Some time ago I noticed that in Chrome, every time you click "Never translate $language", $language quietly gets added to the Accept-Language header that Chrome sends to every website!
My header ended up looking like a permuted version of this:
en-US,en;q=0.9,zh-CN;q=0.8,de;q=0.7,ja;q=0.6
I never manually configured any of those extra languages in the browser settings. All I had done was tell Chrome not to translate a few pages on some foreign news sites. Chrome then turned those one-off choices into persistent signals attached to every request.
I'd be surprised if anyone in my vicinity share my exact combination of languages in that exact order, so this seems like a pretty strong fingerprinting vector.
There was even a proposal to reduce this surface area, but it wasn't adopted:
Is Chrome trying to assume that, since you don’t want it to translate those pages/languages, that you can read them/want them in your header? Interesting
Using Chrome and caring about privacy? I thought, after Google killed uBlock Origin, it had become beyond clear these two things were incompatible, https://news.ycombinator.com/item?id=41905368
Self-plug but if anyone is interested in learning more about how browser fingerprinting works and the different protections browser makers deploy against it, I wrote a longer post about this a few months ago: https://pitg.network/news/techdive/2025/08/15/browser-finger...
Firefox w/ the Arkenfox user.js is probably as good as it gets in terms of privacy. By default, this config burns cookies on exit, standardizes the time zone to UTC, spoofs the canvas fingerprint, and does other helpful things. Basically, it makes Firefox expose the same information as the Tor browser.
In addition, I block most known advertizing/tracking domains at the DNS level (I run my own server, and use Hagezi's blacklists).
Finally, another suggestion would be to block all third party content by default using uBlock Origin and/or uMatrix. This will break a lot of websites, but automatically rules out most forms of tracking through things such as fonts hosted by Google, Adobe and others. I manually whitelist required third party domains (CDNs) for websites I frequently visit.
Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?
> block all third party content
It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
Also imagine if browser didn't provide drawing API for canvas (if you would have to ship your own wasm rendering library). Canvas would become useless for fingerprinting and its usage would drop manyfold. And the browser would have less code and smaller attack surface.
The number of cores is also set to 4 for everyone using this config and/or Tor.
> It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
This may be true, but allowed third party content makes it trivially easy for Google and others to follow people around the Internet through fonts delivery systems among others.
If I infiltrate someone else’s computer, secretly run code in order to to exfiltrate data I risk prison time because objectively it seems to satisfy criminal laws over where I live.
How do prosecutors in any modern country/state not charge this behavior when done by a website owner?
The difference is that there's implied consent to run arbitrary (albeit sandboxed) code when you visit a website. Moreover it's not the website causing the code to be executed, it's your browser. Otherwise if the bar is "code is being run but the user doesn't know about it", it would lead to either any type of web pages with javascript being illegal (or maybe without javascript, given that CSS turing complete), or a cookie banner type situation where site asks for consent and everyone just blindly accepts.
>The only efficient protection against fingerprinting is what Orion is doing — preventing any fingerprinter from running in the first place. Orion is the only browser on the market that comes with full first-party and third-party ad and tracking script blocking, built-in by default, making sure invasive fingerprinters never run on the page.
sounds like they block "known" fingerprinting scripts and call it a day.
As someone who utilizes these tools for anti-fraud purposes, Firefox is just as trackable if not more trackable than Chrome (especially because you stand out by using a niche browser in the first place).
Firefox exposes a massive amount of identifiable information via canvas, audio device and feature detection methods. There's also active methods to detect private windows, use of the developer console and more.
-window was resized/moved, send a websocket snitch to the backend
- keep a consistent web socket open, or fetch a backend-api call for updates on X events
- more calls are made, means user is probably scrolling, inject more things/different things.
I see some js obfuscators out there where I look at the js file and it's all mumbo jumbo.
It is indeed a privacy nightmare, where whatever we do feeds the algorithms to aide in making other people do things.
But it's also used in network security, organizations etc. Staff/employees will use the system a certain way, if something enters it without the behaviors, it's detectable. I assume that's what you mean in anti-fraud.
Sad part is we don't know what the data is ever used for, and it's often bought and sold and the cycle repeats.
The article is missing links to one of the first fingerprint diagnostic tools, https://coveryourtracks.eff.org/ , formerly called something like panopticon.net.
The real problem: if you can’t be identified, the system assumes you’re a bot, untrustworthy, or both and instead of reading content you get to select squares with buses and traffic lights ad infinitum.
I agree with the points in the article. Fingerprinting of any kind is a major risk for personal freedom. At the same time I want to make sure that content creators are compensated for their work. Ad firms that employ fingerprinting stand between me and the content creator. That said, I'm not going to pay $5/month for every blog that I occasionally read. The ad based model provides a more streamlined approach to compensation, but at the unacceptable price of privacy. I'm not quite sure what the answer is.
I have a gut feeling that we've been tricked (by ad companies) into thinking that this is somehow realistic and that casual "content creators" can get meaningful money from us reading their articles.
Realistically, while professional content creators can make a living, writing a blog post every once in a while will not provide meaningful income. Instead of trying to "monetize" everything, we would be better off with free content like on the internet of old. There are other means of making money.
It seems that the current situation means that the "content creators" earn insignificant money, while ad companies earn huge money because of scale, and we all somehow keep believing that this is necessary for content to appear.
You mean I shouldn't make a comfortable living off my valuable HN comments? I was about to consider this comment a good days work. Maybe if I put this comment on my own webpage it would be more valuable?
What if it could? Or should (be able to produce FTE or close income)?
In that world, the amount of pointless shite - questing to “go viral” - would be reduced to near zero. That is, if the incentive were more quality, and less quantity, we’d be better off, yes?
So there's an element of truth to that. And there are those who can contribute enough value, have enough audience, etc., that they can "coast" on those 2 blog posts a month and make significant income...
... but that's also not, nor should it be the median. I'm not sure how the economy functions if, say 8h/mo effort generates a median living wage.
Yes seriously - I'm old enough to have enjoy reading magazines that had ads throughout them. They were fine.
I'd venture to say contextual advertising would be more effective than whatever we've been trying to squeeze out of fingerprinting etc. All this supposed "data" they are gathering feels like a scam perpetuated by ad companies about how important it is to the people who buy ads. It's not.
Even Facebook and Instagram, which pretty much should know you to a tee is completely ineffectual at advertising to me - like at all.
The main “problem” with contextualized advertising is that the people producing the content get a larger share of the ad spend.
Targeted ads concentrate control over the market into a few players, which can do things like acquire competitors or run them out of business with loss leaders.
With AI, the supply of ad real estate will go to infinity, so the only thing that will matter is the quality of the places the ads run.
This would be a good time to ban targeted advertising, or for the content producers to form a cartel that only purchases contextual ads.
That cartel will probably be even worse than what we have now, since it’s going to be 2-3 mega conglomerates like Disney, and they already have handed editorial control over to the White House.
Hopefully the invisible hand of capitalism will somehow fix this.
> I'm not going to pay $5/month for every blog that I occasionally read
Would you pay per view? Most people (me included) would probably hesitate to say yes, because we’re used to not paying for that. But what if it meant that ad based model is gone and everything you buy is cheaper because the price does not include the cost of running ads?
> what if ... everything you buy is cheaper because the price does not include the cost of running ads?
Except in practice we see the opposite.
There's something interesting going on with companies when they want to get paid directly versus by ads: they demand 3x - 4x or more for subscriptions or pay per view versus what they make from ads.
Easiest place to see this is ad supported non-linear TV in the years you could get without ads, or with ads. You pay significantly more to not see the ads, than they make from the ads.
Perhaps this is justified because ad-free subscriptions reduce the audience size for ad buys, but when you look at the numbers watching with ads versus paying, it wouldn't seem like the "no ads" buyers make a dent in whatever pricing tier.
In the 90s when we were young and naive, we imagined a library card model, with a library fee and then you have fractions of a cent cost to read a post, and using (hand waving) technology to uncouple viewing history from payables to content creators. That, or the British TV license model, an Internet license of some kind.
It's curious to me the ad networks haven't gotten together to preemptively offer this. Arguably Brave tried, but from an adversarial (to the ad companies) stance. It would work better from the inside with a simple regulation: if you serve ads for ad-supported content, you have to participate in the library card system at CPM rates no greater than you receive for ads to skip the ads for card holders.
This is price discrimination. Everybody would love to charge more money to rich people and less money to poor people, since that increases the total profit.
The only companies that we directly allow to do this are schools, but having a premium version lets you approximate this.
That's because you usually pay via credit card (or some other financial mean) which is cumbersome (and may be illegal) to spoof. But yeah, it can be hard to justify a subscription when it's the price of a full meal. Especially when other essential subscriptions (electricity, water, internet, cell services,...) is straining your monthly budget.
The PPV model has been tried a bunch of times, and it always turns out that the rate people are willing to pay per view is not a rate that is high enough to be a viable revenue source for the content owners.
it takes a lot of $0.10-$0.25 views to make up for the loss of a $5/month recurring revenue stream that might last for years.
The fact that advertising is more profitable doesn't mean that the PPV model is not viable. It could certainly be so. Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
The problem is skewed incentives, of course. Advertising is acceptable to most users and easy to integrate, so why should website authors go out of their way to please a minority of their users who object to it?
>Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
you're describing the model of a product called blendle, a service which i loved but which totally failed. they failed to attract users, and they failed to attract publishers. this isn't some new idea that nobody had tried. it's been done. and it failed, not just for blendle. people have tried micropayments, they've tried subscriptions, if you can imagine a PPV model, it's probably been tried. readers and publishers both hate it.
Do you think the fact that NO major content websites (NYT, substack, WSJ, ...) have settled on a PPV model is simply because they haven't thought of it? Or is it more likely that the numbers absolutely do not work?
