could be resolved by registering for free at reputable sites and then paying per view with micropayments. Or by a scheme where one would register and only pay when I actually did read stuff, not with the currently en-vogue monthly fee for each and every site.
How do you track the views?
How do you track ad impressions?
Hard to say, there's no shortage of enticing looking medium articles that are superficial and worthless. I would not pay per view that trash even though there are good ones buried in the pile.
"If you thought click-bait was bad before..."
Brave Inc. gets a lot of flack, some warranted, but their Basic Attention Token allows for exactly this. Users can add credit to their wallet by either consuming privacy-friendly ads or topping it up manually, which then gets distributed to the sites they visit in the proportion they choose, transparently in the background while they browse.
It is a shame that this feature gets lumped together with claims of crypto scams, and similar nonsense. Yet this is precisely the right model that could work at scale to eliminate the advertising middleman, and make the web a safer and more enjoyable experience for everyone.
It's frustrating that humans are stoichastic parrots and the minute you mention crypto they go into conniptions because the rails are basically there. It's not user friendly, but it's possible to build a system where you transfer $0.05 cents of crypto to someone as you scroll down a web page using a special browser.
Brave strips out the ads that the creators put on their site, puts their own ads there, then gives the creators some of that money if and only if the creator realizes they have to sign up for Brave's cryptoshit. It's straightforwardly the kind of racket that would get your knees broken if you tried to do it to somebody in real life, but "it's ok because it's on computers". All the flak is deserved.
But then again, online ads are the physical equivalent of a crowd of paparazzi following you 24/7 including inside your home, which would also prompt physical violence in the real world.
From my perspective I couldn't care less if one bad guy is stealing from another bad guy.
This is exactly what I want. I don't really care to subscribe to most written media (I do in some cases) but once in awhile an article grabs my attention and I would shell out to read it.
The Ad model is exactly the problem. If you had anonymous, cheap micropayments where you pay 1 cent per pageview it would not just solve the surveillance problem but it would solve the DDoS problem too (you set up a web server where the price increases with load and clients bid for bandwidth).
Sadly, I think you are wrong. Micropayments seem attractive but the idea falls apart quickly - there are just too many intractable non-technical problems. It has been tried more than once and each effort has failed.
I wrote a longer post on this[0] but to save you the click I will state the biggest problem from a privacy point of view - if you think privacy is bad now with ads imagine how much worse it would be with a payment processor knowing your every click.
Yes, I know about certain cryptocurrencies that maintain privacy, they are a non-starter for micropayments for different reasons.
Even if a magically technical solution to privacy were to emerge there is nothing more valuable than information about paying customers and sites would use browser fingerprinting anyway.
I think it is a technical problem. If you could integrate payment channels on top of private cryptocurrencies that would be enough. Even without the lightning network and just direct 1-to-1 payment channels, it would work.
The article you lists assumes a "conventional" credit card system with chargebacks, massive fees, etc. which makes micropayments ecosystem impractical in the first place. Proposals for micro-payment systems usually describe a way top enable low-fee payments.
The author doesn't take into account modern cryptocurrency tech like payment channels. I really doubt that payments have a natural fixed floor of 10s of cents - Payment providers charge these fees simply because they are in a natural monopoly position, thanks to lock-in and regulation. The need to control fraud is caused by regulatory requirements, which are in turn caused by monopolization.
Despite being technologically less efficient, even traditional cryptocurrency payments are cheaper than bank transfer fees due to competition and low regulation.
Secondly, you assume that no one wants to do micropayments. The infrastructure doesn't exist for it yet. If you don't build it, they will not come.
As for browser fingerprinting, it can be solved on the client side with enough effort. Look at tor browser. Just have a system where cookies, WebGL, etc. are opt in on a browser level in the same way that WebUSB is. Artificially limit the performance of javascript to prevent bench-marking. I think it is possible to solve this architecturally.
Check it out!
https://en.bitcoin.it/wiki/Payment_channels
https://lightning.network/lightning-network-paper.pdf
Also, there are GNU Taler/Chaumian cash type systems that inherit the efficiency of centralized systems with an added privacy benefit.
> If you could integrate payment channels on top of private cryptocurrencies that would be enough.
That “if” is doing a lot of heavy lifting there.
But my point is that even if a magical technical solution existed tomorrow then the same sites that collect data for ads would continue to do so for the much more valuable data on paying users.
https://en.wikipedia.org/wiki/Google_Contributor was the ideal solution IMHO.
Showing ads doesn't require invasive and pervasive 24/7 surveilance.
Pay $5/month to buy credits that let you read content behind that network. Every blog you read gets $0.10. Top up with credits if you run out.
Sending emails costs $0.50.
I read from too many different sources through aggregators like hackernews. With a network you'd probably still have too many subscriptions.
