[HN Gopher] Am I Unique? ___________________________________________________________________ Am I Unique? Author : csomar Score : 130 points Date : 2020-01-25 20:45 UTC (2 hours ago) (HTM) web link (amiunique.org) (TXT) w3m dump (amiunique.org) | hmexx wrote: | My fonts alone makes me pretty unique it seems (<0.01%). 180 or | so fonts that the browser is happy to share with the world. Does | seem a little unnecessary. | mNovak wrote: | Qwerty keyboard layout yields 0.7% uniqueness? Do other browsers | just not declare this? | mikenew wrote: | Apparently I'm the only person in the world using | linux-5.4.14-zen with a Radeon VII. Which would be kinda cool if | that information wasn't being broadcast to every site I visit. | zamadatix wrote: | Interestingly this led me to notice Firefox limits hardware | concurrency to a max of 16, changeable in about:config via the | key dom.maxHardwareConcurrency | michaelhoffman wrote: | The irony in using the "Do Not Track" attribute to track users is | delicious. | fragsworth wrote: | I appreciate that you pointed this out, I would have missed it. | | Brilliant and terrible. | jdc wrote: | Is it just me or would people rather be able to spoof or disable | these fields without drudging through thousands of lines of C++ | code? | zamadatix wrote: | Most of these fields you don't want to disable or spoof because | either it breaks your web experience (imagine images randomly | not loading because you spoofed your headers and the server | thinks your browser supports .whatever or because you emptied | the list and the server doesn't know what to send) or because | it makes you unique (having your build id be "" is certainly | more unique than whatever others actually use). | | The tests you can spoof like the canvas fingerprinting where it | doesn't break the canvas and the results are already so spread | out being unique isn't an identifier itself are already built | into a lot of browsers. The site doesn't really acknowledge | this though, it just says "you're unique" without checking if | it's a different unique value each time in which case it | doesn't identify you at all. | michael-ax wrote: | However, your full fingerprint is unique among the 1545859 | collected so far. | anidea01 wrote: | Great idea! Targeted advertising is really upsetting. If we take | it one step further: | | 1. Find out the top non-unique fingerprint [of the year.] | | 2. Create a Firefox add-on (or modify Firefox source if an add-on | is not powerful enough), which uses the most non-unique | fingerprint [this year.] | | 3. Targeted advertising ends for those who use the plug-in/add- | on. | | It's a cat and mouse game as fingerprint parameters keep | increasing, but I think it's possible to win this one. | MivLives wrote: | The problem with this is the less unique you are, the more you | start looking like a bot. The more you look like a bot the more | times you have to do things to prove you aren't, like captchas | anidea01 wrote: | True. | | But I only care about filling captchas on say banking | websites, which is approximately happens once a month. | | The rest, I just close the tab: the content never worth it. | | The most obnoxious ads don't care about captchas, they just | blast you with ads from your previous search | keywords/browsing history. | | p.s. Would the amount of captchas reduce if we take not the | top most non-unique fingerprint, but say "slightly below | average"? It will be still severely non-unique for ads | purposes. | twelvechairs wrote: | This is Google's strategy to defeat privacy in a nutshell | TTPrograms wrote: | A better solution would be to scramble parts of this | fingerprint for each domain. | wizardforhire wrote: | a small price to pay for anonymity | jammygit wrote: | What terrible browser design to send all that data. I would never | have imagined my computer was sending all that off 10 years ago | gowld wrote: | It's doesn't "send the data" so much as "a general purpose UI | platform cannot work unless a program knows the configuration | of the UI". The idea that your complex computing environment | could have an arbitrary complex conversation with an app, and | not expose its identity, while perhaps desirable, it | impractical. | | You can browser behind a generic user-agent firewall, but | you'll get a severely degraded experience that treats an Apple | watch the same as a desktop workstation. | rovr138 wrote: | Using the user agent string for this is not needed and is not | common now for new projects. | skybrian wrote: | Standardization on only a few design variations might fix | this? People would complain about monocultures, though. | brundolf wrote: | I've heard of a similar phenomenon where hackers probing a | system can fingerprint different software stacks based on what | they get as responses to different "undefined behavior" inputs. | Anything that communicates with the outside world is | intrinsically giving up some information about itself. | milofeynman wrote: | Alright, so how do I fix the unique ones like Canvas? | | Edit: To block canvas fingerprinting I set | `privacy.resistFingerprinting` to true in Firefox's about:config. | Now I am trying to figure out how to disable the font list and | Media devices, etc. | mattmein wrote: | What does it mean that I have a unique user agent? I just use | normal brave browser. | trashcan wrote: | Most likely that it isn't very common. Mine said <0.01% for the | Brave