[HN Gopher] Am I Unique?
___________________________________________________________________
Am I Unique?
Author : csomar
Score : 130 points
Date : 2020-01-25 20:45 UTC (2 hours ago)
(HTM) web link (amiunique.org)
(TXT) w3m dump (amiunique.org)
| hmexx wrote:
| My fonts alone makes me pretty unique it seems (<0.01%). 180 or
| so fonts that the browser is happy to share with the world. Does
| seem a little unnecessary.
| mNovak wrote:
| Qwerty keyboard layout yields 0.7% uniqueness? Do other browsers
| just not declare this?
| mikenew wrote:
| Apparently I'm the only person in the world using
| linux-5.4.14-zen with a Radeon VII. Which would be kinda cool if
| that information wasn't being broadcast to every site I visit.
| zamadatix wrote:
| Interestingly this led me to notice Firefox limits hardware
| concurrency to a max of 16, changeable in about:config via the
| key dom.maxHardwareConcurrency
| michaelhoffman wrote:
| The irony in using the "Do Not Track" attribute to track users is
| delicious.
| fragsworth wrote:
| I appreciate that you pointed this out, I would have missed it.
|
| Brilliant and terrible.
| jdc wrote:
| Is it just me or would people rather be able to spoof or disable
| these fields without drudging through thousands of lines of C++
| code?
| zamadatix wrote:
| Most of these fields you don't want to disable or spoof because
| either it breaks your web experience (imagine images randomly
| not loading because you spoofed your headers and the server
| thinks your browser supports .whatever or because you emptied
| the list and the server doesn't know what to send) or because
| it makes you unique (having your build id be "" is certainly
| more unique than whatever others actually use).
|
| The tests you can spoof like the canvas fingerprinting where it
| doesn't break the canvas and the results are already so spread
| out being unique isn't an identifier itself are already built
| into a lot of browsers. The site doesn't really acknowledge
| this though, it just says "you're unique" without checking if
| it's a different unique value each time in which case it
| doesn't identify you at all.
| michael-ax wrote:
| However, your full fingerprint is unique among the 1545859
| collected so far.
| anidea01 wrote:
| Great idea! Targeted advertising is really upsetting. If we take
| it one step further:
|
| 1. Find out the top non-unique fingerprint [of the year.]
|
| 2. Create a Firefox add-on (or modify Firefox source if an add-on
| is not powerful enough), which uses the most non-unique
| fingerprint [this year.]
|
| 3. Targeted advertising ends for those who use the plug-in/add-
| on.
|
| It's a cat and mouse game as fingerprint parameters keep
| increasing, but I think it's possible to win this one.
| MivLives wrote:
| The problem with this is the less unique you are, the more you
| start looking like a bot. The more you look like a bot the more
| times you have to do things to prove you aren't, like captchas
| anidea01 wrote:
| True.
|
| But I only care about filling captchas on say banking
| websites, which is approximately happens once a month.
|
| The rest, I just close the tab: the content never worth it.
|
| The most obnoxious ads don't care about captchas, they just
| blast you with ads from your previous search
| keywords/browsing history.
|
| p.s. Would the amount of captchas reduce if we take not the
| top most non-unique fingerprint, but say "slightly below
| average"? It will be still severely non-unique for ads
| purposes.
| twelvechairs wrote:
| This is Google's strategy to defeat privacy in a nutshell
| TTPrograms wrote:
| A better solution would be to scramble parts of this
| fingerprint for each domain.
| wizardforhire wrote:
| a small price to pay for anonymity
| jammygit wrote:
| What terrible browser design to send all that data. I would never
| have imagined my computer was sending all that off 10 years ago
| gowld wrote:
| It's doesn't "send the data" so much as "a general purpose UI
| platform cannot work unless a program knows the configuration
| of the UI". The idea that your complex computing environment
| could have an arbitrary complex conversation with an app, and
| not expose its identity, while perhaps desirable, it
| impractical.
|
| You can browser behind a generic user-agent firewall, but
| you'll get a severely degraded experience that treats an Apple
| watch the same as a desktop workstation.
| rovr138 wrote:
| Using the user agent string for this is not needed and is not
| common now for new projects.
| skybrian wrote:
| Standardization on only a few design variations might fix
| this? People would complain about monocultures, though.
| brundolf wrote:
| I've heard of a similar phenomenon where hackers probing a
| system can fingerprint different software stacks based on what
| they get as responses to different "undefined behavior" inputs.
| Anything that communicates with the outside world is
| intrinsically giving up some information about itself.
| milofeynman wrote:
| Alright, so how do I fix the unique ones like Canvas?
|
| Edit: To block canvas fingerprinting I set
| `privacy.resistFingerprinting` to true in Firefox's about:config.
| Now I am trying to figure out how to disable the font list and
| Media devices, etc.
| mattmein wrote:
| What does it mean that I have a unique user agent? I just use
| normal brave browser.
| trashcan wrote:
| Most likely that it isn't very common. Mine said <0.01% for the
| Brave user-agent.