Also wonder if it will really work out, i open too many articles that are pretty bad when you start reading them. So i quit after 1 or 2 paragraphs.
Now if you get the first 2 paragraphs for free, contents writers will start to optimize for good first 2 paragraphs, and afterwards quality will drop. Also, many blog posts or news articles don't have more than 2 paragraphs of good content.
Eh, that's too expensive unless the recipient can authorize refunds for non-spam emails.
But yes, I always thought some form of network syndication would emerge on the Web, where creators could register for their share of aggregated periodic payments made by users.
Still not sure why that's not a thing. I would pay $50/month to a syndicate in return for never having to deal with paywalls on any sites affiliated with them. But only as long as the vast majority of sites participated, and that is probably the showstopper, I guess. We'd end up paying 20 different 'syndicates' for absolutely no good reason, just as we now have to deal with 20 different streaming services.
Ads are annoying, but they are ok, what is not ok is collecting data and then selling it, so they can profile you without your consent across different platforms.
They don't get $5 per month from ads. So the true subscription price must be a lot lower.
One option: a fund where you buy tokens, that you can spend reading an article. That will, however, lead to more clickbait and AI slop and snowing under serious blogs with low volume.
This micro payments for content idea has been tried a few times, with slight variations. No-one has cracked the problem yet. But maybe one day
I know HN doesn’t love crypto, but this kind of thing seems promising for finally cracking micropayments: https://www.x402.org/
how about donating to the creator directly? not subscription, just occasional donations whenever people feel like it - content is more widely available, and people who really enjoy it or are well off can actually fund the development
Yes, but you need a scalable and low-friction donation solution. Patreon is the closest but it doesn’t pay the bills for most creators. Maybe some micro-tipping solution, but nobody has made that work yet.
No one has made a successful micro-tipping solution, because regulations and entrenched interests (banks, payment processors) have too much control and assess per-transaction fees that dwarf the amounts that such a system would be designed send.
Aggregation of tips and payouts would help, but that requires network effects (achievable only at scale) to be viable. I believe this approach has been tried in recent years, but I am not sure where those efforts went.
If someone puts a donate button beside their name or in the corner of their webpage, and that button leads to a payment page, I think that's good enough.
The point of paying creators is so that they can focus on creating content instead of making other things. Giving money to a creator is basically saying "you're so good at what you do, and it has so much cultural/intellectual value, I'd rather have you make content instead of stocking shelves or making food". But this should be reserved for people that publish good content because they can and are passionate about it, not just anyone putting out slop with the instrumental goal of paying their bills. If the friction of clicking a button and filling in payment details is enough to deter people from paying them, then maybe their content isn't worth paying for and they should find some other way to make a living instead.
I already pay my isp. Maybe they should work something out with them.
We could normalize paying content creators directly. So instead of paywalls or ads, we get "donate" buttons.
It reminds me of a game we played with students of data classification algorithms like ID3: How many yes/no questions do we need to uniquely identify everyone in this room?
With like 12 students, that's 4 bits, and it often ends up with 2-3 questions. It starts off with the obvious ones - man/woman/diverse, but then a realization comes in: An answer usually contains more information than just that one bit. If you have long hair, you're most likely a woman and/or a metalhead for example. That part will get shaken out later on.
And those thoughts make these browser fingerprinting techniques all the more scary: They contain a lot of information and that quickly cuts the possible amount of people down. Like, I'm a Linux Firefox user with a screen on the left. I wouldn't be suprised if that put me in a 5-6 digit bucket of people already.
> An answer usually contains more information than just that one bit.
That means there is less information in the question "do they have long hair?", not more. Asking "long hair?" and then "woman?" is probably, in most groups, roughly the same as just the first or second question alone. So the second question added much less than one bit of information because the answer is probably "yes". "Long hair" and then "metalhead" is the same, except that the answer to the second question is probably "no".
Yes/no questions on average contain the most information each when they partition the remaining possibilities 50:50. Then each answer gives you exactly one more bit. The closet you get to either a 100:0 or 0:100 yes:no split, the smaller the fraction of a bit you encode in the answer.
"Metalhead?" usually gives you lots of bits of information (probably 4 in an "average" group of 16 containing at least one metalhead) if the answer is "yes", but on average that's outweighed by the very high chance that the answer will be "no". If there are no metalheads or only metalheads, it gives you zero information.
Ah, I flipped it in my head. That happens after 10 years.
In this case, it was often an interesting exercise in bias as well. "Woman?" would usually single out 1-2 persons out of the 15, so it was a terrible question. It was CompSci after all. "Long hair?", lumping women and metal heads into one group would often split it into half and half. That was much better, and then spurred creative thoughts like travel distance, or bus stations.
>An answer usually contains more information than just that one bit.
Isn't the point to ask yes or no questions?