user-agent. | kzrdude wrote: | Firefox developer edition / windows ranks at 0.02% :) | Hamuko wrote: | "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) | Gecko/20100101 Firefox/72.0" (mainline Firefox) is | apparently 0.02% as well. | dantle wrote: | Are you sure you're looking only the "User Agent"? The text at | the top is describing your entire "browser fingerprint." It | includes everything the server could gather from you. Including | cookies, browser version, width/height of the window, etc. | | In case it's not clear, uniqueness should be seen as bad in | this case. It means you can be tracked. | Mirioron wrote: | I'm also getting unique useragent with Brave. | dantle wrote: | I'm using Brave and my useragent is not unique. | | Version 1.2.43 Chromium: 79.0.3945.130 (Official Build) | (64-bit) | filoeleven wrote: | No idea what it means, but I am also curious. I literally just | installed Brave on IOS before checking it out, so I tried it on | IOS Chrome and the fingerprint was still unique. | | I think it might just mean that we leak waaaay more data than | most of us realize... | ubercow13 wrote: | My user agent also says 0.16% similarity and I'm just using | safari on an iphone. How can that be? | Zenbit_UX wrote: | There's more than one iPhone, more than one IOS version and | more than one version of safari. Multiply the odds of someone | having your exact setup AND browsing this site. | codingmess wrote: | I get just 0,31% similarity rating with the latest Firefox. | mynegation wrote: | I hope it is a joke (pretty good one if it is), but on an off- | chance it is not: it is entirely plausible that you are the | first Brave browser user to visit the site (or at least Brave | of that version). | thatcat wrote: | Not a joke, panopticlick by eff does this too and explains | how it works. | Mirioron wrote: | I am unique through the useragent. Apparently Brave and Chrome | both put the device model of your phone into the useragent | string. It also contains your OS version and Chromium version. I | guess those three points alone are able to very significantly | narrow you down. | arkadiyt wrote: | Chrome published an intent to freeze the user-agent string: | | https://groups.google.com/a/chromium.org/forum/#!msg/blink-d... | idclip wrote: | Im unsure why all that data is needed when i simply visit a | website to read stuff or watch stuff on youtube. Is it really | necessary? | cies wrote: | Nope. Not at all. There is a browser[1] that tries to hide | this stuff for you (it's the FF-derived TOR browser w/o the | TOR bit). That should be a good start. | | 1: https://www.whonix.org/wiki/SecBrowser | notatoad wrote: | What does it mean when i load the test, and it says i'm unique, | and then i go back five minutes later without changing anything | and it says i'm still unique? | | are they tracking that i've run the test before, verifying that | i'm me, and telling me i'm still unique, or is my fingerprint | differing between two subsequent tests? | | also, i'm suspicious about some of these values - only 0.13% of | people have a querty keyboard layout? Only 7% of tests have no | gyroscope? That doesn't sound right. | codingmess wrote: | It says they set a cookie for 4 months. | [deleted] | runninganyways wrote: | Good news! I am unique. My experience is valid. I really needed | to hear this. | cle wrote: | Is there something actionable I can take based on the results of | this page? E.g. is there some Firefox add-on that obfuscates | attributes used for fingerprinting? | droithomme wrote: | The above site beachballed and was nonfunctional for me. | | A better site with similar functioning is: | https://panopticlick.eff.org/ | codingmess wrote: | What I don't understand that the user agent for the latest | version of Firefox (on Windows 10) has a similarity rating of | just 0,31%. | ropiwqefjnpoa wrote: | TOR browser on highest security level, javascript disabled and | windowed returns: Almost! (You can most certainly be tracked.) | [deleted] | dang wrote: | A thread from last year: | https://news.ycombinator.com/item?id=19212123 | ggreer wrote: | Sites like this and the EFF's panopticlick err on the side of | saying you can be tracked when that might not be true. | | For example: I visited this same site a while ago with the same | device, and both times it has said I was unique. A new version of | iOS came out, so my user agent changed. Unless sites are also | storing unique data on your machine (through cookies or | localstorage), browser fingerprinting is a crapshoot. This goes | double for mobile devices. | daniel_iversen wrote: | Would I be right in saying that if you use iOS safari (which a | decent number of mobile users use) you are not very unique at all | and any tracking based on browser fingerprinting is pretty | useless? (Or is it the combination of a non unique browser | fingerprint with a slightly more targeted origin IP address from | the ISP) that makes it almost worth/possible trying to identify a | person without cookies? | snailmailman wrote: | I'm surprised at how low the percentages are on my iPhone. It | says only ~35 other people have had the same fingerprint as me. | | I'm running safari, private mode, plus a single content blocker | app. | bdz wrote: | >ANGLE (NVIDIA GeForce GTX 1070 Direct3D11 vs_5_0 ps_5_0) | | Wow I didn't know it reveals the GPU ___________________________________________________________________ (page generated 2020-01-25 23:00 UTC)