[gruez]

>At this point it's possible to fingerprint with CSS alone, no javascript: https://css-tricks.com/css-based-fing

Fingerprinting isn't a boolean state. The more fingerprinting vectors you have the more reliably you can identify users. Therefore having CSS fingerprinting (or any other fingerprinting vector) doesn't really make canvas fingerprinting less bad.

[mysteryDate]

True. Any data the user leaks is data the user leaks and we should work to prevent this. However I don't think people realize just how easy it is to reliably fingerprint users who are blocking javascript and canvas and other web features.

[gruez]

>how easy it is to reliably fingerprint users who are blocking javascript and canvas and other web features.

The key difference is that most of the fingerprinting attributes listed in the article, most are very innocuous and/or easy to change (ie. unreliable for fingerprinting). That includes:

1. pointer type

2. prefers-color-scheme

3. window size

4. @supports

The only other one (local fonts) is interesting, but is still easily changeable and conceivably be mitigated by removing all non-default fonts. This is in contrast to canvas/webgl fingerprinting which fingerprints both the software and hardware parts of your rendering stack, and is nearly impossible to change.

[MomoXenosaga]

Oh I realize. I also realize literally nobody is going to bite the hand that feeds and that this industry is never going to regulate itself.

[VikingCoder]

In the future, everyone is using a 640x480 window into a browser that's completely software stack in a VM that runs at a regulated frequency with a specifically allocated amount of RAM and hard drive space, doesn't accept cookies, and clears cache after every page load.