Yes, but you can make assumptions based on what you know about humans generally. Like their example that if you ask if you have long hair. If you answer yes the likelihood is you are probably female.
You can think of all sorts of questions and answers like this, and when you combine with the assumptions and answers from previous answers you can make even more assumptions. They won't always be correct, but you don't have to be "perfect", depending on your use-case. For example for advertising purposes assumptions(even if incorrect) can still go a long way.
There is a reason Target got sooo good at identifying pregnant women[0] before the women knew they were pregnant that they creeped out women, and had to pull back what they did with that information. This was like a decade or more ago. It's only gotten more accurate since then.
0: one example from 2012: https://techland.time.com/2012/02/17/how-target-knew-a-high-...
> Target got sooo good at identifying pregnant women
That's why I pay with cash and do not have a loyalty card (other customers often offer theirs at cash register anyway). And of course I don't even go to Target.
I don't know if Target specifically use all of these, but I would bet they have data based on at least some of facial/gait/demographic recognition, wi-fi/Bluetooth beaconing, vehicle registrations, time and location tracking, statistical analysis of your purchases and clustering of people you have made purchases next to (e.g. you bought something at same time and till as your mother more then once). I'm sure they have other methods too. They can also combine datasets from brokers that do have a face:name link (say you used a card at another store that captured it and sold the data) and resolve you within their own data that way.
It's still a yes/no question, it's just that the question is "do you have long hair".
The goal of these decision trees is to have as few questions that divide the group in two balanced halves (and also recursively).
If you imagine a binary tree with questions in each internal node, and in each leaf there is a person. You want the height of the tree to be minimized.
Yes, but multiple yes or no questions in combination can easily yield more information than they should in a real dataset. That's the real educational point.
You seem to be confused about the difference between "less" and "more". In general a yes-no question gives less than 1 bit of information if yes and no are not equally likely. There is no way it can be expected to give more.
> There is no way it can be expected to give more.
It is indeed not possible for it to give more, because it only has a single bit answer, which by the pigeonhole principle can't give you more than one bit.
The best yes/no questions are the ones which are independent of each other and bisect the group evenly. "Are you female" is typically good because it will be approximately half the population. Then you want independent questions that bisect the population again, like "does your first name have more than the median number of letters" which should be mostly independent of the first question. Another good one is conditional questions like "are you taller than the median for your sex" since a pure height question wouldn't be independent of sex but that one is.
Whereas bad questions would be ones with highly disproportionate responses, like "do you have pink hair with black and green highlights" which might be true for someone somewhere but is going to have >99% of people answering no, or "were you born on the planet Mercury" which will be 100% no and provide zero bits of information.
The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
The problem is not JS, the problem is useless techonolgies like WebRTC or WebGL that can run without permission and that, I think, are used in 99% cases for figerprinting. And people who designed them and did nothing to prevent fingerprinting.
WebGL and WebRTC are hardly useless, but they allow you to collect way too much fingerprinting data based on the way they've been designed.
Neither WebRTC or WebGL are remotely ‘useless’. Very fair though to say that you would prefer to have them disabled and/or whitelisted for certain sites.
The older I get the more I see that RMS was right about so many things.
When I was young I used to think of him as that eccentric pedantic mit guy but now I see him as a true warrior for freedom.
Oh yeah. He's been telling us for decades how technology will be used to oppress people. I guess he had the experience of how things turned out with UNIX, and knew first hand how hard he had to work to even have a chance at undermining them. What he did at a time was build something from scratch which was compatible with the UNIX interface. These days I would call that a lost battle.
Imagine if you said: I'm going to undermine facebook by building another social network which will be Free software, and will be compatible with facebook. I'll federate facebook whether they like it or not, and I'll do that by reverse engineering how facebook servers talk to each other. That wouldn't work because it takes you huge effort to pull off, and it takes facebook zero effort to change the interface in a tiny way that breaks everythign for you. (Ok the analogy isn't perfect, but hopefully you get the idea of diminishing something's value by forcefully opening it up)
But he hugely contributed to win a battle like this in the late 80s, then Linus Torvalds came in and finished the job in 1991 or so. RMS doesn't get the credit or even appreciation he deserves. I think he's one of the most tragic figures in the history of computers.
>The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
It really isn't, because there's plenty of fingerprinting scripts that run on the same domain, especially fingerprinters from security providers like cloudflare or akamai.
A browser basically is like a really dumb trojan, pulling a whole herd of wooden horses into the city.
Does he have a strong stance of JS in the browser? In any case, I don't think many people would agree that the dubious extra privacy you gain from blocking that is really worth breaking half the web. Fingerprinting is not too hard even without JS.
> Does he have a strong stance of JS in the browser?
Lets see what he says on the subject.
Ok so his issue is even more obtuse - he doesn't care about fingerprinting; he cares that not all JS code is GPL.
