Researchers develop cross-browser fingerprinting technique

Because marketers need to datamine every last shred of data they can get target annoying ads at you for shit you will not be buying.

VPNs, Tor, proxies, I2P — all of them make it non-solution.

Which are also very thoroughly checked for security vulnerabilities by their authors, and in time. Yeah, that is a real solution, for sure.

Yeah. How come an ad blocker don't block JavaScript like a JavaScript blocker? It's almost like the uBlock guys want to shill uMatrix to me.

Also, don't worry. With NoScript, the tracking bugs are just installed on your Firefox as a plugin. :^)

What's the best way to do this? I've regexed the hosts files from uMatrix into 12000 lines of:
zone "doubleclick.net" { type master; file "pri/empty.zone"; };
It works, but it doesn't feel right.

At the router.

WHAT THE FUCK, WHY THE HELL WOULD YOU DO SOMETHING SO RETARDED!

YOU CANT CATCH ME IM THE GNU+LINUX MAN!

Ok
Listen user in umatrix if you go in the upper left of the interface there is the domain name you're on, you can click on it and it will show you this (see pick related)
Select the "*" and block everything except css and images.
Then when you go on a website you just have to authorize what you need.
This is the best rules you can have.
Block everything, authorize little.

That still allows google and whoever to track you through beacons and shit.

Pic related are the correct settings. Optionally disable scripts too. You may have to enable a cdn domain every now and then, but that's not a big deal since if that's the case then you probably have to enable scripts and other shit too to get the site to work.

They can track you either way, the only way to be really not tracked is using Tor or a safe VPN/VPS.

How else are we supposed to profit off of your data, you dumb goy?

This is one thing that even current version of Tor Browser can't escape from. If you enable javascript, audio fingerprint will instantly make you unique.
browserprint.info/

lol stupid fucking neckbeards playing with DNS

For most people IP is probably more reliable than fingerprint. People change their hardware more often than they switch ISPs or move.

Those are all very uncommon. Putting the tinfoil aside for a second, the main market for these things is targeted ads. They can already track 99% of normies very easily. Why bother doing a ton of work just for the last 1% of autists who won't buy anything anyway?

Time to use icecat and use that disable js button

Do you seriously think you can even identify people via IP? Not only do multiple people share one (most of the time one per household), portable PCs exist now (usually thy call them a "laptop", but there are other variants as well).
It's waaay way way more easier to identify a user by their system. How often do people reinstall their OS? Only distro-hoppers do it often enough, and they are a minority.

Fuck.

Dude, how else are we going to make native apps in the browser??? Get with the times, grandpa!

This man has it. Whitelist instead of blacklist.

Courts have declared that IP alone is not enough in identifying a person.

retard

are you paid to be this pathetic?

This. By default I disable everything besides 1st-party, and in 1st-party I disable cookies and scripts additionally. It's not like the other data on the 1st-party site is executable code and/or can be used to track my. 3rd-party requests of any kind can, however.

Lynx/Links already gives you pretty unique user agent, so there's no need for fingerprinting.

really needs explanation

But their analytics scripts don't even run. They would have to manually co-relate web access logs, which they probably aren't doing.
Also I have many of those analytics sites blocked at the DNS level. But ideally I want to implement a system where the only http connections that happen are the ones I explicitely request, so it will probably involve a local proxy.

I am guessing he means something along the lines of your speakers and microphone being used to build up an audio fingerprint of your room, where they pulse specific frequencies and listen for the reflections off walls and objects.

Fuck.
Just tested this with Pale Moon, Firefox, Chrome and IE. Besides the fact that on IE it took like 5 times as long as with the others (kek) the fingerprint was the ALWAYS same. Fuggggggg.

Well, there is the whole infrastructure for that, grandpa.
Your ISP and any major hosting provider log HTTP request headers and mine them later for shekels.

Stallman already wrote that.
git://git.gnu.org/womb/hacks.git

uMatrix doesn't block this site's scripts by default. Any other site could use the same scripts and it would just make the numbers in that row on uMatrix higher. To even use this hypothetical site you would have to enable the site's scripts or leave them enabled.

...

Firefox exposes a Javascript api that allows information about how your computer processes audio to leak details, like a side channel.
I changed my user agent to see whether it could guess what I was using. It knew I was on a different OS and guessed my browser correctly. It's kind of crazy, and apparently in Firefox 51 there will be an option to turn this JS AudioContext api off.

If you don't allow JS it's kind of a non-problem, but not really because there are very few sites which don't require it to work properly.

There's quite a lot of sites you can still navigate without JS, even though sometimes it's more ugly that way. web.archive.org for example (heck, just archive.org itself).