No one uses the PPV model because there isn't sufficient payment infrastructure (402 payment required). The friction for entering your credit card information into a website is ridiculous, you might as well target the high end of the market with a monthly subscription.
The PPV model, like Ads, works well for websites that you're not well associated with. Random blogs and websites that you otherwise wouldn't be willing to share your credit card info with.
I think it might be because with ad model you can sell profiling data many times over to different parties. You can’t do the same with a single charge.
Have any of them actually tried it though? If they have and I missed it, then I apologize, but I can't recall the NYT letting me read an article for $1 with zero friction via Apple or Google Pay or Stripe link or something. It they tried it and the numbers didn't work, that's one thing, but I don't recall that happening.
WSJ was available on blendle (pay-per-view). Washington Post was available on scroll (monthly subscription, divided up amongst the publishers you read each month). neither service still exists.
i don't believe NYT has ever tried a pay-per-view model.
Doing it via conventional card networks won't work, the fees would eat most/all of the payment.
A critical mass of publishers would need to team up and form a cooperative/etc where a user could register once, deposit some money, and then that money would be spent every time they view an article. But that requires cooperation between competitors, which is already hard enough, and the cancer that is the advertising industry wouldn't like this potential existential threat and would be more than happy to pour fuel onto the fire to ensure it never succeeds.
What's surprising is why the card networks themselves don't get in on it. They could do so in a completely backwards-compatible manner, introducing a new card number range that only works with transactions under a certain amount and have different fraud protection/chargeback rules.
I can't speak for all web sites, but I reckon a combination of factors could explain why such a solution hasn't been deployed:
1. Advertising is ubiquitous, easy to integrate, and provides a safe revenue stream.
2. There is little to no infrastructure for the PPV model. Whoever builds it would need to maintain their own version of it.
3. People expect the web to be "free". This is even true within technical crowds who understand that it's really not free. And a large part of that group doesn't mind advertising.
So, really, it would require a substantial amount of effort to implement, it would add additional friction to users, and ultimately only a minority would appreciate it.
Had this model been in place from the beginning of the web, things might be different today. Alas, if my grandma had wheels...
At the risk of pedantry, though it's still germane to this context, that's more the Tidal model than the Spotify model.
Spotify's model is more that your monthly amount gets disproportionately redistributed to the artists that bring more interest and listens to Spotify, regardless of whether you were one of those listeners. Smaller and niche artists suffer under Spotify's model.
Yes, but only after viewing, of else I'd pay for "editorial" or AI generated slop which would be generated like link farms pointing to Amazon etc.
And that's the chicken-and-egg problem ...
In theory that could be resolved by registering for free at reputable sites and then paying per view with micropayments. Or by a scheme where one would register and only pay when I actually did read stuff, not with the currently en-vogue monthly fee for each and every site.
You're presupposing that these blogs are producing content worth paying for. The unfortunate truth is that the overwhelming majority of blogs (99.9%+) are not.
Then why is everyone so nostalgic for the old days of the blogosphere to return? If blogs are all worthless, then we shouldn't care that they're disappearing and/or being put behind paywalls; we haven't lost anything.
Hard to say, there's no shortage of enticing looking medium articles that are superficial and worthless. I would not pay per view that trash even though there are good ones buried in the pile.
Brave Inc. gets a lot of flack, some warranted, but their Basic Attention Token allows for exactly this. Users can add credit to their wallet by either consuming privacy-friendly ads or topping it up manually, which then gets distributed to the sites they visit in the proportion they choose, transparently in the background while they browse.
It is a shame that this feature gets lumped together with claims of crypto scams, and similar nonsense. Yet this is precisely the right model that could work at scale to eliminate the advertising middleman, and make the web a safer and more enjoyable experience for everyone.
Brave strips out the ads that the creators put on their site, puts their own ads there, then gives the creators some of that money if and only if the creator realizes they have to sign up for Brave's cryptoshit. It's straightforwardly the kind of racket that would get your knees broken if you tried to do it to somebody in real life, but "it's ok because it's on computers". All the flak is deserved.
But then again, online ads are the physical equivalent of a crowd of paparazzi following you 24/7 including inside your home, which would also prompt physical violence in the real world.
From my perspective I couldn't care less if one bad guy is stealing from another bad guy.
It's frustrating that humans are stoichastic parrots and the minute you mention crypto they go into conniptions because the rails are basically there. It's not user friendly, but it's possible to build a system where you transfer $0.05 cents of crypto to someone as you scroll down a web page using a special browser.
This is exactly what I want. I don't really care to subscribe to most written media (I do in some cases) but once in awhile an article grabs my attention and I would shell out to read it.
The Ad model is exactly the problem. If you had anonymous, cheap micropayments where you pay 1 cent per pageview it would not just solve the surveillance problem but it would solve the DDoS problem too (you set up a web server where the price increases with load and clients bid for bandwidth).
Sadly, I think you are wrong. Micropayments seem attractive but the idea falls apart quickly - there are just too many intractable non-technical problems. It has been tried more than once and each effort has failed.
I wrote a longer post on this[0] but to save you the click I will state the biggest problem from a privacy point of view - if you think privacy is bad now with ads imagine how much worse it would be with a payment processor knowing your every click.
Yes, I know about certain cryptocurrencies that maintain privacy, they are a non-starter for micropayments for different reasons.
Even if a magically technical solution to privacy were to emerge there is nothing more valuable than information about paying customers and sites would use browser fingerprinting anyway.
I read from too many different sources through aggregators like hackernews. With a network you'd probably still have too many subscriptions.
Also wonder if it will really work out, i open too many articles that are pretty bad when you start reading them. So i quit after 1 or 2 paragraphs.
Now if you get the first 2 paragraphs for free, contents writers will start to optimize for good first 2 paragraphs, and afterwards quality will drop. Also, many blog posts or news articles don't have more than 2 paragraphs of good content.
Eh, that's too expensive unless the recipient can authorize refunds for non-spam emails.
But yes, I always thought some form of network syndication would emerge on the Web, where creators could register for their share of aggregated periodic payments made by users.
Still not sure why that's not a thing. I would pay $50/month to a syndicate in return for never having to deal with paywalls on any sites affiliated with them. But only as long as the vast majority of sites participated, and that is probably the showstopper, I guess. We'd end up paying 20 different 'syndicates' for absolutely no good reason, just as we now have to deal with 20 different streaming services.
They don't get $5 per month from ads. So the true subscription price must be a lot lower.
One option: a fund where you buy tokens, that you can spend reading an article. That will, however, lead to more clickbait and AI slop and snowing under serious blogs with low volume.
how about donating to the creator directly? not subscription, just occasional donations whenever people feel like it - content is more widely available, and people who really enjoy it or are well off can actually fund the development
Yes, but you need a scalable and low-friction donation solution. Patreon is the closest but it doesn’t pay the bills for most creators. Maybe some micro-tipping solution, but nobody has made that work yet.
No one has made a successful micro-tipping solution, because regulations and entrenched interests (banks, payment processors) have too much control and assess per-transaction fees that dwarf the amounts that such a system would be designed send.
Aggregation of tips and payouts would help, but that requires network effects (achievable only at scale) to be viable. I believe this approach has been tried in recent years, but I am not sure where those efforts went.
If someone puts a donate button beside their name or in the corner of their webpage, and that button leads to a payment page, I think that's good enough.
The point of paying creators is so that they can focus on creating content instead of making other things. Giving money to a creator is basically saying "you're so good at what you do, and it has so much cultural/intellectual value, I'd rather have you make content instead of stocking shelves or making food". But this should be reserved for people that publish good content because they can and are passionate about it, not just anyone putting out slop with the instrumental goal of paying their bills. If the friction of clicking a button and filling in payment details is enough to deter people from paying them, then maybe their content isn't worth paying for and they should find some other way to make a living instead.
Ads are annoying, but they are ok, what is not ok is collecting data and then selling it, so they can profile you without your consent across different platforms.
It reminds me of a game we played with students of data classification algorithms like ID3: How many yes/no questions do we need to uniquely identify everyone in this room?
With like 12 students, that's 4 bits, and it often ends up with 2-3 questions. It starts off with the obvious ones - man/woman/diverse, but then a realization comes in: An answer usually contains more information than just that one bit. If you have long hair, you're most likely a woman and/or a metalhead for example. That part will get shaken out later on.
And those thoughts make these browser fingerprinting techniques all the more scary: They contain a lot of information and that quickly cuts the possible amount of people down. Like, I'm a Linux Firefox user with a screen on the left. I wouldn't be suprised if that put me in a 5-6 digit bucket of people already.
> An answer usually contains more information than just that one bit.
That means there is less information in the question "do they have long hair?", not more. Asking "long hair?" and then "woman?" is probably, in most groups, roughly the same as just the first or second question alone. So the second question added much less than one bit of information because the answer is probably "yes". "Long hair" and then "metalhead" is the same, except that the answer to the second question is probably "no".
Yes/no questions on average contain the most information each when they partition the remaining possibilities 50:50. Then each answer gives you exactly one more bit. The closet you get to either a 100:0 or 0:100 yes:no split, the smaller the fraction of a bit you encode in the answer.
"Metalhead?" usually gives you lots of bits of information (probably 4 in an "average" group of 16 containing at least one metalhead) if the answer is "yes", but on average that's outweighed by the very high chance that the answer will be "no". If there are no metalheads or only metalheads, it gives you zero information.
Ah, I flipped it in my head. That happens after 10 years.
In this case, it was often an interesting exercise in bias as well. "Woman?" would usually single out 1-2 persons out of the 15, so it was a terrible question. It was CompSci after all. "Long hair?", lumping women and metal heads into one group would often split it into half and half. That was much better, and then spurred creative thoughts like travel distance, or bus stations.
