What I'd love for these sites to do is help me understand where I am distributionally. How unique am I? On what? Help me understand what needs to be fixed and what my threat vector is.
The problem with these is that I'm always unique. Doesn't matter what browser I'm on or what. If I am unique on a clean Apple laptop in either Safari or Chrome then it is essentially meaningless. I got controlled hardware and vanilla software, how else do you blend into the crowd?
But in the wild sites aren't always implementing all these features. So I want to see if I'm unique to standard site or even one that is a bit more heavy. Importantly HOW unique am I? What things am I not unique, how unique am I, and what are the most unique things about me?
Having that information gives me the ability to do something about it. Without that information then this is just like any other website where essentially the message is "be scared! People can track you on the internet and there's nothing you can do about it!"
This EFF tool does this https://coveryourtracks.eff.org/
To critique that (and maybe suggest what OP can do to make theirs better) is that there's poor visualization. What's great is that it tells me there right in center
> Our tests indicate *that you have **strong protection against Web tracking***.
> Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Your browser has a nearly-unique fingerprint
Bits of identifying information: 6.76
One in x browsers have this value: 108.61
One in *108.61* browsers have this value
In an ideal setting I think the site should suggest to users what they should change and show them where they could be with the new settings. Letting them play around and adjust a some settings.
I know I'm being nitpicky here and to be honest I think the EFF version is "good enough" but I still think adding such visualizations and letting users "see" the results makes things easier to understand and can help them know what to do.
[0] https://seaborn.pydata.org/generated/seaborn.kdeplot.html
[1] In this case it isn't going to be continuous since I pulled from the User agent so this will have more discrete bins. Helping inform the user would be seeing the proportion of those other bins. That way they know what to change their user agent to!
And creating that comparison is far harder than people think. To answer "How unique am I?" I need a large, representative dataset of fingerprints collected over time and ideally weighted by how often real websites use each feature. That would require running an backend and database.
It’s something I’d like to build eventually, but only in a privacy-preserving, opt-in way that aligns with the spirit of the project.
For privacy prevention, maybe you can help me understand something better then. I was under the impression that for the most part, each fingerprinting technique itself was not enough to identify someone, but it is the collection of them. So in that setting, would not showing the distribution of the individual metrics likely preserve privacy? I can certainly see some subtle naive trap existing here that I'm not aware of but do you know of one? I at least would think things such as agent, dark mode, and some other things shouldn't risk deanonymization. Though clearly things like coordinates, unique fingerprints, and probably even the canvas fingerprinting shouldn't be shared. As long as each data point isn't associated with others and you have a decent sample size. But also I'd love to learn if I'm missing something important.
Here's a suggestion: it's important to show us that our browser footprint allows us to be positively identified and tracked, but it only alerts us to a problem. It would be very useful if the site also provided some tips to improve anonymity, particularly if it's low-effort changes such as tweaking a couple of config changes.
But, they are bucketed
https://www.w3.org/TR/webgpu/#privacy-considerations
It's not zero pieces of info but it's also not close to as bad as it looks. Effectively, everyone who has, say an NVidia GPU, will likely have the same list of features and limits.
As a more general example: The number is just a flat out wrong
> Unique to 1 in 2,147,483,648+ devices.
No, I have an iPhone Pro and am in the PST time zone, set to English. It has the exact same finger print as millions of other devices among the 40 million people in the PST time zone. In general, The only things different between 2 iPhones of the same model are time-zone, laguange setting, and font size.
Please STOP EXAGGERATING!
Your IP address, ASN, and location make this not true.
I’ve been experimenting with ways to reduce my browser fingerprint and exploring techniques to anonymize fingerprint data.
So I built this.
This is kind of like a lighter, more thorough version of CreepJS but entirely client side. I don’t maintain massive lists of time zones or do server-side comparisons to calculate uniqueness. Instead, it automatically surfaces everything a browser exposes, explaining each item in detail.