I doubt it, ISP where I live aren't legally allowed to do that.
And I worked for a pretty large online ecommerce provider, and those web logs were not sold. They made enough money in their business that spending effort for some pennies wasn't worth it. But you have to watch out for sites whose business model is built on that data-gathering (google, facebook, etc.)

I'll never understand how we allowed that annoying thing that let idiots put image trails behind our mouse pointers become such a huge problem. JS has just been a constant problem from the start. As soon as people started moving to AJAX I knew we were going to be in trouble but I still expected something to come a long to replace it. I went a long with it because "meh it's a hack we'll fix it later".

Webdev is just fucking cancer. I got out a long time ago and I'm happy for it. The stuff I see people getting away with now just makes me sick. There is no effort, there is no quality control, no one gives a fuck anymore.

...

If you were paid $10/day and pooing in the streets, would you?

Why has JS not been forked to remove all of the data/ip leaks?
computer illiterate here

Why hasn't JavaScript been abandoned?

How long does this shit take? It's frozen at fingerprinting my GPU.

Ends up it was uMatrix that was fucking it over, even turned off it still got the CPU wrong.
It doesn't give a shit about Agent Spoofer though.

WebDev Genocide When?

You don't need to fork JS. The language, albeit gay, is not inherently botnet.

The problem is the JS engine of your browser. When pajeet.com tries to run a script that calls get_hardware_fingerprint(), it is your browser that dutifully accepts and provides a nice fingerprint. Instead the browser should lie by giving out nothing or a ranodm generic fingerprint, just like UserAgent spoofing works already.

You'd need to fork a browser to do it. Or if you know what you're doing you could just fork a JS engine and let existing browsers use it. Of course it would never happen because everyone who writes browsers is in bed with these assholes.

Back in the day we had ActiveX for IE, IIRC it let the applet in your browser to fuck with all sorts of shit on your computer. Tons of government and corporate winboxes got utterly pwned just from going to a link, which is what led to ActiveX disappearing overnight and Java and JS being somewhat sandboxed. So if you want major browsers to have privacy-friendly JS, you're waiting for some hacker to find a way pwn big organizations through these JS leaks. The normies will as usual overreact and fall into panic, and demand complete isolation and neutering of web JS.

It's Chrome that should be abandoned.

Noscript and uMatrix seem to be able to stop the test from functioning, though I still took the step of disabling webgl.

No it should not you faggot. It should not be capable of giving this information to begin with.

but then we won't have pletty glaphics :(

the only solution i see to this problem is for browsers to limit cpu, gpu, audio, whatever to a standard that is the same for everyone so it can't be used for fingerprinting.

i think a bigger problem is cia/nsa having access to your computer through an extra cpu embedded in new cpus if they can get your ip. that is completely insane, and noone is talking about it.

Correct. JIT compilation in the browser was a mistake.

Efforts to remove botnet from sandy/ivy bridge are ongoing. RISC-V unfortunately remains in its infancy.

Yeah i don't know if this thing will ever replace the cpu in my comp.

Maybe we should meme the russians to actually make a competive cpu; they already switched to linux because they hate the evil usa. It could be a good business venture for them.

Would eventually be just as bad as cucktel

Still, may be worth a try, user.

maybe the next time the russian ambassador memes on twitter we could reply with info/meme how cia/nsa has access to your computer through an extra cpu and how Russia is missing an oppurtunity of being Stronk. He could do something perhaps :|

i dont have twitter. should i get it?

They could call it the Anti Empire Chip. Missing out on some great propaganda possibilities here...

Makes sense. It was written by that Russian hacker Linyos Torovoltos after all.

[[[finnish]]]

That's luddite logic anons. I for one would be perfectly happy if browser tech stagnated, but the problem is that this creates an attack vector on the community where normies are constantly tempted to give up some security for features. The real solution is to provide the features with good security, so that botnets have nothing more to offer and tempt normies.

is the best solution but creating a new standard requires cooperation from most of the developer ecosystem. In the meantime we can just march towards that if independent FOSS browsers started broadcasting a fake profile (still compatible with your real hardware) by default, and not broadcast at all if that doesn't break sites. It will become a de facto pre-standard that enables eventual adoption of the real standard. Simple boycotting is unlikely to work because too few people are dedicated enough to actually give up the service. What you need is the small minority of competent developers to provide a means for the masses to passively fight it with little effort. See: Adblockers.

Yeah, instead of having one tracking chip and suing the journalist who talks about it, we can have three redundant tracking chips and you never hear about it because the journalist who was about to break the story died in a tragic accident polonium poisoning accident.

Why aren't liberals memeing "the government is using your own computer to spy on you and catch illegals and muslims" yet? People used to say we're just worried because we're racist nazis when Obama was president. Well now the president hates them too, are they going to finally learn?

No

Let's not let this one slide to oblivion.