Did you actually read the article? It doesn't mention GPL even once.
And neither does the page on LibreJS, which is the tool he created to attempt to address the problem[1]
I would re-frame "is it really worth breaking half the web" as those sites are not compliant to begin with. Nothing in the web standards stack mandates javascript, its an optional feature! Web developers of yore understood that a fundamental property of a properly written web site was to degrade gracefully if javascript wasn't available, but the groupthink of the past decade has chosen weaponized incompetence over doing their jobs and in the process has not only thrown a load of noncompliant insecure garbage out there, but broken a load of accessibility standards, and other things in the process.
Blocking most JavaScript is fine, it mostly just breaks the silly pointless over-designed sites anyway. Just like everything else, most of the internet is garbage; blocking over-designed JavaScript sites isn’t a perfect filter but it is an ok first heuristic.
His stance is pretty simple. The JS on most pages is proprietary, and he doesn't like proprietary software.
The real problem: if you can’t be identified, the system assumes you’re a bot, untrustworthy, or both and instead of reading content you get to select squares with buses and traffic lights ad infinitum.
Yes, and the conspicuous lack of signal is itself a signal.
"Get me all the individuals in this geo area that have atypical communication patterns..."
What I don't get, all this data is reported by your machine - why isn't there a tool/browser fork that allows spoofing a (fairly) complete realistic profile, with some sane presets like Edge/W11/Thinkpad or Safari/macOS/M4? Is it too complex, would it break too much, or am I just unaware?
For a fingerprint to be useful it must not only be unique but also persistent. If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
Point still taken, however you can only really check if a given font is installed, not obtain a list of all fonts. Thus, installing a wacky font is pointless as the fingerprinter won’t bother to check that particular font. There is queryLocalFonts on chrome but this requires a permission popup.
>If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
Services with a large enough fingerprinting database can filter out implausible values and flag you as faking your fingerprint, which is itself fingerprintable.
But they still wouldn't be able to confidently connect his different fingerprints to the same individual, just that he is one of a group of individuals who fake their fingerprints.
It would depend on what your existing fingerprint is. If you're using some sort of rare browser/OS/hardware combination (eg. pale moon/gentoo linux/IBM thinkpad) it might be worth spoofing, but if your configuration is relatively "normie" (eg. firefox/windows/relatively recent intel or amd cpu/igpu)you're probably making yourself stick out more by faking your fingerprint.
The issue is that, especially on desktop, I doubt there are many fingerprints that more than 100 people have, given everything that they test. I would even suspect that most common desktop fingerprints are classified as bots.
It's likely that yes, you will end up with an alias that links you because of a cookie somewhere, or a finger print of the elliptic curve when do do a SSL handshake, or any number of other ways.
The ironic thing is that because of GDPR and CCPA, ad tech companies got really good at "anonymizing" your data. So even if you were to somehow not have an alias linking your various anonymous profiles, you will still end up quickly bucketed into a persona (and multiple audiences) that resemble you quite well. And it's not multiple days of data we're talking about (although it could be), it's minutes and in the case of contextual multi-armed bandits, your persona is likely updates "within" a single page load and you are targeted in ~5ms within the request/response lifecycle of that page load.
The good news is that most data platforms don't keep data around for more than 90 days because then they are automatically compliant with "right to be forgotten" without having to service requests for removal of personal data.
You could test with this: https://github.com/abrahamjuliot/creepjs Does it store the data? Unknown.
The best browser for protection is https://mullvad.net/en/browser because it makes the connection uniform, to better blend in.
> best
I guess that really depends on how you classify "best"
Tor is pretty good for protection. Then there's always i2P as well…
Saying one browser can protect the best is pretty hard to prove.
Best among existing. Anti-fingerprinting field is still in it's early stages.
I wouldn't say Tor Browser is the best because it requires custom configuration to be usable conveniently, which will make the connection non-uniform (and the user will stand out).
>Tor is pretty good for protection. Then there's always i2P as well…
Tor and i2P does nothing for (anti)fingerprinting - the program which render the web pages does.
>Saying one browser can protect the best is pretty hard to prove.
Not a proof but things to consider: https://privacytests.org/
I'd like a "Firefox + uBlock Origin" column on that page. (But then you'd have to consider filter lists enabled...)
I still haven't found a method that can fingerprint simple Firefox containers. I use automatic temporary containers as a rule, and rules for specific sites where I want to keep persistent sessions.
I don't understand how temporary containers are still not a built-in Firefox feature, it seems like such a no-brainer solution for privacy.
Open question,
If you're on a VPN and using Firefox containers, is the only way to identify me to look at my mouse movement and correlate it?
Isn't the semi-recent per-site cookie jar most of this functionality?
How to scream I'm behaving badly online...