| kzrdude wrote:
| Firefox developer edition / windows ranks at 0.02% :)
| Hamuko wrote:
| "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0)
| Gecko/20100101 Firefox/72.0" (mainline Firefox) is
| apparently 0.02% as well.
| dantle wrote:
| Are you sure you're looking only the "User Agent"? The text at
| the top is describing your entire "browser fingerprint." It
| includes everything the server could gather from you. Including
| cookies, browser version, width/height of the window, etc.
|
| In case it's not clear, uniqueness should be seen as bad in
| this case. It means you can be tracked.
| Mirioron wrote:
| I'm also getting unique useragent with Brave.
| dantle wrote:
| I'm using Brave and my useragent is not unique.
|
| Version 1.2.43 Chromium: 79.0.3945.130 (Official Build)
| (64-bit)
| filoeleven wrote:
| No idea what it means, but I am also curious. I literally just
| installed Brave on IOS before checking it out, so I tried it on
| IOS Chrome and the fingerprint was still unique.
|
| I think it might just mean that we leak waaaay more data than
| most of us realize...
| ubercow13 wrote:
| My user agent also says 0.16% similarity and I'm just using
| safari on an iphone. How can that be?
| Zenbit_UX wrote:
| There's more than one iPhone, more than one IOS version and
| more than one version of safari. Multiply the odds of someone
| having your exact setup AND browsing this site.
| codingmess wrote:
| I get just 0,31% similarity rating with the latest Firefox.
| mynegation wrote:
| I hope it is a joke (pretty good one if it is), but on an off-
| chance it is not: it is entirely plausible that you are the
| first Brave browser user to visit the site (or at least Brave
| of that version).
| thatcat wrote:
| Not a joke, panopticlick by eff does this too and explains
| how it works.
| Mirioron wrote:
| I am unique through the useragent. Apparently Brave and Chrome
| both put the device model of your phone into the useragent
| string. It also contains your OS version and Chromium version. I
| guess those three points alone are able to very significantly
| narrow you down.
| arkadiyt wrote:
| Chrome published an intent to freeze the user-agent string:
|
| https://groups.google.com/a/chromium.org/forum/#!msg/blink-d...
| idclip wrote:
| Im unsure why all that data is needed when i simply visit a
| website to read stuff or watch stuff on youtube. Is it really
| necessary?
| cies wrote:
| Nope. Not at all. There is a browser[1] that tries to hide
| this stuff for you (it's the FF-derived TOR browser w/o the
| TOR bit). That should be a good start.
|
| 1: https://www.whonix.org/wiki/SecBrowser
| notatoad wrote:
| What does it mean when i load the test, and it says i'm unique,
| and then i go back five minutes later without changing anything
| and it says i'm still unique?
|
| are they tracking that i've run the test before, verifying that
| i'm me, and telling me i'm still unique, or is my fingerprint
| differing between two subsequent tests?
|
| also, i'm suspicious about some of these values - only 0.13% of
| people have a querty keyboard layout? Only 7% of tests have no
| gyroscope? That doesn't sound right.
| codingmess wrote:
| It says they set a cookie for 4 months.
| [deleted]
| runninganyways wrote:
| Good news! I am unique. My experience is valid. I really needed
| to hear this.
| cle wrote:
| Is there something actionable I can take based on the results of
| this page? E.g. is there some Firefox add-on that obfuscates
| attributes used for fingerprinting?
| droithomme wrote:
| The above site beachballed and was nonfunctional for me.
|
| A better site with similar functioning is:
| https://panopticlick.eff.org/
| codingmess wrote:
| What I don't understand that the user agent for the latest
| version of Firefox (on Windows 10) has a similarity rating of
| just 0,31%.
| ropiwqefjnpoa wrote:
| TOR browser on highest security level, javascript disabled and
| windowed returns: Almost! (You can most certainly be tracked.)
| [deleted]
| dang wrote:
| A thread from last year:
| https://news.ycombinator.com/item?id=19212123
| ggreer wrote:
| Sites like this and the EFF's panopticlick err on the side of
| saying you can be tracked when that might not be true.
|
| For example: I visited this same site a while ago with the same
| device, and both times it has said I was unique. A new version of
| iOS came out, so my user agent changed. Unless sites are also
| storing unique data on your machine (through cookies or
| localstorage), browser fingerprinting is a crapshoot. This goes
| double for mobile devices.
| daniel_iversen wrote:
| Would I be right in saying that if you use iOS safari (which a
| decent number of mobile users use) you are not very unique at all
| and any tracking based on browser fingerprinting is pretty
| useless? (Or is it the combination of a non unique browser
| fingerprint with a slightly more targeted origin IP address from
| the ISP) that makes it almost worth/possible trying to identify a
| person without cookies?
| snailmailman wrote:
| I'm surprised at how low the percentages are on my iPhone. It
| says only ~35 other people have had the same fingerprint as me.
|
| I'm running safari, private mode, plus a single content blocker
| app.
| bdz wrote:
| >ANGLE (NVIDIA GeForce GTX 1070 Direct3D11 vs_5_0 ps_5_0)
|
| Wow I didn't know it reveals the GPU
___________________________________________________________________
(page generated 2020-01-25 23:00 UTC)