Yes, but you can make assumptions based on what you know about humans generally. Like their example that if you ask if you have long hair. If you answer yes the likelihood is you are probably female.
You can think of all sorts of questions and answers like this, and when you combine with the assumptions and answers from previous answers you can make even more assumptions. They won't always be correct, but you don't have to be "perfect", depending on your use-case. For example for advertising purposes assumptions(even if incorrect) can still go a long way.
There is a reason Target got sooo good at identifying pregnant women[0] before the women knew they were pregnant that they creeped out women, and had to pull back what they did with that information. This was like a decade or more ago. It's only gotten more accurate since then.
> Target got sooo good at identifying pregnant women
That's why I pay with cash and do not have a loyalty card (other customers often offer theirs at cash register anyway). And of course I don't even go to Target.
I don't know if Target specifically use all of these, but I would bet they have data based on at least some of facial/gait/demographic recognition, wi-fi/Bluetooth beaconing, vehicle registrations, time and location tracking, statistical analysis of your purchases and clustering of people you have made purchases next to (e.g. you bought something at same time and till as your mother more then once). I'm sure they have other methods too. They can also combine datasets from brokers that do have a face:name link (say you used a card at another store that captured it and sold the data) and resolve you within their own data that way.
It's still a yes/no question, it's just that the question is "do you have long hair".
The goal of these decision trees is to have as few questions that divide the group in two balanced halves (and also recursively).
If you imagine a binary tree with questions in each internal node, and in each leaf there is a person. You want the height of the tree to be minimized.
Yes, but multiple yes or no questions in combination can easily yield more information than they should in a real dataset. That's the real educational point.
You seem to be confused about the difference between "less" and "more". In general a yes-no question gives less than 1 bit of information if yes and no are not equally likely. There is no way it can be expected to give more.
> There is no way it can be expected to give more.
It is indeed not possible for it to give more, because it only has a single bit answer, which by the pigeonhole principle can't give you more than one bit.
The best yes/no questions are the ones which are independent of each other and bisect the group evenly. "Are you a man" is typically good because it will be approximately half the population. Then you want independent questions that bisect the population again, like "does your first name have more than the median number of letters" which should be mostly independent of the first question. Another good one is conditional questions like "are you taller than average for your sex" since a pure height question wouldn't be independent of sex but that one is.
Whereas bad questions would be ones with highly disproportionate responses, like "do you have pink hair with black and green highlights" which might be true for someone somewhere but is going to have >99% of people answering no, or "were you born on the planet Mercury" which will be 100% no and provide zero bits of information.
The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
>The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
It really isn't, because there's plenty of fingerprinting scripts that run on the same domain, especially fingerprinters from security providers like cloudflare or akamai.
The problem is not JS, the problem is useless techonolgies like WebRTC or WebGL that can run without permission and that, I think, are used in 99% cases for figerprinting. And people who designed them and did nothing to prevent fingerprinting.
Neither WebRTC or WebGL are remotely ‘useless’. Very fair though to say that you would prefer to have them disabled and/or whitelisted for certain sites.
Does he have a strong stance of JS in the browser? In any case, I don't think many people would agree that the dubious extra privacy you gain from blocking that is really worth breaking half the web. Fingerprinting is not too hard even without JS.
I would re-frame "is it really worth breaking half the web" as those sites are not compliant to begin with. Nothing in the web standards stack mandates javascript, its an optional feature! Web developers of yore understood that a fundamental property of a properly written web site was to degrade gracefully if javascript wasn't available, but the groupthink of the past decade has chosen weaponized incompetence over doing their jobs and in the process has not only thrown a load of noncompliant insecure garbage out there, but broken a load of accessibility standards, and other things in the process.
Blocking most JavaScript is fine, it mostly just breaks the silly pointless over-designed sites anyway. Just like everything else, most of the internet is garbage; blocking over-designed JavaScript sites isn’t a perfect filter but it is an ok first heuristic.
For a fingerprint to be useful it must not only be unique but also persistent. If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
Point still taken, however you can only really check if a given font is installed, not obtain a list of all fonts. Thus, installing a wacky font is pointless as the fingerprinter won’t bother to check that particular font. There is queryLocalFonts on chrome but this requires a permission popup.
It's likely that yes, you will end up with an alias that links you because of a cookie somewhere, or a finger print of the elliptic curve when do do a SSL handshake, or any number of other ways.
The ironic thing is that because of GDPR and CCPA, ad tech companies got really good at "anonymizing" your data. So even if you were to somehow not have an alias linking your various anonymous profiles, you will still end up quickly bucketed into a persona (and multiple audiences) that resemble you quite well. And it's not multiple days of data we're talking about (although it could be), it's minutes and in the case of contextual multi-armed bandits, your persona is likely updates "within" a single page load and you are targeted in ~5ms within the request/response lifecycle of that page load.
The good news is that most data platforms don't keep data around for more than 90 days because then they are automatically compliant with "right to be forgotten" without having to service requests for removal of personal data.
>If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
Services with a large enough fingerprinting database can filter out implausible values and flag you as faking your fingerprint, which is itself fingerprintable.
But they still wouldn't be able to confidently connect his different fingerprints to the same individual, just that he is one of a group of individuals who fake their fingerprints.
It would depend on what your existing fingerprint is. If you're using some sort of rare browser/OS/hardware combination (eg. pale moon/gentoo linux/IBM thinkpad) it might be worth spoofing, but if your configuration is relatively "normie" (eg. firefox/windows/relatively recent intel or amd cpu/igpu)you're probably making yourself stick out more by faking your fingerprint.
The issue is that, especially on desktop, I doubt there are many fingerprints that more than 100 people have, given everything that they test. I would even suspect that most common desktop fingerprints are classified as bots.
I'm sure it's a privacy issue. But how does this browser fingerprinting harm the user? Maybe it can work like a session cookie used for correlating across different requests from the same user. What's the damage here?
Sandboxing in containers and manually exempting specific security tokens is arguably one of the better steps we can take in the immediate term, as are random agent strings and returning fake data for common prompts. Of course that only works in the immediate, because this, like advertising in general, is an arms race at the moment.
This feels like a regulatory question, not a technical one. We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points. The long-term solution seems like it should be severe consequences for data breaches (as in, corporation-destroying penalties for disclosure of PII, including fingerprint data) such that everyone only collects the data they need to provide the service in question and not a single bit more, deleting it as soon as it's no longer necessary. Right now there's no consequence if Google or Meta disclose huge swaths of user data, and thus no disincentive to collecting as much as they possibly can.
Punish the leaking of data, and suddenly you've raised it's cost to the point that casual players will nope out entirely. From there, it's the eternal back and forth of governments waffling between business and electorate interests.
>We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points.
I'm very skeptical of this claim, especially in practice. Contrary to what many fingerprinting sites claim ("you're unique of everyone we fingerprinted!!"), browser fingerprinting can't possibly uniquely identify someone. Smartphones are pretty locked down and there's very few customization options that allow for fingerprinting. In the US Apple has around 50% market share in the US, and there are 30 iPhones models that are still in support. That means if you're an iPhone user in a city of 1 million, there are, on average, approximately 16.6k (500k / 30) other people with the same exact model of iPhone (and therefore fingerprint) as you. As long as you don't do anything to stick out (eg. living in the US but setting Denmark as your locale), you'll be reasonably anonymous.
Browser data points can make it easy to identify a browser or in some cases even a specific machine, but that doesn’t necessarily equate to identifying a user. What frustrates me is that it takes a service I trusted with my personal data to be the one that attaches an identifier to those metrics. The best practice for privacy is to always keep profiles and identities separated, rotate P.O. boxes, email addresses, phone numbers, and payment methods so that when someone identifies your browser or device, the accuracy of linking it to you stays low. Of course, this approach comes with its own problems...
> Worst of all, perhaps, it can extract a canvas fingerprint. Canvas fingerprinting works by having the browser run code that draws text (perhaps invisibly), and then retrieving the individual pixel data that it drew. This pixel data will differ subtly from one system to another, even drawing the same text, because of subtle differences in the graphics hardware and the operating system.
I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
Is the implication that there are certain graphical operations that - perhaps unintentionally - end up becoming akin to a physically unclonable function in hardware?
I still haven't found a method that can fingerprint simple Firefox containers. I use automatic temporary containers as a rule, and rules for specific sites where I want to keep persistent sessions.
I don't understand how temporary containers are still not a built-in Firefox feature, it seems like such a no-brainer solution for privacy.
> Since almost every web browser in the world now supports JavaScript, turning it off as a measure to protect privacy is like going to the shopping mall wearing a ski mask.
I'm going to steal this nice analogy, for when I try to explain this point and some related points.
To extend the closing remarks from a SIGINT perspective, sure some fingerprints are non unique and short lived, have little data. But hang onto it long enough and sure enough some slower data from another band might eventually correlate it with something else.
The last time I looked at this seriously I was trying to find out how much fidelity (if it was possible at all) was necessary to identify someone by their mouse and keyboard input.
when PayPal tells you that they already know you and don't require you to log in: that's fingerprint.com behind the scenes.
There are pros/cons.
It should be obvious by now that using any free service of scale is being paid for by your interactions which are made more valuable through fingerprinting.
Trying to circumvent that just makes it more expensive for the rest of us.
I switched to the Mullvad browser. The other recommendation, LibreWolf, provides the following warning on install which scared me away: "Warning: librewolf has been deprecated because it does not pass the macOS Gatekeeper check! It will be disabled on 2026-09-01."
FYI I wouldn’t say that the Mullvad browser is any better at anti-fingerprinting than Librewolf. I always point people to http://fingerprint.com/ so they can see how difficult it is to beat even JS based tracking and this doesn’t even get into the server-side methods (i.e. just fetching a stylesheet) of tracking users.