Sandboxing in containers and manually exempting specific security tokens is arguably one of the better steps we can take in the immediate term, as are random agent strings and returning fake data for common prompts. Of course that only works in the immediate, because this, like advertising in general, is an arms race at the moment.
This feels like a regulatory question, not a technical one. We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points. The long-term solution seems like it should be severe consequences for data breaches (as in, corporation-destroying penalties for disclosure of PII, including fingerprint data) such that everyone only collects the data they need to provide the service in question and not a single bit more, deleting it as soon as it's no longer necessary. Right now there's no consequence if Google or Meta disclose huge swaths of user data, and thus no disincentive to collecting as much as they possibly can.
Punish the leaking of data, and suddenly you've raised it's cost to the point that casual players will nope out entirely. From there, it's the eternal back and forth of governments waffling between business and electorate interests.
> ...severe consequences for data breaches...
Often had the same thought, if not shared same opinion. On the other hand, stiffer penalties have the trade off of incentivizing cover-ups, i.e. disincentivize honest disclosure.
>We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points.
I'm very skeptical of this claim, especially in practice. Contrary to what many fingerprinting sites claim ("you're unique of everyone we fingerprinted!!"), browser fingerprinting can't possibly uniquely identify someone. Smartphones are pretty locked down and there's very few customization options that allow for fingerprinting. In the US Apple has around 50% market share in the US, and there are 30 iPhones models that are still in support. That means if you're an iPhone user in a city of 1 million, there are, on average, approximately 16.6k (500k / 30) other people with the same exact model of iPhone (and therefore fingerprint) as you. As long as you don't do anything to stick out (eg. living in the US but setting Denmark as your locale), you'll be reasonably anonymous.
> Worst of all, perhaps, it can extract a canvas fingerprint. Canvas fingerprinting works by having the browser run code that draws text (perhaps invisibly), and then retrieving the individual pixel data that it drew. This pixel data will differ subtly from one system to another, even drawing the same text, because of subtle differences in the graphics hardware and the operating system.
I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
Is the implication that there are certain graphical operations that - perhaps unintentionally - end up becoming akin to a physically unclonable function in hardware?
I have heard of such things. The signal is not persistent over time, since it's dependent on eg heat and concurrent operations. But it's there, to some degree, and can be correlated over time somewhat.
We've made our world a scary place.
>I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
per combination of hardware(GPU, resolution of display) and software(exact drivers)
Browser data points can make it easy to identify a browser or in some cases even a specific machine, but that doesn’t necessarily equate to identifying a user. What frustrates me is that it takes a service I trusted with my personal data to be the one that attaches an identifier to those metrics. The best practice for privacy is to always keep profiles and identities separated, rotate P.O. boxes, email addresses, phone numbers, and payment methods so that when someone identifies your browser or device, the accuracy of linking it to you stays low. Of course, this approach comes with its own problems...
I'm sure it's a privacy issue. But how does this browser fingerprinting harm the user? Maybe it can work like a session cookie used for correlating across different requests from the same user. What's the damage here?
seeing projects like https://github.com/jonasstrehle/supercookie kind of fill me with a dread about just how many holes would need to be plugged in the web for "privacy" to be assured, and how that would degrade my experience as an end user
To extend the closing remarks from a SIGINT perspective, sure some fingerprints are non unique and short lived, have little data. But hang onto it long enough and sure enough some slower data from another band might eventually correlate it with something else.
The last time I looked at this seriously I was trying to find out how much fidelity (if it was possible at all) was necessary to identify someone by their mouse and keyboard input.
It's not just what you do but how you do it.
> Since almost every web browser in the world now supports JavaScript, turning it off as a measure to protect privacy is like going to the shopping mall wearing a ski mask.
I'm going to steal this nice analogy, for when I try to explain this point and some related points.
you're all running chrome signed into google with 47 extensions and complaining about privacy. the call is coming from inside the house
You missed one of our best guarded secrets: ja3 hashes and their successors.
Basically, we can identify browsers based on the supported ciphers in TLS handshake (order matters too AFAIK). Then when your declared identity is not matching the ja3 hash, you're automatically suspicious, if not blocked right away. I think that's the reason for so many Capchas.
I built a nice tool to visualize that: https://tls.peet.ws. Its not that secret anymore though, more and more libraries are starting to allow spoofing for browser tls configs. There isnt really a cat/mouse game here - once you match the latest chrome, there is nothing to fingerprint
I do not think I understand that website. I see that JA3 always gets changed after refresh, but not sure what JA3 is. Why is it always different, and is it good or bad?
Modern browsers randomise parts of the handshake, which results in an unstable ja3. ja4 and others normalize the relevant details to make the fingerprint constant again.
How effective is it at "un-anonymizing" me? I value privacy. What do you think I can do about "any" of this?
