-
-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update!: Browser fingerprinting overview #2119
base: main
Are you sure you want to change the base?
Conversation
1a3e9cb
to
285f9bb
Compare
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as resolved.
This comment was marked as resolved.
7b2841c
to
19d9058
Compare
0a94f3f
to
d80af39
Compare
70077b7
to
a9ab3b3
Compare
✅ Your preview is ready!
|
I originally wanted to write more about this topic, but I think adding this basic overview now will be good, and it can maybe be expanded on later. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two grammar suggestions.
Otherwise, this is an excellent overview! Linking to the Arkenfox wiki for further reading is a wise choice too. I also found their GitHub issues tracker to be a useful resource.
|
||
Many non-experts will claim that using Firefox or enabling its fingerprinting resistance preferences will make you *more* unique, give you *less* privacy, and make you "stand out in the crowd." However, if you instead do nothing at all then your browser will *already* be uniquely identifiable. Thus, the "crowd" of Google Chrome or Safari users these people will claim exists in fact does not, because you can't blend in to a crowd filled with completely unique browsers. A [study](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/cross-browser-fingerprinting-os-and-hardware-level-features/) published in 2017 demonstrated an approach that could uniquely identify 99.24% of users, without even taking into account their IP address. | ||
|
||
==When you are already completely unique, becoming "more unique" is impossible.== In reality, these fingerprint resistance features are generally not meant to make your browser unidentifiable at all, they merely block tracker scripts from collecting certain metrics, which in turn *can* make your browser unidentifiable to certain—but not all—tracking scripts which rely on those metrics. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
==When you are already completely unique, becoming "more unique" is impossible.== In reality, these fingerprint resistance features are generally not meant to make your browser unidentifiable at all, they merely block tracker scripts from collecting certain metrics, which in turn *can* make your browser unidentifiable to certain—but not all—tracking scripts which rely on those metrics. | |
==When you are already completely unique, becoming "more unique" is impossible.== In reality, these fingerprint resistance features are generally not meant to make your browser unidentifiable at all. They merely block tracker scripts from collecting certain metrics, which in turn *can* make your browser unidentifiable to certain—but not all—tracking scripts which rely on those metrics. |
- How fast your computer is[^2] | ||
- And much more... | ||
|
||
Some of these metrics are stronger or weaker than others, your browser window size is a weak tracking metric because it is easily changed, while your fonts or timezone are a stronger identifier because they are relatively static, for example. Combined with—or even without—the tracking factors people typically think of, such as your IP address, tracking cookies, and user agent; metrics like these can easily pinpoint particular browsers across the web. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some of these metrics are stronger or weaker than others, your browser window size is a weak tracking metric because it is easily changed, while your fonts or timezone are a stronger identifier because they are relatively static, for example. Combined with—or even without—the tracking factors people typically think of, such as your IP address, tracking cookies, and user agent; metrics like these can easily pinpoint particular browsers across the web. | |
Some of these metrics are stronger or weaker than others: your browser window size is a weak tracking metric because it is easily changed, while your fonts or timezone are a stronger identifier because they are relatively static, for example. Combined with—or even without—the tracking factors people typically think of, such as your IP address, tracking cookies, and user agent; metrics like these can easily pinpoint particular browsers across the web. |
|
||
</div> | ||
|
||
Many people think their browser fingerprint is a single thing, like your actual fingerprints, a string of characters like `XP2urbkhQIaHyMQYXYv4` that uniquely identifies their browser, and if they can get theirs to match everyone else's they are safe. However, browser fingerprinting actually refers to the broad collection of all the different metrics which websites can use to track you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might just be me, but the first sentence of this paragraph feels a little awkward to read
|
||
Many people think their browser fingerprint is a single thing, like your actual fingerprints, a string of characters like `XP2urbkhQIaHyMQYXYv4` that uniquely identifies their browser, and if they can get theirs to match everyone else's they are safe. However, browser fingerprinting actually refers to the broad collection of all the different metrics which websites can use to track you. | ||
|
||
While many websites or fingerprinting scripts do take all those metrics and hash them into a single identifying string with a fingerprinting algorithm, the algorithms and the metrics they use to create that fingerprint varies between different trackers. In other words, just because one fingerprinting test says your browser's fingerprint is non-unique, or randomized, or any certain thing; doesn't necessarily mean that it will be for every other fingerprinting test or tracker out there, because every method of fingerprinting your browser is different. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While many websites or fingerprinting scripts do take all those metrics and hash them into a single identifying string with a fingerprinting algorithm, the algorithms and the metrics they use to create that fingerprint varies between different trackers. In other words, just because one fingerprinting test says your browser's fingerprint is non-unique, or randomized, or any certain thing; doesn't necessarily mean that it will be for every other fingerprinting test or tracker out there, because every method of fingerprinting your browser is different. | |
While many websites or fingerprinting scripts do take all those metrics and hash them into a single identifying string with a fingerprinting algorithm, the algorithms and the metrics they use to create that fingerprint vary between different trackers. In other words, just because one fingerprinting test says your browser's fingerprint is non-unique, or randomized, or any certain thing; doesn't necessarily mean that it will be for every other fingerprinting test or tracker out there, because every method of fingerprinting your browser is different. |
|
||
There are advantages and disadvantages to each of these approaches, and generally they cover distinct threat models, but all approaches ultimately try to make it more difficult for websites to track you across the internet. | ||
|
||
[Firefox](../desktop-browsers.md#firefox) out of the box takes the first approach, which is to simply block third-party requests to "companies that are known to participate in fingerprinting." This is the *safest* approach, because it results in almost no website breakage, but it also provides the least protection, because it relies on identifying trackers in advance. It also does little to block first-party tracking. You can generally achieve similar results in any browser with an extension that blocks known trackers, like [uBlock Origin](../browser-extensions.md#ublock-origin). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Embedding the link to the blog post from which this excerpt originated
[Firefox](../desktop-browsers.md#firefox) out of the box takes the first approach, which is to simply block third-party requests to "companies that are known to participate in fingerprinting." This is the *safest* approach, because it results in almost no website breakage, but it also provides the least protection, because it relies on identifying trackers in advance. It also does little to block first-party tracking. You can generally achieve similar results in any browser with an extension that blocks known trackers, like [uBlock Origin](../browser-extensions.md#ublock-origin). | |
[Firefox](../desktop-browsers.md#firefox) out of the box takes the first approach, which is to simply block third-party requests to "companies that are [known](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting) to participate in fingerprinting." This is the *safest* approach, because it results in almost no website breakage, but it also provides the least protection, because it relies on identifying trackers in advance. It also does little to block first-party tracking. You can generally achieve similar results in any browser with an extension that blocks known trackers, like [uBlock Origin](../browser-extensions.md#ublock-origin). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should probably be a footnote instead.
This pull request has been mentioned on Privacy Guides Community. There might be relevant details there: https://discuss.privacyguides.net/t/mullvad-browser-fingerprint/22931/17 |
This pull request has been mentioned on Privacy Guides Community. There might be relevant details there: https://discuss.privacyguides.net/t/browser-fingerprinting-tracking-overview/12250/10 |
This pull request has been mentioned on Privacy Guides Community. There might be relevant details there: https://discuss.privacyguides.net/t/extensions-and-fingerprinting/23394/3 |
Changes proposed in this PR:
Please do not add any suggestions or reviews correcting grammar or wording until this PR is undrafted, it will only waste time. This draft PR is only open to accept suggestions about what information needs to be incorporated on this page.