That’s not to say you shouldn’t use a browser that blocks ads etc but I don’t think people should immediately think that they’re not fingerprintable because they’re running these. There definitely needs to be more discussion on the reality of how much these browsers can “protect” you.
tldr -- it's fine.
MacOS Gatekeeper will create warnings about products that are not signed via the apple developer program, which is $99/year
librewolf is an open source product, that is very strictly a "community" libre / FOSS project. naturally, having an individual take up notarization
assumedly, you are using brew -- brew recently decided to stop supporting / deprecate all casks that does not pass gatekeeper checks, for some reason I cannot fully determine.
Why would I trust any software that doesn’t pass the gatekeeper test? Even if it claims to be “open source” with links to some code repo there is no guarantee the binary blob you are running was built using only that code and nothing else.
Sure even with the gatekeeper test you can’t be sure it’s built against only the claimed code but it does guarantee:
1) the binary hasn’t been modified since it was signed
2) the binary was signed by somebody in possession of the private key
3) there is some measure of identification via Apple on who or what signed the binary
4) somebody was willing to fork over $99 to sign the binary
It’s not perfect security by any means but it is something. Otherwise the binary you are running might as well have come from some sketchy email attachment. And fuck that. Why would I want that on my machine?
I get that the $99 might be a hurdle for “non-organized open source” (ie most open source… doesn’t have a non-profit entity to take up the expense and credential management, etc…)… and there are probably ways apple could make it easier for such “collectives”… but ultimately I’d argue that signed binaries are good for everybody. While imperfect, they provide some form of traceability and accountability.
obviously it’s not a 100% guarantee of being fuckery-free. The private key might have been compromised, the appleid might have been hijacked and the developer program might have been enrolled with stolen credit cards… but it’s still a hurdle to filter out a large swath of low effort nonsense.
Sure but most people aren’t going to do that. It automatically limits the audience willing to use the software.
This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface…
The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key.
So for Linux, generally you are installing packages from your distro's repo so they are signed by the repo itself. I would have assumed that it would be the same on Mac with brew/macports/etc signing the code, but from what you are saying I guess not, I don't see why.
On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.
The article rants about how turning off JavaScript is actually harmful because it makes you more fingerprintable, then in the same breath recommend switching to an obscure browser nobody else uses?
If you want to avoid being uniquely identifiable stick to Chrome, signed into a Google account, running on a PC from Best Buy.
You missed one of our best guarded secrets: ja3 hashes and their successors.
Basically, we can identify browsers based on the supported ciphers in TLS handshake (order matters too AFAIK). Then when your declared identity is not matching the ja3 hash, you're automatically suspicious, if not blocked right away. I think that's the reason for so many Capchas.
I built a nice tool to visualize that: https://tls.peet.ws.
Its not that secret anymore though, more and more libraries are starting to allow spoofing for browser tls configs.
There isnt really a cat/mouse game here - once you match the latest chrome, there is nothing to fingerprint
I do not think I understand that website. I see that JA3 always gets changed after refresh, but not sure what JA3 is. Why is it always different, and is it good or bad?
Modern browsers randomise parts of the handshake, which results in an unstable ja3. ja4 and others normalize the relevant details to make the fingerprint constant again.
It tends to identify your platform/browser version, with relatively low granularity. Unless you have an unusually rare OS/browser config, it won't deanon you on on its own. But it can be combined with other fingerprinting vectors.
Not trying to be sarcastic; I may be unaware of some relevant legal framework for the US, could you please elaborate which one is a right and how is it enshrined and enforced?
Not American here, but I'm aware of both privacy in mixed forms (privacy act 1974, HIPAA, COPPA, and CCPA in California); as well as anonimity in First Amendment et al since there's case law (IANAL) demonstrating the requirement of anonimity to avoid persecution of free speech.
All of these have limitations and exceptions in a complex legal system. But to issue a blanket statement like the comment above is no really correct - just trying to make a point, I guess
The only way to have privacy in a semi public location, like the Internet, is anonymity.
Ask any celebrity how much privacy they have. They can’t even buy Starbucks without people commenting on how fat their comfy clothes make them look. Because they have no anonymity.
A combo of your IP, browser fingerprint plus the fact that you logged in somewhere and that links to your actual name etc. Identify you in isolation is not very useful. It's connecting that identity to another place that's valuable.
The browser history is collected across multiple sites to form a profile. If the user ever enters their email address or logs in, their entire history is deanonymized.
There is no good technical solution here. But the damage could be limited if browsers at least limited entropy somewhat. Stuff like reading back canvas contents should need user approval.
Just make sure it’s sufficiently illegal to keep this info. Find and make big visible examples of fining companies that trade in this info. If a company sells a product that fetches ads based on an ”identifier” their little js snippet computed then just pay them a visit. Fine both them and their customers to the max extent of the gdpr (or equivalent).
Gemini and Gopher are better than the existing WWW, (although there are others as well, such as Spartan (uses the same file format as Gemini, but it is a different protocol without TLS), Scorpion (my own format, intended to be between Gemini and "WWW as it should be if it was designed better"), and others).
However, you might also want to access HTTP and HTML, and to do so without needing to load fonts, pictures, etc; you might use a web browser that omits many of these features. However, it also can result in some problems; there are a few ways to work around some of these, such as adding your own scripts to handle some services, adding proxy services for handling some services (although some of these can use other protocols such as Gemini), and/or using the HTML/CSS commands in other ways (e.g. using ARIA to decide the formatting rather than using CSS). However, there are other issues, e.g. if the web page you download includes more junk than the actual main text.
JavaScript disabling helps a lot, regardless of what author says. It disables most of the tracking attempts, improves security and most of all pages load faster and hardly break if you're just browsing anyway.
The whole article never mentions the gold standard of anti-fingerprinting, Tor Browser. It just shows how shallow the article is when it mentions Mullvad Browser, a fork of TBB, instead of TBB itself! There's also no mention of using an upto-date DNS block list to thwart fingerprinting attempts even more
Yeah, I don't get it. Tor browser alone, with no additional configuration and basic hygiene, is enough to stop any fingerprinting and tracking. The only problem is that it's too private, and tor traffic is often associated with crime, so it's sometimes blocked, notably by cloudflare.
I don't use it for daily browsing, but when I want to search for something I don't want associated with me (for example, health concerns) I just use tor browser and don't worry about tracking.
The Tor Browser won’t effectively stop fingerprinting, if anything it makes you more unique due to the low amount of people worldwide using it, and then you add points of data by using different DNS providers, extensions etc.
The Tor Browser as a privacy measure is likely no better than a normal browser with uBlock if you’re also using it like a “normal” browser, signing into the same accounts you always use etc. My opinion obviously but I dislike people recommending the Tor Browser as a lot of it’s primary benefits are lost if you’re just using it as a daily driver browser.
I always point people to https://fingerprint.com/ to see if their browser can defeat it. Most of the time you can’t without clearing cookies, changing device resolution, change VPN location etc. something the average person can’t/won’t do. Even JS aside there are a ton of different ways to track people based off even just getting server side data when a site’s stylesheet is fetched.
On the pros of fingerprinting: it's practically the only consistent tool to prevent malicious use in certain usecases, such as app hosting and similar bot protection.
Email validation doesn't work. Ip blocking doesn't work. Captcha? Kind of. Fingerprinting? Very efficient.
I don't mind advertisers knowing more about me. If they can display ads that are relevant to me, this is a better experience on both sides.
Unfortunately there is no way to tell advertisers, "No, I'm not interested in your product. I never will be. Don't waste your money."
The top offender is Hims. No, I don't have hair loss. I don't want hair loss supplements. I also don't have ED, and I object strongly to ads for that showing up unexpectedly when I'm showing a YouTube video to someone else.
The second top offender is whoever it is (they keep changing their name) who thinks that I need some kind of Christian motivational course to get control of "the P-word". (Their phrase, not mine.) No, I don't have a problem with pornography. I am very rarely interested in it. And when it comes up every few months, I don't feel any guilt about it afterwards. Furthermore I'm an atheist. A Christian motivational course isn't going to work well for me regardless.
Yes, Google does offer a report function, and a block function, for ads. The report function seems to have gotten rid of the unwanted ED ads. The block really doesn't work when the ads are all very similar AI slop that is rotated frequently. Block this ad, and then next unwanted ad from the same source will be coming along soon enough. (The reason why I particularly dislike Hims is that they are more aggressively rotating their ads.)
Relevant/personalised ads doesn't mean ads that benefit you. It's means ads that are better able to extract money from you.
It means that, when you need a new dishwasher, you will never see the actual best dishwasher for you, only dishwashers that are a bit more expensive than you actually need but you will end up buying one of them anyways.
It means that you are more likely to see products you would impulse buy just after you get your paycheck. Or slightly inflated prices on things you usually buy.
It means ads designed to take advantage of addictions to sugar, alcohol, gambling etc
Finding stuff you actually want to buy has never been easier, you can find hundreds of reviews and comparisons instantly. People who opt into personalised ads don't end up being more savvy online shoppers, they just end up buying more junk.
My preferences are based on my understanding of myself.
I do not have those problem addictions. Of course I am going to comparison shop for any large purchases. I am good enough about controlling spending that excess junk isn't one of my problems.
But what I do have a problem with is coming up with creative ideas for people in my life. So, for example, I would have never thought to look for https://www.zazzle.com/cup_equation_love-168099175298227864. But I'm very glad that someone out there knew enough about me to guess that this might be an item that I'd like. And my wife liked the cup a whole lot.
Does this happen often? No. But I'm perfectly happy to pay a premium for a product when an advertiser gets it right.
If you don't mind them knowing but resent the ads, you can just block the ads. You can do dns ad blocking[1], in-browser plugins/extensions[2], finally, patch the apps[3]. Or deploy all of them.
