[ravenstine]

In my experience, with tools like Cover Your Tracks (apparently this is the new name for Panopticlick), the more you try and thwart fingerprinting, the more unique you appear. Although I still do everything I can to block and filter everything conceivable, I've given up on trying to figure out how identifiable I am on the web because it seems useless. If you don't try then you're identifiable, and if you do then you are probably more identifiable. Whatever.

[tomudding]

I think this can also be a good thing, as long as you also use software which makes sure you have a distinct 'unique' fingerprint for each session.

Not that I am a huge fan of Brave, but I think they have implemented something like this for certain (or all) APIs. You will still have a unique fingerprint, but it should not match to any previous fingerprints you had in the past.

Edit: see https://brave.com/privacy-updates/3-fingerprint-randomizatio...

[noduerme]

Fingerprinting with any accuracy is hard. As a legitimate use case, I had a corporate client who wanted their management software only accessible to sub-management employees from certain on-site locations. And they wanted this without sending those employees through a VPN or having a static IP for each location. So what I allowed them to do was to let a manager clear a given device's browser fingerprint (e.g. on the computer at a certain desk, or the employee's laptop) and be able to manage or revoke access for a limited number of those at a time.

This was fairly secure because even the same employee was unlikely to get the same fingerprint twice - it was only occasionally more convenient than generating a random hash everytime they opened the browser. It became a huge pain for managers to be called constantly on the weekend to remotely reauthorize the devices they'd just authorized a few hours ago, or when chrome suddenly updated itself for half the employees, so eventually we switched to a looser hybrid of fingerprints and local storage.

[vl]

But isn’t this exactly what client-side certificates are invented for?

[noduerme]

Yeah. Maybe out of paranoia, there was concern that a rogue employee could snatch a client side key and reestablish a session from outside. The fingerprinting was aimed at making any attempt at that easily identifiable.

[_fat_santa]

I attack if from a different direction. All these companies want to fingerprint your device and track you for really one reason at the very end: showing you a targeted ad. Now what happens if they can't deliver that ad (because you have an adblocker installed), well all that tracking and fingerprinting they just did is moot, because there's nothing actionable they can do with it.

That's my rather naive opinion, idk am I just being naive?

[caymanjim]

I care a lot less about whether or not I see an ad than I do about the shadow dossier being compiled about me based on my browsing habits. So no, I don't think all the fingerprinting is moot. I'd rather see untargeted advertising than have my personal profile bought and sold.

[judge2020]

Do you have ads blocked on google.com then? Because all ads there are contextual, not personalized.

[AJ007]

That is wrong. Not sure where you got that idea from.

[judge2020]

Search 'hr platform' and you only get ads for HR platforms. At no point will you see totally unrelated ads for stuff you didn't search for, since those will do much worse than contextual ones in the search context.

[shukantpal]

Yeah but if you search for something generic, Google will infer what you are searching for based on your profile.

[kevin_thibedeau]

The problem is all activity gets sold to data brokers who build up a profile on you for future targeting.

[vbezhenar]

Mimic latest iPhone. They are very hard to fingerprint.

[bombcar]

Those anti-fingerprinting tools should make you appear as the most common iPhone as much as possible.

[_hyn3]

What is the most common iPhone? Should the common iPhone browser experience be scaled up to a desktop resolution, or should the desktop browser limit itself to the common iPhone resolution? What about mobile Safari bugs or misfeatures, such as webRTC shortcomings, or CSS bugs, or viewport resizing/scaling/zoom bugs?

There are so many possible variations that it seems like preventing fingerprinting by pretending you're something you're not would be an impossible task and makes you even more unique, not less.

[ipaddr]

You could pretend to be something you are not but if you keep giving the same info everything will be grouped together.

[vmception]

the basicest of basic

live laugh love as the user-agent

[codedokode]

> the more unique you appear

If your fingerprint is unique and doesn't change then yes, you stand out. But if your fingerprint changes on every page load, then you become indistinguishable from other users.

[zrm]

> the more you try and thwart fingerprinting, the more unique you appear.