It tends to identify your platform/browser version, with relatively low granularity. Unless you have an unusually rare OS/browser config, it won't deanon you on on its own. But it can be combined with other fingerprinting vectors.
JA3/JA4 are useless now.
At best they identify the family of browser, and spoofing it is table stakes for bad actors. https://github.com/lwthiker/curl-impersonate
Slight correction: Spoofing it is table stakes for ever so slightly capable actors.
These will still help against the masses of dumb actors flooding your stuff.
What’s ja3?
Here you go: https://developers.cloudflare.com/bots/additional-configurat...
It's a better explanation that I can provide.
Oh! Now I wonder, if crowdsec could issue bans based on that
Thanks for the browser recommendations.
I switched to the Mullvad browser. The other recommendation, LibreWolf, provides the following warning on install which scared me away: "Warning: librewolf has been deprecated because it does not pass the macOS Gatekeeper check! It will be disabled on 2026-09-01."
FYI I wouldn’t say that the Mullvad browser is any better at anti-fingerprinting than Librewolf. I always point people to http://fingerprint.com/ so they can see how difficult it is to beat even JS based tracking and this doesn’t even get into the server-side methods (i.e. just fetching a stylesheet) of tracking users.
That’s not to say you shouldn’t use a browser that blocks ads etc but I don’t think people should immediately think that they’re not fingerprintable because they’re running these. There definitely needs to be more discussion on the reality of how much these browsers can “protect” you.
tldr -- it's fine. MacOS Gatekeeper will create warnings about products that are not signed via the apple developer program, which is $99/year librewolf is an open source product, that is very strictly a "community" libre / FOSS project. naturally, having an individual take up notarization assumedly, you are using brew -- brew recently decided to stop supporting / deprecate all casks that does not pass gatekeeper checks, for some reason I cannot fully determine.
Why would I trust any software that doesn’t pass the gatekeeper test? Even if it claims to be “open source” with links to some code repo there is no guarantee the binary blob you are running was built using only that code and nothing else.
Sure even with the gatekeeper test you can’t be sure it’s built against only the claimed code but it does guarantee:
1) the binary hasn’t been modified since it was signed 2) the binary was signed by somebody in possession of the private key 3) there is some measure of identification via Apple on who or what signed the binary 4) somebody was willing to fork over $99 to sign the binary
It’s not perfect security by any means but it is something. Otherwise the binary you are running might as well have come from some sketchy email attachment. And fuck that. Why would I want that on my machine?
I get that the $99 might be a hurdle for “non-organized open source” (ie most open source… doesn’t have a non-profit entity to take up the expense and credential management, etc…)… and there are probably ways apple could make it easier for such “collectives”… but ultimately I’d argue that signed binaries are good for everybody. While imperfect, they provide some form of traceability and accountability.
obviously it’s not a 100% guarantee of being fuckery-free. The private key might have been compromised, the appleid might have been hijacked and the developer program might have been enrolled with stolen credit cards… but it’s still a hurdle to filter out a large swath of low effort nonsense.
You could always just build it yourself from source if you are concerned.
Sure but most people aren’t going to do that. It automatically limits the audience willing to use the software.
This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface…
The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key.
So for Linux, generally you are installing packages from your distro's repo so they are signed by the repo itself. I would have assumed that it would be the same on Mac with brew/macports/etc signing the code, but from what you are saying I guess not, I don't see why.
Edit: Apparently Brew doesn't sign stuff because they don't trust the code they are being asked to sign. Apparently you can just get brew to build the package locally with `brew install --build-from-source librewolf` though which is useful.
On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.
Sounds like you need to switch OS
The article rants about how turning off JavaScript is actually harmful because it makes you more fingerprintable, then in the same breath recommend switching to an obscure browser nobody else uses?
If you want to avoid being uniquely identifiable stick to Chrome, signed into a Google account, running on a PC from Best Buy.
We’re working on a comprehensive solution here (and could use your help), the Ethical Computing Initiative.
when PayPal tells you that they already know you and don't require you to log in: that's fingerprint.com behind the scenes.
There are pros/cons.
It should be obvious by now that using any free service of scale is being paid for by your interactions which are made more valuable through fingerprinting.
Trying to circumvent that just makes it more expensive for the rest of us.
Paypal does what? I'm sometimes nervous I only need 2 factors of authentication. 0FA seems dangerous for financial anything.
All this and I still need to click on the cookie pop ups like they'll bring the cargo planes to the island.
I’m curious if there is a product like cloudflare’s remote browser isolation that obfuscates it in that way.
How exactly do advertisers take fingerprints and translate that to targeted ads for each user?
A combo of your IP, browser fingerprint plus the fact that you logged in somewhere and that links to your actual name etc. Identify you in isolation is not very useful. It's connecting that identity to another place that's valuable.
