This ones my fave: https://amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you’re unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
Yay, I’m completely unique! I won!
Wait a minute
TIL LibreWolf randomizes some fingerprinting targets.
Yes and it will appear unique every time because every visit is using a different combination.
You’ll be unique be less trackable.
i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i’m ultra unique:
Yes! You are unique among the 5084762 fingerprints in our entire dataset.
Somehow safari on an iPhone is also unique.
Check next week or in a new private tab now, prob be unique then too—think Apple’s fuzzing/reporting some noise/junk data for us.
Canvas:
& WebGL:
gotta be noisy, here’s hoping!
Look at my epic WebGL render:
Attribute number 1 already says 0%. We’re done here.
They basically asked for your name, birth date, and mother’s maiden name, and your browser just gave it to them and offered even more.
Is there no add on, for Firefox, for example, to stop or confuse fingerprinting?
Any suggestions?
For Android.
About:config doesn’t work on my android Firefox.
I should switch.
My Mum always said I was unique.
Now I have proof!
Just being in Australia, and setting the timezone correctly gets you to below 0.6%
😒
that’s pretty comprehensive, and similarity ratios show how easy it is to create a unique fingerprint for somebody if you hash a few of these metrics together for example.
I am unique cause I set language to EN-GB :D I guess their dataset is us centric
Same here with en-au, and my fucking timezone.
I like clickclickclick.click
The percentage of, normally, privacy-aware people
I am a unique signiture but it also got my OS wrong and couldn’t get my time zone
Y’all I think I won privacy
dang, even with vanadium on graphene i am very uniquely identified. I suppose it can’t be helped these days.
all trackers hate this one trick
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
Nothing makes you more unique than being one of the few people who disable java script
Better a known locked door than inviting them into your home
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
You know it’s just counting the change in acceleration in your phone’s gyroscope chip or whichever it is. If you are typing something the phone “moves” twice with each swipe.
This page is just putting numbers it’s collecting from your phone into a template paragraph.
Thanks! I’ll have to keep an eye out for those things.
AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn’t necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
deleted by creator
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??
The opsec implications are severe.
Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose
Well maybe fingerprint duplication, some secure proxy provides a profile to follow/ plugin to install and all their customers look identical. Still gets your traffic pegged as a customer of that service.
The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.
Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.
depends on the isp, my router has its own adress on the iternet
couple of friends have a different isp that layers it users behind multiple nats so half the city would show the same ip on a website
Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!
And yet here they are showing me their webpage in darkmode 😒
Well they did say they don’t use the information 🤣
Really interesting and slightly scary, thanks for sharing!
I prefer https://www.deviceinfo.me/
Interesting that this one doesn’t detect my battery (says it’s blocked) but the one OP posted can see it
It seems to be based on how the website is interpreting the browser. I got mine correct but with the battery mentions Firefox and a removed API. I wasn’t using Firefox.
iOS and the browser I use block a lot of stuff from being visible, interesting!
I get a blank page?
Funny how websites can read the gyroscope. It can also be used as a microphone. https://crypto.stanford.edu/gyrophone/
Madness! This should entire shit show should incur a stalking charge. It’s disgusting this is even allowed.
It sounds like an Android/Google issue. The website told me that it could not read my gyroscope because I’m on iOS and Apple has not allowed websites to read it since 2019.
So a prettier and minimal version of https://coveryourtracks.eff.org/ ?
Kinda like they feed Cover Your Tracks to an LLM’s template so you can experience the data in narrative form
(No LLM used when you visit the site, just when they built it, is what I’m guessing here)
This is a much more detailed, less “fear mongering AI” version of the other website. Thanks for sharing!
Well too bad!
🗿
the data is still there tho
Can’t trust vibecoded website tbh cause they’re just saying BS there, as longest the javascripts off, it wouldn’t be able to obtain the obvious data of your devices
You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
Looks like the demo is open source: https://github.com/fingerprintjs/blog-nojs-fingerprint-demo
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
If you’re referring to browser user agent, then yes it’s trackable but other than that it is useless with no JS cause it can’t access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don’t use “most browser” like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
You can still fingerprint a user based on CSS features.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/#css
Whoops, I dunno why it’s formatted weirdly
Because it’s AI-slopped.
How do I turn off JavaScript?
Well they tried
Yeah that was the one part they were way off on for me
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
Enable the kill switch in the VPN settings of Android
Your screen is 360 by 640 pixels, rendered at 4x density — which means it is almost certainly a recent, high-end display
GUESS AGAIN, IDIOTS!
I definitely have misleading information on there, which is great, but I probably need more.
Does it matter for fingerprinting if the information is misleading? Unless it’s changing dynamically I guess it’s still helps in identifying a user
Yeah, I think there are two problems. One issue is that they profile users both for ads and manipulative algorithmic content, and I’d like them to profile me incorrectly in most cases (except like they are less likely to try to sell people on linux things, that’s a great thing I’d like to keep in the profile). The other issue is that they follow individual users using this fingerprinting, again this can be used both to sell things and to manipulate, but it’s a tad creepier since it tracks how you’re unique even compared to people superficially similar to you.
Ideally, I’d like some extension where I can look at values and either keep them, set them, or randomize them.
I’m glad it acknowledges explains the impacts of anti-fingerprinting measures. I’ve seen some others assume that a random canvas is unique rather than one of the many people randomising it the same way, leading to a false “unique” assessment.
Your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work. The substitution is itself distinctive.
Your browser masked your graphics processor. Firefox and Safari have started returning generic strings — “Mozilla”, “Apple”, “or similar” — instead of the real renderer. The fact that yours did so tells us, with reasonable confidence, which browser you are running. The mask is also a fingerprint.
I like that they covered all the possibilities for the do not track flag, as I saw it as useless from the very start, as by then I realized the honour system didn’t mean shit and it would just be another piece of data.