Perhaps you missed that I am willing to deal with ads in general? I am perfectly willing to put up with the annoyance, and like knowing that I am bringing money to the channel that I'm watching. I only want specific advertisers turned off.
A general "show me no ads" solution is not my preference.
>And even though my personal safety and liberty probably aren’t at stake, I don’t want to give any support to the global advertising behemoth, by allowing advertisers access to better information about me.
Giving the surveillance economy access to your habits means making them slightly better informed about everyone. That won't directly endanger you; the SE will just become slightly better informed about how people like you function.
This will enable it to increase the amount of risk faced by some other person that you will never hear of (and vice versa) if any of you is even suspected of endangering the SE, in proportion to the risk to the SE which people like you may hypothetically pose, as quantified by the methods of nepotism-powered pseudoscience.
Some time ago I noticed that in Chrome, every time you click "Never translate $language", $language quietly gets added to the Accept-Language header that Chrome sends to every website!
My header ended up looking like a permuted version of this:
I never manually configured any of those extra languages in the browser settings. All I had done was tell Chrome not to translate a few pages on some foreign news sites. Chrome then turned those one-off choices into persistent signals attached to every request.I'd be surprised if anyone in my vicinity share my exact combination of languages in that exact order, so this seems like a pretty strong fingerprinting vector.
There was even a proposal to reduce this surface area, but it wasn't adopted:
https://github.com/explainers-by-googlers/reduce-accept-lang...
PSA Don't use chrome.
Is Chrome trying to assume that, since you don’t want it to translate those pages/languages, that you can read them/want them in your header? Interesting
Using Chrome and caring about privacy? I thought, after Google killed uBlock Origin, it had become beyond clear these two things were incompatible, https://news.ycombinator.com/item?id=41905368
Self-plug but if anyone is interested in learning more about how browser fingerprinting works and the different protections browser makers deploy against it, I wrote a longer post about this a few months ago: https://pitg.network/news/techdive/2025/08/15/browser-finger...
its consistent cross site, so you get all the same privacy problems as with 3rd party cookies
Firefox w/ the Arkenfox user.js is probably as good as it gets in terms of privacy. By default, this config burns cookies on exit, standardizes the time zone to UTC, spoofs the canvas fingerprint, and does other helpful things. Basically, it makes Firefox expose the same information as the Tor browser.
In addition, I block most known advertizing/tracking domains at the DNS level (I run my own server, and use Hagezi's blacklists).
Finally, another suggestion would be to block all third party content by default using uBlock Origin and/or uMatrix. This will break a lot of websites, but automatically rules out most forms of tracking through things such as fonts hosted by Google, Adobe and others. I manually whitelist required third party domains (CDNs) for websites I frequently visit.
Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?
> block all third party content
It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
Also imagine if browser didn't provide drawing API for canvas (if you would have to ship your own wasm rendering library). Canvas would become useless for fingerprinting and its usage would drop manyfold. And the browser would have less code and smaller attack surface.
> Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?
My GPU is reported as simply "Mozilla" by https://abrahamjuliot.github.io/creepjs/.
The number of cores is also set to 4 for everyone using this config and/or Tor.
> It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.
This may be true, but allowed third party content makes it trivially easy for Google and others to follow people around the Internet through fonts delivery systems among others.
I had forgotten I was running Ublock origin / Privacy Badger / Ghostry so I was a bit confused with the results from that site.
I think it is Ghostry that is faking the responses but I still have a pretty unique fingerprint according to https://abrahamjuliot.github.io/creepjs/
If I infiltrate someone else’s computer, secretly run code in order to to exfiltrate data I risk prison time because objectively it seems to satisfy criminal laws over where I live.
How do prosecutors in any modern country/state not charge this behavior when done by a website owner?
The difference is that there's implied consent to run arbitrary (albeit sandboxed) code when you visit a website. Moreover it's not the website causing the code to be executed, it's your browser. Otherwise if the bar is "code is being run but the user doesn't know about it", it would lead to either any type of web pages with javascript being illegal (or maybe without javascript, given that CSS turing complete), or a cookie banner type situation where site asks for consent and everyone just blindly accepts.
> if the bar is "code is being run but the user doesn't know about it",
.. would lead to all modern electronics being illegal, not just web pages with javascript.
All javascript based anti-fingerprinting is detectable and is also a major source of uniqueness!
Sure but if you are always unique for every website then you can’t be tracked overtime.
Orion Browser (Kagi Product) prevents fingerprinters from running by default.
https://help.kagi.com/orion/privacy-and-security/preventing-...
Orion browser is also capable of running uBlock Origin (not Lite) on iOS.
How do they reliably detect fingerprinting? Did they solve the Halting Problem? Sounds fishy.
>The only efficient protection against fingerprinting is what Orion is doing — preventing any fingerprinter from running in the first place. Orion is the only browser on the market that comes with full first-party and third-party ad and tracking script blocking, built-in by default, making sure invasive fingerprinters never run on the page.
sounds like they block "known" fingerprinting scripts and call it a day.
This makes you inherently trackable, ironically. No trace is a massive trackable attribute, since almost nobody is untraceable.
As someone who utilizes these tools for anti-fraud purposes, Firefox is just as trackable if not more trackable than Chrome (especially because you stand out by using a niche browser in the first place).
Firefox exposes a massive amount of identifiable information via canvas, audio device and feature detection methods. There's also active methods to detect private windows, use of the developer console and more.
Of course. There's data where there isn't data.
-make client load something
-client doesn't load it
-add.fingerprint.point(client,'doesnltloadthings',1)
-detect if client does something only a certain browser does
-client does it
-add.fingerprint.point(client,'doesthisbrowsderthing',1)
-window was resized/moved, send a websocket snitch to the backend
- keep a consistent web socket open, or fetch a backend-api call for updates on X events - more calls are made, means user is probably scrolling, inject more things/different things.
I see some js obfuscators out there where I look at the js file and it's all mumbo jumbo.
It is indeed a privacy nightmare, where whatever we do feeds the algorithms to aide in making other people do things.
But it's also used in network security, organizations etc. Staff/employees will use the system a certain way, if something enters it without the behaviors, it's detectable. I assume that's what you mean in anti-fraud.
Sad part is we don't know what the data is ever used for, and it's often bought and sold and the cycle repeats.
[dead]
The article is missing links to one of the first fingerprint diagnostic tools, https://coveryourtracks.eff.org/ , formerly called something like panopticon.net.
or don't trust the EFF!
The real problem: if you can’t be identified, the system assumes you’re a bot, untrustworthy, or both and instead of reading content you get to select squares with buses and traffic lights ad infinitum.
Yes, and the conspicuous lack of signal is itself a signal.
"Get me all the individuals in this geo area that have atypical communication patterns..."
I agree with the points in the article. Fingerprinting of any kind is a major risk for personal freedom. At the same time I want to make sure that content creators are compensated for their work. Ad firms that employ fingerprinting stand between me and the content creator. That said, I'm not going to pay $5/month for every blog that I occasionally read. The ad based model provides a more streamlined approach to compensation, but at the unacceptable price of privacy. I'm not quite sure what the answer is.
> content creators are compensated for their work
I have a gut feeling that we've been tricked (by ad companies) into thinking that this is somehow realistic and that casual "content creators" can get meaningful money from us reading their articles.
Realistically, while professional content creators can make a living, writing a blog post every once in a while will not provide meaningful income. Instead of trying to "monetize" everything, we would be better off with free content like on the internet of old. There are other means of making money.
It seems that the current situation means that the "content creators" earn insignificant money, while ad companies earn huge money because of scale, and we all somehow keep believing that this is necessary for content to appear.
You mean I shouldn't make a comfortable living off my valuable HN comments? I was about to consider this comment a good days work. Maybe if I put this comment on my own webpage it would be more valuable?
> writing a blog post every once in a while will not provide meaningful income
Nor, generally, should it. Sitting down one or two Saturday afternoons a month to write a blog post shouldn't be generating the income of a FTE.
Allow me a second to play Devil’s Advocate.
What if it could? Or should (be able to produce FTE or close income)?
In that world, the amount of pointless shite - questing to “go viral” - would be reduced to near zero. That is, if the incentive were more quality, and less quantity, we’d be better off, yes?
So there's an element of truth to that. And there are those who can contribute enough value, have enough audience, etc., that they can "coast" on those 2 blog posts a month and make significant income...
... but that's also not, nor should it be the median. I'm not sure how the economy functions if, say 8h/mo effort generates a median living wage.
Tbf in a post-scarcity society, that should be expected, if historical inertia doesn't prevent it.
> I'm not quite sure what the answer is.
It's very simple, it's what they've been doing in print media for centuries: contextual advertising.
Print media did also include e.g. coupons with discount codes with which advertisers could learn which lead led through a sale.
Print media was also trying to guarantee their audience was an actual person by charging nominal fees.
Without any transactions or user tracking it’s difficult to separate ‘legitimate’ content farms from those using bot farms to boost their page views.
Yes seriously - I'm old enough to have enjoy reading magazines that had ads throughout them. They were fine.
I'd venture to say contextual advertising would be more effective than whatever we've been trying to squeeze out of fingerprinting etc. All this supposed "data" they are gathering feels like a scam perpetuated by ad companies about how important it is to the people who buy ads. It's not.
Even Facebook and Instagram, which pretty much should know you to a tee is completely ineffectual at advertising to me - like at all.
The main “problem” with contextualized advertising is that the people producing the content get a larger share of the ad spend.
Targeted ads concentrate control over the market into a few players, which can do things like acquire competitors or run them out of business with loss leaders.
With AI, the supply of ad real estate will go to infinity, so the only thing that will matter is the quality of the places the ads run.
This would be a good time to ban targeted advertising, or for the content producers to form a cartel that only purchases contextual ads.
That cartel will probably be even worse than what we have now, since it’s going to be 2-3 mega conglomerates like Disney, and they already have handed editorial control over to the White House.
