There's much more that can be used to fingerprint than just user agent. Visit panopticlick.eff.org/ to test yourself.
From the readme page of the fingerprinting library it uses:
List of fingerprinting sources
UserAgent Language Color Depth Screen Resolution Timezone Has session storage or not Has local storage or not Has indexed DB Has IE specific 'AddBehavior' Has open DB CPU class Platform DoNotTrack or not Full list of installed fonts (maintaining their order, which increases the entropy), implemented with Flash. A list of installed fonts, detected with JS/CSS (side-channel technique) - can detect up to 500 installed fonts without flash Canvas fingerprinting WebGL fingerprinting Plugins (IE included) Is AdBlock installed or not Has the user tampered with its languages 1 Has the user tampered with its screen resolution 1 Has the user tampered with its OS 1 Has the user tampered with its browser 1 Touch screen detection and capabilities
Tyler Hill
oh also
Many more fingerprinting sources will be implemented, such as
(in no particular order)
Multi-monitor detection, Internal HashTable implementation detection WebRTC fingerprinting Math constants Accessibility fingerprinting Camera information DRM support Accelerometer support Virtual keyboards List of supported gestures (for touch-enabled devices) Pixel density Video and audio codecs availability Audio stack fingerprinting
Henry Russell
>I read an interesting paper today that proposes undermining browser fingerprinting by sending false information back in response to tracking requests.
Jeremiah Evans
and if you actually read what OP linked to, you'd see that and are both completely relevant.
First link is behind a paywall, but from the second: [code] /* Extracting plugin information */ function getPlugins (){
...
/* JS-based detection of fonts */ function getFontMeasurement(font_family){ ... return [textWidth , textHeight ]; ... function getFonts (){ ... return discovered_fonts;
...
/* Get more fingerprintable information from a user's: - timezone - screen dimensions - math constants - ... */ [code]
Cooper King
This is what firefox should have protected us from instead of becoming a castrated chrome. Fuck Mozilla.
browser fingerprints pretty much everything softwarewise and hardwarewise
DPI, Audio, Mouse, Keyboard
Justin Turner
Anti-tracking software is developing quite fast, but the tracking agencies will always be a step ahead. You'll never be fully indistinguishable, but spoofing your headers and not allowing cookies/js you make it harder for them to reduce the scope.
Samuel Jackson
Random agent spoofer can randomly change many of these.
Carter Young
Take your fucking meds, who gives a shit.
Brandon Wilson
changing user agents a few times with the same ip makes you stand out
Chase Reyes
take your meds user, you are certainly not living in reality
Anthony Sanchez
Delete yourself
Chase King
you got no chance to win
Joshua Morris
I don't see why it has to be that way; I do not think tracking agencies necessarily have to ALWAYS be 1 step ahead. If only we could develop a browser bottoms-up that is totally geared towards privacy while still being able to view web 2.0 sites.
I don't see why that should stop us from annoying the shit out of the ad men. If you are going to lose, drag your enemies with you.
(pic partially unrelated. If the powers that be put a total end to the free Internet, I'd rather live in pic related world without Internet, than in this one.)
Tyler Jones
This qualifies as research?
Most of this requires Javascript, which you shouldn't enable whenever possible.
Asher Murphy
This a million times. Disabling JS will greatly improve speed, security and privacy. What we need is a HTML+JS to static JS-less HTML converter.
Julian Price
Secret Agent addon for Firefox. Even protects against ETAG trackers.
Kill yourself you stupid fuck.
Lucas Fisher
DIsabling JS might make you more identifiable though, because every browser nowadays supports it and everybody keeps it enabled
Parker Clark
Disabling JS and drawing attention to yourself, but not allowing random code to be run OR allowing JS, not drawing immediate attention to yourself and allowing arbitrary JS code to be execute. I'm not sure of the answer, but I still think it's better not to allow them to register how you type or how you move the cursor. That's why there should be a frontend browser that fetches JS, runs it and produces local HTML.
Andrew Powell
Are you the guy who was asking about that in the sticky? I started configuring my machine to set that up actually, if I manage to finish getting it sorted I'll create a thread
Sebastian Clark
No, but thanks for implicitly pointing me in the to 8ch.net/tech/res/605882.html#q609220. It's really interesting, and phantomjs could be used for some very interesting things.
Jaxon Mitchell
Oh wait, you niggers use meme browsers literally nobody else uses, no fucking wonder.
Isaiah Garcia
Are you stupid or trolling? This is about being able to create a very unique fingerprint that can potentially be used to identify you consistently. It takes into account far more than simply your user agent.
I doubt that this can be done in general without effectively implementing Javascript, so we'd have to hope that site authors finally get into graceful degradation.
Some things are really not worth it. For instance, I found that changing the language and quality preferences makes you more identifiable. However, blocking JS kills so much other fingerprinting vectors that it's worth it. I also recommend to use a whitelist for cookies and send no user agent where possible* since you blend in with the plethora of bots.
* Some sites block clients with missing user agents. You may want to try out something like HTTP Header Mangler with a few site-specific rules in that case.
Jeremiah Cooper
Look at it this way: there are few people who wear gloves at all times, but that's still more than the number of people with your fingerprint.
Angel Bell
Who else uses Gentoo Hardened, Xombrero, a tiling WM, Javascript disabled, a VPN and a cryptsetup-LVM root filesystem? That's right, only you. That's how fingerprinting works: if you gather enough data about someone, you will be able to single them out.
Luke Turner
You can't figure out he uses all of that with just a client request to your server. Specially whrn he's got JS turned off
Andrew Howard
say everyone blocks 99% of the fingerprinting vectors and there are still 10000 left in that remaining 1%. fingerprinters will just use vectors within that 1%. choosing to obfuscate rather than block the 99% doesn't get you anything. or am i missing something? this just sounds like another way to add vulnerabilities to the already swiss cheese list of like 5 browsers that exist and people use