This is presumably because most people don't attempt to thwart fingerprinting.

If a particular feature behaves differently between the three most common browsers, it can be used to distinguish them. If you disable it, now you don't look like any of the most common browsers, which puts you in a category with a smaller number of people in it.

Solution: Get more people in it by having more people install anti-fingerprinting extensions etc.

[fsflover]

> the more you try and thwart fingerprinting, the more unique you appear.

Not if you use Tor Browser.

[dustymcp]

Then i just get put on another list :)

[beckingz]

You get put on a different list each time. :)

[efreak]

Or you get put on the same list again. And again. And again. The list of users that have only visited once and never came back (because when you came back you were sometime else).

[1vuio0pswjnm7]

"In my experience, with tools like Cover Your Tracks (apparently this is the new name for Panopticlick), the more you try and thwart fingerprinting, the more unique you appear."

In the interest of fair balance, I have had the opposite experience.

"I've given up..."

That's probably what "tech" companies are hoping you will do. I see this response repeatedly on HN when the fingerprinting topic comes up. I am wondering if the persons submitting these replies want others to "give up".

Is there a difference between users wanting to appear "the same" and a desire by users to stop supplying maximum amounts of free data/information to "tech" companies and exacerbating the problem of online advertising and associated surveillance.

If a user sends no fingerprinting data/information, then she might be "unique" because most users are sending excessive amounts of fingerprinting data/information. However, IMO, that is hardly a sound argument for continuing to send excessive amounts of fingerprinting data/information. I subscribe to the general principle of sending the least amount of information possible to successfully retrieve a page. This might be "unique" user behaviour, but I am confident it is the correct approach. The big picture IMHO is that "tech" companies, generally, are trying to collect data/information about users to inform online advertising. Uniquely identifying users is only a part of what they are trying to do.

It is a bit like telling a user to use/not use an ad blocker based on what other users are doing, so as to avoid being "unique". This might help with avoiding "uniqueness" but clearly there are gains to be had from using an ad blocker that are greater than the value of trying to appear "the same" as every other user.

Imagine users are all trying to appear exactly the same, so they embark upon coordinating with each other to make the exact same choices. It stands to reason that the number of choices each user has to make is going to be a factor in whether this is successful.

If every user is choosing to send large amounts of data/information (e.g., using browser defaults), then every user has to coordinate their choices on every single data point or bit of information. The higher the number of "correct" choices each user has to make, the less likely that all users succeed in being uniform. There are more chances for error. Whereas if we reduce the number of data points and bits of information so that every user is only sending one or two headers, with no Javascript, CSS, etc.,^1 then that is far easier for users to coordinate.

1. This has been tested heavily by yours truly for decades. One does not need a graphics layer or graphical browser features to make successful HTTP requests. I am not interested in being "invisible", I am interested in reducing the amount of free data/information I give to "tech" companies. Perhaps there is a difference between wanting to "blend in" and wanting to stop "feeding the beast".

"We do not know anything about User A. It looks like she is using TOPS-20 to browse the internet."

Is User A less or more likely to be unique. Probably more. Is User A a more or less viable target for online advertising. To me, it is the second question that matters the most.

[Animats]

"I've given up... That's probably what "tech" companies are hoping you will do.

You don't have "googlesyndication.com" blocked?

[1vuio0pswjnm7]

I prefer to take an "allow list" approach rather than "blocking". That domain is certainly not one I have any use for and it is not on the allow list. Not much for me to read or download from "googlesyndication.com". The browser I use to read HTML does not auto-load iframes. Iframes are not a "feature" that I find myself needing.

[WalterBright]

One thing you can do is use different computers for different purposes.

[LVDOVICVS]

Just the other day I created a vm on my proxmox server of the Tails .iso. Makes it much easier to fire up rather than reboot something with a USB.

[vkreso]

> the more you try and thwart fingerprinting, the more unique you appear.

That phenomenon is called the Streissand effect

https://en.wikipedia.org/wiki/Streisand_effect