Hopefully the invisible hand of capitalism will somehow fix this.
> I'm not going to pay $5/month for every blog that I occasionally read
Would you pay per view? Most people (me included) would probably hesitate to say yes, because we’re used to not paying for that. But what if it meant that ad based model is gone and everything you buy is cheaper because the price does not include the cost of running ads?
> what if ... everything you buy is cheaper because the price does not include the cost of running ads?
Except in practice we see the opposite.
There's something interesting going on with companies when they want to get paid directly versus by ads: they demand 3x - 4x or more for subscriptions or pay per view versus what they make from ads.
Easiest place to see this is ad supported non-linear TV in the years you could get without ads, or with ads. You pay significantly more to not see the ads, than they make from the ads.
Perhaps this is justified because ad-free subscriptions reduce the audience size for ad buys, but when you look at the numbers watching with ads versus paying, it wouldn't seem like the "no ads" buyers make a dent in whatever pricing tier.
In the 90s when we were young and naive, we imagined a library card model, with a library fee and then you have fractions of a cent cost to read a post, and using (hand waving) technology to uncouple viewing history from payables to content creators. That, or the British TV license model, an Internet license of some kind.
It's curious to me the ad networks haven't gotten together to preemptively offer this. Arguably Brave tried, but from an adversarial (to the ad companies) stance. It would work better from the inside with a simple regulation: if you serve ads for ad-supported content, you have to participate in the library card system at CPM rates no greater than you receive for ads to skip the ads for card holders.
This is price discrimination. Everybody would love to charge more money to rich people and less money to poor people, since that increases the total profit.
The only companies that we directly allow to do this are schools, but having a premium version lets you approximate this.
Steam also does this. Most games are significantly cheaper in low-income countries like mine because otherwise they wouldn't make a dime here.
That's because you usually pay via credit card (or some other financial mean) which is cumbersome (and may be illegal) to spoof. But yeah, it can be hard to justify a subscription when it's the price of a full meal. Especially when other essential subscriptions (electricity, water, internet, cell services,...) is straining your monthly budget.
Steam is not the one doing that. Publishers decide regional pricing.
The PPV model has been tried a bunch of times, and it always turns out that the rate people are willing to pay per view is not a rate that is high enough to be a viable revenue source for the content owners.
it takes a lot of $0.10-$0.25 views to make up for the loss of a $5/month recurring revenue stream that might last for years.
I wrote about this exact problem last year. To anyone who disagrees, would you pay me 5 cents to click on the following link?
https://sheep.horse/2024/11/on_micropayments.html
The fact that advertising is more profitable doesn't mean that the PPV model is not viable. It could certainly be so. Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
The problem is skewed incentives, of course. Advertising is acceptable to most users and easy to integrate, so why should website authors go out of their way to please a minority of their users who object to it?
>Every site could set their own price, or specific tiers, which users can agree to, just like they do with subscription-based content today.
you're describing the model of a product called blendle, a service which i loved but which totally failed. they failed to attract users, and they failed to attract publishers. this isn't some new idea that nobody had tried. it's been done. and it failed, not just for blendle. people have tried micropayments, they've tried subscriptions, if you can imagine a PPV model, it's probably been tried. readers and publishers both hate it.
Do you think the fact that NO major content websites (NYT, substack, WSJ, ...) have settled on a PPV model is simply because they haven't thought of it? Or is it more likely that the numbers absolutely do not work?
No one uses the PPV model because there isn't sufficient payment infrastructure (402 payment required). The friction for entering your credit card information into a website is ridiculous, you might as well target the high end of the market with a monthly subscription.
The PPV model, like Ads, works well for websites that you're not well associated with. Random blogs and websites that you otherwise wouldn't be willing to share your credit card info with.
I think it might be because with ad model you can sell profiling data many times over to different parties. You can’t do the same with a single charge.
Have any of them actually tried it though? If they have and I missed it, then I apologize, but I can't recall the NYT letting me read an article for $1 with zero friction via Apple or Google Pay or Stripe link or something. It they tried it and the numbers didn't work, that's one thing, but I don't recall that happening.
WSJ was available on blendle (pay-per-view). Washington Post was available on scroll (monthly subscription, divided up amongst the publishers you read each month). neither service still exists.
i don't believe NYT has ever tried a pay-per-view model.
Doing it via conventional card networks won't work, the fees would eat most/all of the payment.
A critical mass of publishers would need to team up and form a cooperative/etc where a user could register once, deposit some money, and then that money would be spent every time they view an article. But that requires cooperation between competitors, which is already hard enough, and the cancer that is the advertising industry wouldn't like this potential existential threat and would be more than happy to pour fuel onto the fire to ensure it never succeeds.
What's surprising is why the card networks themselves don't get in on it. They could do so in a completely backwards-compatible manner, introducing a new card number range that only works with transactions under a certain amount and have different fraud protection/chargeback rules.
That's a false dichotomy.
I can't speak for all web sites, but I reckon a combination of factors could explain why such a solution hasn't been deployed:
1. Advertising is ubiquitous, easy to integrate, and provides a safe revenue stream.
2. There is little to no infrastructure for the PPV model. Whoever builds it would need to maintain their own version of it.
3. People expect the web to be "free". This is even true within technical crowds who understand that it's really not free. And a large part of that group doesn't mind advertising.
So, really, it would require a substantial amount of effort to implement, it would add additional friction to users, and ultimately only a minority would appreciate it.
Had this model been in place from the beginning of the web, things might be different today. Alas, if my grandma had wheels...
I would. Or alternatively I'd also pay for a Spotify style model where my monthly amount get redistributed amongst the articles I read.
At the risk of pedantry, though it's still germane to this context, that's more the Tidal model than the Spotify model.
Spotify's model is more that your monthly amount gets disproportionately redistributed to the artists that bring more interest and listens to Spotify, regardless of whether you were one of those listeners. Smaller and niche artists suffer under Spotify's model.
> Would you pay per view?
Yes, but only after viewing, of else I'd pay for "editorial" or AI generated slop which would be generated like link farms pointing to Amazon etc.
And that's the chicken-and-egg problem ...
In theory that could be resolved by registering for free at reputable sites and then paying per view with micropayments. Or by a scheme where one would register and only pay when I actually did read stuff, not with the currently en-vogue monthly fee for each and every site.
You're presupposing that these blogs are producing content worth paying for. The unfortunate truth is that the overwhelming majority of blogs (99.9%+) are not.
The PPV model can at least cover the cost of bandwidth. If you are loading the page, it must be at least some value to the user, say 1/10th of a cent.
Then why is everyone so nostalgic for the old days of the blogosphere to return? If blogs are all worthless, then we shouldn't care that they're disappearing and/or being put behind paywalls; we haven't lost anything.
How do you track the views?
How do you track ad impressions?
Hard to say, there's no shortage of enticing looking medium articles that are superficial and worthless. I would not pay per view that trash even though there are good ones buried in the pile.
"If you thought click-bait was bad before..."
Brave Inc. gets a lot of flack, some warranted, but their Basic Attention Token allows for exactly this. Users can add credit to their wallet by either consuming privacy-friendly ads or topping it up manually, which then gets distributed to the sites they visit in the proportion they choose, transparently in the background while they browse.
It is a shame that this feature gets lumped together with claims of crypto scams, and similar nonsense. Yet this is precisely the right model that could work at scale to eliminate the advertising middleman, and make the web a safer and more enjoyable experience for everyone.
Brave strips out the ads that the creators put on their site, puts their own ads there, then gives the creators some of that money if and only if the creator realizes they have to sign up for Brave's cryptoshit. It's straightforwardly the kind of racket that would get your knees broken if you tried to do it to somebody in real life, but "it's ok because it's on computers". All the flak is deserved.
But then again, online ads are the physical equivalent of a crowd of paparazzi following you 24/7 including inside your home, which would also prompt physical violence in the real world.
From my perspective I couldn't care less if one bad guy is stealing from another bad guy.
It's frustrating that humans are stoichastic parrots and the minute you mention crypto they go into conniptions because the rails are basically there. It's not user friendly, but it's possible to build a system where you transfer $0.05 cents of crypto to someone as you scroll down a web page using a special browser.
This is exactly what I want. I don't really care to subscribe to most written media (I do in some cases) but once in awhile an article grabs my attention and I would shell out to read it.
The Ad model is exactly the problem. If you had anonymous, cheap micropayments where you pay 1 cent per pageview it would not just solve the surveillance problem but it would solve the DDoS problem too (you set up a web server where the price increases with load and clients bid for bandwidth).
Sadly, I think you are wrong. Micropayments seem attractive but the idea falls apart quickly - there are just too many intractable non-technical problems. It has been tried more than once and each effort has failed.
I wrote a longer post on this[0] but to save you the click I will state the biggest problem from a privacy point of view - if you think privacy is bad now with ads imagine how much worse it would be with a payment processor knowing your every click.
Yes, I know about certain cryptocurrencies that maintain privacy, they are a non-starter for micropayments for different reasons.
Even if a magically technical solution to privacy were to emerge there is nothing more valuable than information about paying customers and sites would use browser fingerprinting anyway.
[0] https://sheep.horse/2024/11/on_micropayments.html
https://en.wikipedia.org/wiki/Google_Contributor was the ideal solution IMHO.
Pay $5/month to buy credits that let you read content behind that network. Every blog you read gets $0.10. Top up with credits if you run out.
Sending emails costs $0.50.
I read from too many different sources through aggregators like hackernews. With a network you'd probably still have too many subscriptions.
Also wonder if it will really work out, i open too many articles that are pretty bad when you start reading them. So i quit after 1 or 2 paragraphs.
Now if you get the first 2 paragraphs for free, contents writers will start to optimize for good first 2 paragraphs, and afterwards quality will drop. Also, many blog posts or news articles don't have more than 2 paragraphs of good content.
