this post was submitted on 27 Dec 2024
60 points (96.9% liked)
Privacy
32506 readers
1223 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Is there no way to spoof that I'm using one of those without actually using them?
Spoofing is a whole hell of a lot easier said than done. Content delivery networks like Akamai, Cloudflare, etc. all know exactly how different versions of different browsers present themselves, and will catch the tiniest mistake.
When a browser requests a web page it sends a series of headers, which identify both itself and the request it’s making. But virtually every browser sends a slightly different set of headers, and in different orders. So Akamai, for example can tell that you are using Chrome solely by what headers are in the request and the order they are in, even if you spoof your User-Agent string to look like Firefox.
So to successfully spoof a connection you need to decide how you want to present yourself (do I really want them to think I’m using Opera when I’m using Firefox, or do I just want to randomize things to keep them guessing). In the first case you need to be very careful to ensure your browser sends requests that exactly matches how Opera sends them. One header, or even one character out of place can be enough for these companies to recognize you’re spoofing your connection.
One of the points of Libre Wolf is to make you unique, but each session should be unique.
You can find some additional setting tweaks here: https://librewolf.net/docs/settings/
The "letterboxing" feature is an additional uniqueness feature you could consider enabling.
I'm particular you could check your result in this experiment: https://fpresearch.httpjames.space/
Try it in both normal and in a private tab, then record those results, reopen Libre Wolf, and try again.
Can you explain what I'm supposed to be looking for in that .space link? What's the server code and client code? Am I trying to see if the emojis and number at the bottom changes when I reopen the site?
So server code is your fingerprint based on what a server is able to see. This would be your fingerprint with JS disabled, essential. Client code is the JS generated fingerprint.
For the emojis I have no idea.
So, if I have the same client code and a different server code, I'm followable only as long as I have JS enabled?
So .... Again, what is the point of this test, lol. What am i looking for? It seems like no one actually knows what the hell this test is showing, lol. Idk why it was posted if no one knows what it's showing? Do you know what I'm supposed to be looking for?
The test is simply showing two fingerprints for your browser. One, the server fingerprint, is one that any tracker can see. The other, the client fingerprint, is what can be used if you have Javascript enabled.
Instead of inundating you with test results, this one is simple - check to see if your fingerprints change between browsing sessions. If they don't change, that means you can be tracked. In which case you can mess with settings and try again.
Mine appears to change each time between browser sessions on a semi-hardened firefox. No clue what the bottom section means though.
The bottom result (the % certain one) is just a fuzzy match of similar fingerprints AFAICT.
Cool. Thanks. I'm a bit confused because it seems like people are saying that normal Firefox won't protect you against this, but it does indeed seem to if you use the strict privacy setting which blocks both known fingerprinters and suspected fingerprinters.
Edit: hm nevermind. Sometimes it appears to change the client code, sometimes it doesn't.
So should both the server and client codes change each time you reopen a new browser session? Or just the client?
Both should if your goal is to not have a reusable fingerprint (which for a privacy focus would be). Server should change more frequently since it has access to less information about the browser. Server based fingerprinting is fairly unreliable, client side uses Javascript to generate more bits of unique data.
Lol for some reason my server fingerprint won't budge but the client seems to change between 2 or 3 different ones.
Then another person I asked to try it said his client stayed the same but the server changed.
librewolf hopefully supports changing user agents. if not, uninstall it