• Allero@lemmy.today
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      It seems to count a swipe as a series of dozens of movements. Probably to show there’s a clear fingerprint even in how exactly you move your finger.

      Websites don’t just get a “swipe” command. They know exactly where your finger is on the screen at any given moment.

  • DornerStan@lemmygrad.ml
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    It’s been a few years since I was invested in this topic, but I think the “meta” for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.

    Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.

    Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.

    Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don’t want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.

    For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a “blocks JavaScript flag” is just a single unique identifier.

    Sandboxing and siloing can also mitigate some of the risk, and is relatively painless once implemented.

    All of it comes down to threat model and motivation. You can probably get like 70% better privacy/security for 20% of the work, which is a good standard for a typical usecase/person. Install ublock, disable some of the higher risk and less useful tracking (websites don’t need my fucking battery and gyroscope).

    Diminishing returns start to hit hard, in part due to the passive fingerprinting / active tracking tension, due to cloudflare, due to everyone around you that doesn’t give a shit. Anything on the other end of the risk spectrum should just be done without a smartphone in the vicinity, if possible.

  • RememberTheApollo_@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.

    That’s it.

  • Anna@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    Opend it in Tor Browser inside a Whonix dispVM inside Qubes OS it got nothing on me

    • QuietCupcake [any, they/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      I tried it with Tor browser on a standard OS, hoping I’d get a similar result to what you got using Tor on Whonix, etc. It fed me a line about how my information was still shared but because javascript is turned off, it can’t tell me what that information is. More like it won’t tell me, because amiunique.org and other sites like this do so just fine. I know I can turn js on and reload, but part of the point would be to see the difference in info shared with it on vs off but this place can’t test that.

  • plz1@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    “We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t leaking offering it.

    • iglou@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.

      This is not intended to be for people who understand how this works.

      And as someone else said, probably vibe coded.

      • Zerush@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.

        • Ironfacebuster@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information

          Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!

        • iglou@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.

          • Zerush@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            What the website see is the current IP of the used ISP server in this moment. In the last check it was Madrid, several hundreds km from my real home. The public IP isn’t the same as my user IP, which only know my ISP and I (and the police by the ISP, if exist a court order). The public IP don’t show your real location, the website only can use your GPS data if you have it activated or if it appears in your account data (Google, Google Maps).

          • lobo@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            depends on the isp, my router has its own adress on the iternet

            couple of friends have a different isp that layers it users behind multiple nats so half the city would show the same ip on a website

      • Bane_Killgrind@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??

        The opsec implications are severe.

        • iglou@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose

  • Zacryon@feddit.org
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    Well then I am glad that it got most of it wrong. I don’t even put thaat much emphasis on fingerprinting countermeasures. Apparently, using Firefox in a private tab is enough.

  • FE80@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Welp, my user agent switcher is successfully purporting to be a different operating system.

  • printf("%s", name);@piefed.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Quite fear mongering and not very educative. Throws around a lot of terms whose meanings are not explained, nor are there links to further descriptions. This doesn’t help people who need to know about this stuff. If you already know about this stuff, it doesn’t really add any value.