Eh, that's too expensive unless the recipient can authorize refunds for non-spam emails.
But yes, I always thought some form of network syndication would emerge on the Web, where creators could register for their share of aggregated periodic payments made by users.
Still not sure why that's not a thing. I would pay $50/month to a syndicate in return for never having to deal with paywalls on any sites affiliated with them. But only as long as the vast majority of sites participated, and that is probably the showstopper, I guess. We'd end up paying 20 different 'syndicates' for absolutely no good reason, just as we now have to deal with 20 different streaming services.
They don't get $5 per month from ads. So the true subscription price must be a lot lower.
One option: a fund where you buy tokens, that you can spend reading an article. That will, however, lead to more clickbait and AI slop and snowing under serious blogs with low volume.
This micro payments for content idea has been tried a few times, with slight variations. No-one has cracked the problem yet. But maybe one day
I know HN doesn’t love crypto, but this kind of thing seems promising for finally cracking micropayments: https://www.x402.org/
how about donating to the creator directly? not subscription, just occasional donations whenever people feel like it - content is more widely available, and people who really enjoy it or are well off can actually fund the development
Yes, but you need a scalable and low-friction donation solution. Patreon is the closest but it doesn’t pay the bills for most creators. Maybe some micro-tipping solution, but nobody has made that work yet.
No one has made a successful micro-tipping solution, because regulations and entrenched interests (banks, payment processors) have too much control and assess per-transaction fees that dwarf the amounts that such a system would be designed send.
Aggregation of tips and payouts would help, but that requires network effects (achievable only at scale) to be viable. I believe this approach has been tried in recent years, but I am not sure where those efforts went.
If someone puts a donate button beside their name or in the corner of their webpage, and that button leads to a payment page, I think that's good enough.
The point of paying creators is so that they can focus on creating content instead of making other things. Giving money to a creator is basically saying "you're so good at what you do, and it has so much cultural/intellectual value, I'd rather have you make content instead of stocking shelves or making food". But this should be reserved for people that publish good content because they can and are passionate about it, not just anyone putting out slop with the instrumental goal of paying their bills. If the friction of clicking a button and filling in payment details is enough to deter people from paying them, then maybe their content isn't worth paying for and they should find some other way to make a living instead.
I already pay my isp. Maybe they should work something out with them.
Ads are annoying, but they are ok, what is not ok is collecting data and then selling it, so they can profile you without your consent across different platforms.
We could normalize paying content creators directly. So instead of paywalls or ads, we get "donate" buttons.
It reminds me of a game we played with students of data classification algorithms like ID3: How many yes/no questions do we need to uniquely identify everyone in this room?
With like 12 students, that's 4 bits, and it often ends up with 2-3 questions. It starts off with the obvious ones - man/woman/diverse, but then a realization comes in: An answer usually contains more information than just that one bit. If you have long hair, you're most likely a woman and/or a metalhead for example. That part will get shaken out later on.
And those thoughts make these browser fingerprinting techniques all the more scary: They contain a lot of information and that quickly cuts the possible amount of people down. Like, I'm a Linux Firefox user with a screen on the left. I wouldn't be suprised if that put me in a 5-6 digit bucket of people already.
> An answer usually contains more information than just that one bit.
That means there is less information in the question "do they have long hair?", not more. Asking "long hair?" and then "woman?" is probably, in most groups, roughly the same as just the first or second question alone. So the second question added much less than one bit of information because the answer is probably "yes". "Long hair" and then "metalhead" is the same, except that the answer to the second question is probably "no".
Yes/no questions on average contain the most information each when they partition the remaining possibilities 50:50. Then each answer gives you exactly one more bit. The closet you get to either a 100:0 or 0:100 yes:no split, the smaller the fraction of a bit you encode in the answer.
"Metalhead?" usually gives you lots of bits of information (probably 4 in an "average" group of 16 containing at least one metalhead) if the answer is "yes", but on average that's outweighed by the very high chance that the answer will be "no". If there are no metalheads or only metalheads, it gives you zero information.
Ah, I flipped it in my head. That happens after 10 years.
In this case, it was often an interesting exercise in bias as well. "Woman?" would usually single out 1-2 persons out of the 15, so it was a terrible question. It was CompSci after all. "Long hair?", lumping women and metal heads into one group would often split it into half and half. That was much better, and then spurred creative thoughts like travel distance, or bus stations.
>An answer usually contains more information than just that one bit.
Isn't the point to ask yes or no questions?
Yes, but you can make assumptions based on what you know about humans generally. Like their example that if you ask if you have long hair. If you answer yes the likelihood is you are probably female.
You can think of all sorts of questions and answers like this, and when you combine with the assumptions and answers from previous answers you can make even more assumptions. They won't always be correct, but you don't have to be "perfect", depending on your use-case. For example for advertising purposes assumptions(even if incorrect) can still go a long way.
There is a reason Target got sooo good at identifying pregnant women[0] before the women knew they were pregnant that they creeped out women, and had to pull back what they did with that information. This was like a decade or more ago. It's only gotten more accurate since then.
0: one example from 2012: https://techland.time.com/2012/02/17/how-target-knew-a-high-...
https://medium.com/@colin.fraser/target-didnt-figure-out-a-t...
https://www.predictiveanalyticsworld.com/machinelearningtime...
> Target got sooo good at identifying pregnant women
That's why I pay with cash and do not have a loyalty card (other customers often offer theirs at cash register anyway). And of course I don't even go to Target.
I don't know if Target specifically use all of these, but I would bet they have data based on at least some of facial/gait/demographic recognition, wi-fi/Bluetooth beaconing, vehicle registrations, time and location tracking, statistical analysis of your purchases and clustering of people you have made purchases next to (e.g. you bought something at same time and till as your mother more then once). I'm sure they have other methods too. They can also combine datasets from brokers that do have a face:name link (say you used a card at another store that captured it and sold the data) and resolve you within their own data that way.
It's still a yes/no question, it's just that the question is "do you have long hair".
The goal of these decision trees is to have as few questions that divide the group in two balanced halves (and also recursively).
If you imagine a binary tree with questions in each internal node, and in each leaf there is a person. You want the height of the tree to be minimized.
Yes, but multiple yes or no questions in combination can easily yield more information than they should in a real dataset. That's the real educational point.
You seem to be confused about the difference between "less" and "more". In general a yes-no question gives less than 1 bit of information if yes and no are not equally likely. There is no way it can be expected to give more.
> There is no way it can be expected to give more.
It is indeed not possible for it to give more, because it only has a single bit answer, which by the pigeonhole principle can't give you more than one bit.
The best yes/no questions are the ones which are independent of each other and bisect the group evenly. "Are you a man" is typically good because it will be approximately half the population. Then you want independent questions that bisect the population again, like "does your first name have more than the median number of letters" which should be mostly independent of the first question. Another good one is conditional questions like "are you taller than average for your sex" since a pure height question wouldn't be independent of sex but that one is.
Whereas bad questions would be ones with highly disproportionate responses, like "do you have pink hair with black and green highlights" which might be true for someone somewhere but is going to have >99% of people answering no, or "were you born on the planet Mercury" which will be 100% no and provide zero bits of information.
[flagged]
I think a plain reading of the post you’re replying to would be “obvious as a way of segmenting people”.
It's obvious in the sense that most people will start out with that as their first question.
The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
>The core of the problem is that we've made this behavior of "run javascript that pulls more javascript and then run that too" the default. Stallman was right, as always.
It really isn't, because there's plenty of fingerprinting scripts that run on the same domain, especially fingerprinters from security providers like cloudflare or akamai.
The problem is not JS, the problem is useless techonolgies like WebRTC or WebGL that can run without permission and that, I think, are used in 99% cases for figerprinting. And people who designed them and did nothing to prevent fingerprinting.
WebGL and WebRTC are hardly useless, but they allow you to collect way too much fingerprinting data based on the way they've been designed.
Neither WebRTC or WebGL are remotely ‘useless’. Very fair though to say that you would prefer to have them disabled and/or whitelisted for certain sites.
A browser basically is like a really dumb trojan, pulling a whole herd of wooden horses into the city.
Does he have a strong stance of JS in the browser? In any case, I don't think many people would agree that the dubious extra privacy you gain from blocking that is really worth breaking half the web. Fingerprinting is not too hard even without JS.
I would re-frame "is it really worth breaking half the web" as those sites are not compliant to begin with. Nothing in the web standards stack mandates javascript, its an optional feature! Web developers of yore understood that a fundamental property of a properly written web site was to degrade gracefully if javascript wasn't available, but the groupthink of the past decade has chosen weaponized incompetence over doing their jobs and in the process has not only thrown a load of noncompliant insecure garbage out there, but broken a load of accessibility standards, and other things in the process.
Blocking most JavaScript is fine, it mostly just breaks the silly pointless over-designed sites anyway. Just like everything else, most of the internet is garbage; blocking over-designed JavaScript sites isn’t a perfect filter but it is an ok first heuristic.
> Does he have a strong stance of JS in the browser?
Lets see what he says on the subject.
https://www.gnu.org/philosophy/javascript-trap.html
His stance is pretty simple. The JS on most pages is proprietary, and he doesn't like proprietary software.
you're all running chrome signed into google with 47 extensions and complaining about privacy. the call is coming from inside the house
For a fingerprint to be useful it must not only be unique but also persistent. If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
Point still taken, however you can only really check if a given font is installed, not obtain a list of all fonts. Thus, installing a wacky font is pointless as the fingerprinter won’t bother to check that particular font. There is queryLocalFonts on chrome but this requires a permission popup.
It's likely that yes, you will end up with an alias that links you because of a cookie somewhere, or a finger print of the elliptic curve when do do a SSL handshake, or any number of other ways.