The browser history is collected across multiple sites to form a profile. If the user ever enters their email address or logs in, their entire history is deanonymized.
10 years too late.
There is no good technical solution here. But the damage could be limited if browsers at least limited entropy somewhat. Stuff like reading back canvas contents should need user approval.
Just make sure it’s sufficiently illegal to keep this info. Find and make big visible examples of fining companies that trade in this info. If a company sells a product that fetches ads based on an ”identifier” their little js snippet computed then just pay them a visit. Fine both them and their customers to the max extent of the gdpr (or equivalent).
Don’t confuse privacy with anonymity. One is a right in the US, the other is not.
Not trying to be sarcastic; I may be unaware of some relevant legal framework for the US, could you please elaborate which one is a right and how is it enshrined and enforced?
Arguments for both are derived from, but not explicit in, the Bill of Rights. Privacy has broad points of support while anonymity is primarily attributed to the First Amendment, but only in narrow circumstances.
Not American here, but I'm aware of both privacy in mixed forms (privacy act 1974, HIPAA, COPPA, and CCPA in California); as well as anonimity in First Amendment et al since there's case law (IANAL) demonstrating the requirement of anonimity to avoid persecution of free speech.
All of these have limitations and exceptions in a complex legal system. But to issue a blanket statement like the comment above is no really correct - just trying to make a point, I guess
Also not a lawyer but anonymity case law is a mixed bag to best, and more practically speaking very narrowly targeted compared to privacy.
The only way to have privacy in a semi public location, like the Internet, is anonymity.
Ask any celebrity how much privacy they have. They can’t even buy Starbucks without people commenting on how fat their comfy clothes make them look. Because they have no anonymity.
JavaScript disabling helps a lot, regardless of what author says. It disables most of the tracking attempts, improves security and most of all pages load faster and hardly break if you're just browsing anyway.
The whole article never mentions the gold standard of anti-fingerprinting, Tor Browser. It just shows how shallow the article is when it mentions Mullvad Browser, a fork of TBB, instead of TBB itself! There's also no mention of using an upto-date DNS block list to thwart fingerprinting attempts even more
Yeah, I don't get it. Tor browser alone, with no additional configuration and basic hygiene, is enough to stop any fingerprinting and tracking. The only problem is that it's too private, and tor traffic is often associated with crime, so it's sometimes blocked, notably by cloudflare.
I don't use it for daily browsing, but when I want to search for something I don't want associated with me (for example, health concerns) I just use tor browser and don't worry about tracking.
The Tor Browser won’t effectively stop fingerprinting, if anything it makes you more unique due to the low amount of people worldwide using it, and then you add points of data by using different DNS providers, extensions etc.
The Tor Browser as a privacy measure is likely no better than a normal browser with uBlock if you’re also using it like a “normal” browser, signing into the same accounts you always use etc. My opinion obviously but I dislike people recommending the Tor Browser as a lot of it’s primary benefits are lost if you’re just using it as a daily driver browser.
I always point people to https://fingerprint.com/ to see if their browser can defeat it. Most of the time you can’t without clearing cookies, changing device resolution, change VPN location etc. something the average person can’t/won’t do. Even JS aside there are a ton of different ways to track people based off even just getting server side data when a site’s stylesheet is fetched.
Has anyone ever thought that RSS doesn't have a fingerprint?
Because the sites that still offer feeds, at least those for which a feed makes sense, well, you can read them comfortably via RSS.
I don't mind advertisers knowing more about me. If they can display ads that are relevant to me, this is a better experience on both sides.
Unfortunately there is no way to tell advertisers, "No, I'm not interested in your product. I never will be. Don't waste your money."
The top offender is Hims. No, I don't have hair loss. I don't want hair loss supplements. I also don't have ED, and I object strongly to ads for that showing up unexpectedly when I'm showing a YouTube video to someone else.
The second top offender is whoever it is (they keep changing their name) who thinks that I need some kind of Christian motivational course to get control of "the P-word". (Their phrase, not mine.) No, I don't have a problem with pornography. I am very rarely interested in it. And when it comes up every few months, I don't feel any guilt about it afterwards. Furthermore I'm an atheist. A Christian motivational course isn't going to work well for me regardless.
Yes, Google does offer a report function, and a block function, for ads. The report function seems to have gotten rid of the unwanted ED ads. The block really doesn't work when the ads are all very similar AI slop that is rotated frequently. Block this ad, and then next unwanted ad from the same source will be coming along soon enough. (The reason why I particularly dislike Hims is that they are more aggressively rotating their ads.)
Relevant/personalised ads doesn't mean ads that benefit you. It's means ads that are better able to extract money from you.
It means that, when you need a new dishwasher, you will never see the actual best dishwasher for you, only dishwashers that are a bit more expensive than you actually need but you will end up buying one of them anyways.
