2019-12-09 - Browser fingerprinting
-------------------------------------------------------------------
So after my last post i've been reading a bit more on browser 
fingerprinting. And currently the conclusion is; Woah, the tracking 
possibilies are even worse than i imagined them to be. 

I've enjoyed playing around with the sites browserleaks.com and 
amiunique.org. 

Over here, i learn that with Javascript enabled, it is possible to 
read battery status information through the battery api. I mean... 
COME ON!! Why on earth???  

https://www.w3.org/TR/battery-status/

The reason appears to be that it is handy for mobile uses and "app" 
developers whose apps are simply wrappers around webpages. And yes, 
for that use-case it is probably handy.... But it also messes up 
peoples privacy majorly.  As written earlier, i don't want to 
provide this type of information when browsing on the www.

Besides battery life, with Font fingerprinting, specifics on my 
installed fonts and the way they are rendered locally can be 
measured in detail. Giving a very device specific fingerprint.

Using the Canvas fingerprinting allows for the creation of a unique 
hash based on how your specific device's graphic card and driver 
plots pixels. 

With JS a whole bunch of browser features can be polled. For 
example to see if my browser supports a certain css feature (for 
example box-shadow or flexbox). The browserleaks site shows a nice 
example how a unique hash can be built based on this information.
 
In addition, with JS, my browser leaks information about my 
installed plug-ins, and through WebRTC information on my media 
devices (camera, microphone). It spills information on supported 
webGL specifics (again giving more information on my video card)


So all in all, the conclusion is; You WILL leave unique 
fingerprints when browsing the worldwide web with a modern browser. 
(Even when disabling Javascript altogether, because you will become 
a fairly unique little snowflake if you do that) 

In addition to this: You WILL be tracked. And honestly that sucks.

I do not understand why browser builders are the frontrunners to 
add all these nonsense features (like the battery life api, or 
geolocation, usb-access, or file-system api's), while at the same 
time they stumble over eachother to brag how their browsers are the 
best for maintaining privacy....

For the www, i'd like to see a no-frills browser which renders 
modern html, where all this poll-back telemetry nonsense is 
removed completely. So where the browser simply sends a very 
minimal http request, and the server returns a reply...

Anyway, digging through all this nonsense, makes me appreciate 
Gopher more and more :)