Definitely have to use each model for your use case personally, many models can train to perform better on these tests but that might not transfer to your use case.
"Ad blockers" nowadays do much more. From the horse’s mouth, which describes itself as a “wide-spectrum content blocker” [1]:
“uBlock Origin (uBO) is a CPU and memory-efficient wide-spectrum content blocker for Chromium and Firefox. It blocks ads, trackers, coin miners, popups, annoying anti-blockers, malware sites, etc., by default using EasyList, EasyPrivacy, Peter Lowe's Blocklist, Online Malicious URL Blocklist, and uBO filter lists. There are many other lists available to block even more [...]
Ads, "unintrusive" or not, are just the visible portion of the privacy-invading means entering your browser when you visit most sites. uBO's primary goal is to help users neutralize these privacy-invading methods in a way that welcomes those users who do not wish to use more technical means.”
I'd like to install uBlock Origin, when I try, Chrome warns it needs the permission to, "Read and change all your data on all websites". That seems excessive, to give that much power to one extension. I currently use no extensions to keep my security posture high.
I never get the fear behind extensions, at least not to the level where you wouldn't use an open-source extension that's extremely well vetted. And even if that isn't good enough for you, choosing to browse the web without using a content blocker is a far, far greater security risk.
Appreciate the clarification, I would clarify to say the origin story of Ad blockers are ads, and the underlying behaviours may not capture everything that fingerprinting may do where people don't advertise.
Ublock is great, but I am finding fingerprinting that gets past it and that's what I'm referring to.
I use uBlock Origin with basically every filter list enabled on Brave with their default blocker enabled. I just confirmed that this does not prevent the script from loading and scanning extensions. The browser tools network tab on LinkedIn is absolutely frightening.
NoScript will prevent that script from loading and scanning extensions. JS is required for almost all fingerprinting and malware spread via websites. Keeping it disabled, at least by default, is the best thing you can do to protect yourself.
According to the EFF fingerprinting website, Firefox + uBlock Origin didn't really make my browser particularly unique.
But turning on privacy.resistfingerprinting in about:config (or was it fingerprintingProtection?) would break things randomly (like 3D maps on google for me. maybe it's related to canvas API stuff?) and made it hard to remember why things weren't working.
Not really sure how to strike a balance of broad convenience vs effectiveness these days. Every additional hoop is more attrition.
fingerprint.com seems to be some fingerprinting vendor, they don't even offer a demo without logging in. https://coveryourtracks.eff.org is EFFs demo site is non-profit and doesn't require login
I have a lot of browser extensions running and am using Brave as my browser. I have their built in adblocker enabled as well as some of their privacy features turned on in the settings. I am also using a self hosted adblock instance for my DNS servers. I actually appear as random and not unique which is really nice to see. I know Brave does intentionally lean on some of the privacy side of things and it also has options to specifically prevent sites from fingerprinting by blocking things like seeing language preferences. I have to assume it is also doing some things in the backend to try and prevent other fingerprinting methods.
It is not telling you that the test site has never seen you before, because the eff isn't storing your fingerprint for later analysis and tracking
It could actually tell you about which real tracking vendors are showing you as "Seen and tracked" so it's pretty annoying they don't do that.
If that site shows you as having a unique fingerprint, I guarantee you are being tracked across the web. I've seen the actual systems in usage, not the sales pitch. I've seen how effective these tools are, and I haven't even gotten a look at what Google or Facebook have internally. Even no name vendors that don't own the internet can easily track you across any site that integrates with them.
The fingerprint is just a set of signals that tracking providers are using to follow you across the internet. It's per machine for the most part, but if you have ever purchased something on the internet, some of the providers involved will have information like your name.
Here is what Google asks ecommerce platforms to send them as part of a Fraud Prevention integration using Recaptcha:
> the EFF isn't storing your fingerprint for later analysis and tracking
Yes they are, quoting that very page:
> Your browser fingerprint appears to be unique among the 312,935 tested in the past 45 days
So clearly they store the information for at least 45 days. This raises the question what they actually mean by unique. If I change my IP and re-test, I get the same
> Your browser fingerprint appears to be unique among the 312,941 tested in the past 45 days
So does that mean that my fingerprint changed, and they can't track me anymore? Or do they mean to tell me that they still track me and I'm still as uniquely identified.
Their methodology and linked articles does not seem to answer this [0] [1]
It's all very complicated, because the fingerprinting needs to be unique enough to identify you while still being "persistent" enough not to identify you as somebody else if you change just one bit of it.
This could be easily inferred from the depth, breadth, and interconnectedness of data in the website.
By downplaying it, it's allowing it to exist and do the very thing.
The issue here is this stuff is working likely despite ad blockers.
Fingerprinting technology can do a lot more than just what can be learned from ads.
From the site:
"The scan doesn’t just look for LinkedIn-related tools. It identifies whether you use an Islamic content filter (PordaAI — “Blur Haram objects, real-time AI for Islamic values”), whether you’ve installed an anti-Zionist political tagger (Anti-Zionist Tag), or a tool designed for neurodivergent users (simplify). Under GDPR Article 9, processing data that reveals religious beliefs, political opinions, or health conditions requires explicit consent. LinkedIn obtains none." https://browsergate.eu/extensions/
There is clear rules around what you can and can't do to fingerprint users. if it's being done overtly, covertly, obscurely, indirectly, all for the same result through direct or indirect or correlated metadata it ends up with the same outcome.
My understanding is the rules and laws are to prevent the outcome, by any means, if it's happening.
Lol, lmao even. Lawmakers are banning privacy as fast as they can, this kind of personally identifiable stuff is perfectly aligned with their end goals.
Checking for extensions is barely anything when you consider the amount of system data a browser exposes in various APIs, and you can identify someone just by checking what's supported by their hardware, their screen res, what quirks the rendering pipeline has, etc. It's borderline trivial and impossible to avoid if you want a working browser, and if you don't the likes of Anubis will block you from every site cause they'll think you're a VM running scraper bot.
reply