It means that you are more likely to see products you would impulse buy just after you get your paycheck. Or slightly inflated prices on things you usually buy.
It means ads designed to take advantage of addictions to sugar, alcohol, gambling etc
Finding stuff you actually want to buy has never been easier, you can find hundreds of reviews and comparisons instantly. People who opt into personalised ads don't end up being more savvy online shoppers, they just end up buying more junk.
My preferences are based on my understanding of myself.
I do not have those problem addictions. Of course I am going to comparison shop for any large purchases. I am good enough about controlling spending that excess junk isn't one of my problems.
But what I do have a problem with is coming up with creative ideas for people in my life. So, for example, I would have never thought to look for https://www.zazzle.com/cup_equation_love-168099175298227864. But I'm very glad that someone out there knew enough about me to guess that this might be an item that I'd like. And my wife liked the cup a whole lot.
Does this happen often? No. But I'm perfectly happy to pay a premium for a product when an advertiser gets it right.
There are always situations where an advert is useful and we remember those. However, when an advert causes you to spend more than you would, you have no idea it has happened.
Maybe you truly are above the influence of advertising. However, almost no one believes that they are affected by advertising yet clearly almost all of those people are wrong.
I find it safer to assume I am part of the vast majority of people who would be influenced by personalised advertising. Given that online advertising is basically the biggest business in the world, I assume that it would find a way to get money from me.
That is a loser's proposition. Targeted advertising should be objected to on the grounds that surveillance and manipulation are unethical, it doesn't matter how useful it may or may not be in your personal experience. Them suddenly being more useful wouldn't make them any more ethical.
If you don't mind them knowing but resent the ads, you can just block the ads. You can do dns ad blocking[1], in-browser plugins/extensions[2], finally, patch the apps[3]. Or deploy all of them.
[1] https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#...
[3] https://revanced.app/patches?pkg=com.google.android.youtube
Perhaps you missed that I am willing to deal with ads in general? I am perfectly willing to put up with the annoyance, and like knowing that I am bringing money to the channel that I'm watching. I only want specific advertisers turned off.
A general "show me no ads" solution is not my preference.
On the pros of fingerprinting: it's practically the only consistent tool to prevent malicious use in certain usecases, such as app hosting and similar bot protection.
Email validation doesn't work. Ip blocking doesn't work. Captcha? Kind of. Fingerprinting? Very efficient.
Browser fingerprinting has been a thing since at least 2008. Kissmetrics was the first company I heard of that was doing this.
I mean... I don't give a fuck about fonts, I don't give a fuck about drawing shit to some canvas. Can I not just opt out?
Yes, I know that's ski-mask bla bla bla, but I still don't want my browser to be doing this nonsense.
There's the gemini protocol and gopher.
When I think of all the tracking that goes on, these are becoming more lucrative.
Gemini and Gopher are better than the existing WWW, (although there are others as well, such as Spartan (uses the same file format as Gemini, but it is a different protocol without TLS), Scorpion (my own format, intended to be between Gemini and "WWW as it should be if it was designed better"), and others).
However, you might also want to access HTTP and HTML, and to do so without needing to load fonts, pictures, etc; you might use a web browser that omits many of these features. However, it also can result in some problems; there are a few ways to work around some of these, such as adding your own scripts to handle some services, adding proxy services for handling some services (although some of these can use other protocols such as Gemini), and/or using the HTML/CSS commands in other ways (e.g. using ARIA to decide the formatting rather than using CSS). However, there are other issues, e.g. if the web page you download includes more junk than the actual main text.
>And even though my personal safety and liberty probably aren’t at stake, I don’t want to give any support to the global advertising behemoth, by allowing advertisers access to better information about me.
Giving the surveillance economy access to your habits means making them slightly better informed about everyone. That won't directly endanger you; the SE will just become slightly better informed about how people like you function.
This will enable it to increase the amount of risk faced by some other person that you will never hear of (and vice versa) if any of you is even suspected of endangering the SE, in proportion to the risk to the SE which people like you may hypothetically pose, as quantified by the methods of nepotism-powered pseudoscience.
When an individual stalks a person without their consent, it is considered unlawful. Why is it ok for websites to do this?
Perhaps what is missing is a criminal law that forbids deliberate non-consensual tracking of a person's activity. Even in public.
Recording someone as you happen to be recording something in public (including CCTV) is not deliberate or targeted towards an individual. But even in public, if someone followed you around tracking what you're doing (even without recording you), that shouldn't be lawful. Public figures and law enforcement activity based on probable cause being the exceptions.
Can anyone think of any reasonable counter-arguments to this?
A counter argument is that stalking in itself, in the US at least, is not unlawful. It becomes unlawful once someone starts threatening another person. So the digital analog would be to allow tracking as long as the site doing the tracking doesn't threaten the people that are being tracked.