The ironic thing is that because of GDPR and CCPA, ad tech companies got really good at "anonymizing" your data. So even if you were to somehow not have an alias linking your various anonymous profiles, you will still end up quickly bucketed into a persona (and multiple audiences) that resemble you quite well. And it's not multiple days of data we're talking about (although it could be), it's minutes and in the case of contextual multi-armed bandits, your persona is likely updates "within" a single page load and you are targeted in ~5ms within the request/response lifecycle of that page load.
The good news is that most data platforms don't keep data around for more than 90 days because then they are automatically compliant with "right to be forgotten" without having to service requests for removal of personal data.
>If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?
See: https://xkcd.com/1105/
Services with a large enough fingerprinting database can filter out implausible values and flag you as faking your fingerprint, which is itself fingerprintable.
But they still wouldn't be able to confidently connect his different fingerprints to the same individual, just that he is one of a group of individuals who fake their fingerprints.
It would depend on what your existing fingerprint is. If you're using some sort of rare browser/OS/hardware combination (eg. pale moon/gentoo linux/IBM thinkpad) it might be worth spoofing, but if your configuration is relatively "normie" (eg. firefox/windows/relatively recent intel or amd cpu/igpu)you're probably making yourself stick out more by faking your fingerprint.
The issue is that, especially on desktop, I doubt there are many fingerprints that more than 100 people have, given everything that they test. I would even suspect that most common desktop fingerprints are classified as bots.
I'm sure it's a privacy issue. But how does this browser fingerprinting harm the user? Maybe it can work like a session cookie used for correlating across different requests from the same user. What's the damage here?
Sandboxing in containers and manually exempting specific security tokens is arguably one of the better steps we can take in the immediate term, as are random agent strings and returning fake data for common prompts. Of course that only works in the immediate, because this, like advertising in general, is an arms race at the moment.
This feels like a regulatory question, not a technical one. We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points. The long-term solution seems like it should be severe consequences for data breaches (as in, corporation-destroying penalties for disclosure of PII, including fingerprint data) such that everyone only collects the data they need to provide the service in question and not a single bit more, deleting it as soon as it's no longer necessary. Right now there's no consequence if Google or Meta disclose huge swaths of user data, and thus no disincentive to collecting as much as they possibly can.
Punish the leaking of data, and suddenly you've raised it's cost to the point that casual players will nope out entirely. From there, it's the eternal back and forth of governments waffling between business and electorate interests.
>We've repeatedly proven that with math and code alone, we can fingerprint and identify almost every unique person on the planet, given enough data points.
I'm very skeptical of this claim, especially in practice. Contrary to what many fingerprinting sites claim ("you're unique of everyone we fingerprinted!!"), browser fingerprinting can't possibly uniquely identify someone. Smartphones are pretty locked down and there's very few customization options that allow for fingerprinting. In the US Apple has around 50% market share in the US, and there are 30 iPhones models that are still in support. That means if you're an iPhone user in a city of 1 million, there are, on average, approximately 16.6k (500k / 30) other people with the same exact model of iPhone (and therefore fingerprint) as you. As long as you don't do anything to stick out (eg. living in the US but setting Denmark as your locale), you'll be reasonably anonymous.
Browser data points can make it easy to identify a browser or in some cases even a specific machine, but that doesn’t necessarily equate to identifying a user. What frustrates me is that it takes a service I trusted with my personal data to be the one that attaches an identifier to those metrics. The best practice for privacy is to always keep profiles and identities separated, rotate P.O. boxes, email addresses, phone numbers, and payment methods so that when someone identifies your browser or device, the accuracy of linking it to you stays low. Of course, this approach comes with its own problems...
> Worst of all, perhaps, it can extract a canvas fingerprint. Canvas fingerprinting works by having the browser run code that draws text (perhaps invisibly), and then retrieving the individual pixel data that it drew. This pixel data will differ subtly from one system to another, even drawing the same text, because of subtle differences in the graphics hardware and the operating system.
I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
Is the implication that there are certain graphical operations that - perhaps unintentionally - end up becoming akin to a physically unclonable function in hardware?
>I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
per combination of hardware(GPU, resolution of display) and software(exact drivers)
I still haven't found a method that can fingerprint simple Firefox containers. I use automatic temporary containers as a rule, and rules for specific sites where I want to keep persistent sessions.
I don't understand how temporary containers are still not a built-in Firefox feature, it seems like such a no-brainer solution for privacy.
Isn't the semi-recent per-site cookie jar most of this functionality?
How to scream I'm behaving badly online...
> Since almost every web browser in the world now supports JavaScript, turning it off as a measure to protect privacy is like going to the shopping mall wearing a ski mask.
I'm going to steal this nice analogy, for when I try to explain this point and some related points.
To extend the closing remarks from a SIGINT perspective, sure some fingerprints are non unique and short lived, have little data. But hang onto it long enough and sure enough some slower data from another band might eventually correlate it with something else.
The last time I looked at this seriously I was trying to find out how much fidelity (if it was possible at all) was necessary to identify someone by their mouse and keyboard input.
It's not just what you do but how you do it.
when PayPal tells you that they already know you and don't require you to log in: that's fingerprint.com behind the scenes.
There are pros/cons.
It should be obvious by now that using any free service of scale is being paid for by your interactions which are made more valuable through fingerprinting.
Trying to circumvent that just makes it more expensive for the rest of us.
Has anyone ever thought that RSS doesn't have a fingerprint?
Because the sites that still offer feeds, at least those for which a feed makes sense, well, you can read them comfortably via RSS.
We’re working on a comprehensive solution here (and could use your help), the Ethical Computing Initiative.
https://aol.codeberg.page/eci/
Thanks for the browser recommendations.
I switched to the Mullvad browser. The other recommendation, LibreWolf, provides the following warning on install which scared me away: "Warning: librewolf has been deprecated because it does not pass the macOS Gatekeeper check! It will be disabled on 2026-09-01."
FYI I wouldn’t say that the Mullvad browser is any better at anti-fingerprinting than Librewolf. I always point people to http://fingerprint.com/ so they can see how difficult it is to beat even JS based tracking and this doesn’t even get into the server-side methods (i.e. just fetching a stylesheet) of tracking users.
That’s not to say you shouldn’t use a browser that blocks ads etc but I don’t think people should immediately think that they’re not fingerprintable because they’re running these. There definitely needs to be more discussion on the reality of how much these browsers can “protect” you.
tldr -- it's fine. MacOS Gatekeeper will create warnings about products that are not signed via the apple developer program, which is $99/year librewolf is an open source product, that is very strictly a "community" libre / FOSS project. naturally, having an individual take up notarization assumedly, you are using brew -- brew recently decided to stop supporting / deprecate all casks that does not pass gatekeeper checks, for some reason I cannot fully determine.
Why would I trust any software that doesn’t pass the gatekeeper test? Even if it claims to be “open source” with links to some code repo there is no guarantee the binary blob you are running was built using only that code and nothing else.
Sure even with the gatekeeper test you can’t be sure it’s built against only the claimed code but it does guarantee:
1) the binary hasn’t been modified since it was signed 2) the binary was signed by somebody in possession of the private key 3) there is some measure of identification via Apple on who or what signed the binary 4) somebody was willing to fork over $99 to sign the binary
It’s not perfect security by any means but it is something. Otherwise the binary you are running might as well have come from some sketchy email attachment. And fuck that. Why would I want that on my machine?
I get that the $99 might be a hurdle for “non-organized open source” (ie most open source… doesn’t have a non-profit entity to take up the expense and credential management, etc…)… and there are probably ways apple could make it easier for such “collectives”… but ultimately I’d argue that signed binaries are good for everybody. While imperfect, they provide some form of traceability and accountability.
obviously it’s not a 100% guarantee of being fuckery-free. The private key might have been compromised, the appleid might have been hijacked and the developer program might have been enrolled with stolen credit cards… but it’s still a hurdle to filter out a large swath of low effort nonsense.
You could always just build it yourself from source if you are concerned.
Sure but most people aren’t going to do that. It automatically limits the audience willing to use the software.
This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface…
The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key.
So for Linux, generally you are installing packages from your distro's repo so they are signed by the repo itself. I would have assumed that it would be the same on Mac with brew/macports/etc signing the code, but from what you are saying I guess not, I don't see why.
On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.
Sounds like you need to switch OS
The article rants about how turning off JavaScript is actually harmful because it makes you more fingerprintable, then in the same breath recommend switching to an obscure browser nobody else uses?
If you want to avoid being uniquely identifiable stick to Chrome, signed into a Google account, running on a PC from Best Buy.
You missed one of our best guarded secrets: ja3 hashes and their successors.
Basically, we can identify browsers based on the supported ciphers in TLS handshake (order matters too AFAIK). Then when your declared identity is not matching the ja3 hash, you're automatically suspicious, if not blocked right away. I think that's the reason for so many Capchas.
I built a nice tool to visualize that: https://tls.peet.ws. Its not that secret anymore though, more and more libraries are starting to allow spoofing for browser tls configs. There isnt really a cat/mouse game here - once you match the latest chrome, there is nothing to fingerprint
I do not think I understand that website. I see that JA3 always gets changed after refresh, but not sure what JA3 is. Why is it always different, and is it good or bad?
Modern browsers randomise parts of the handshake, which results in an unstable ja3. ja4 and others normalize the relevant details to make the fingerprint constant again.
How effective is it at "un-anonymizing" me? I value privacy. What do you think I can do about "any" of this?
It tends to identify your platform/browser version, with relatively low granularity. Unless you have an unusually rare OS/browser config, it won't deanon you on on its own. But it can be combined with other fingerprinting vectors.
JA3/JA4 are useless now.
At best they identify the family of browser, and spoofing it is table stakes for bad actors. https://github.com/lwthiker/curl-impersonate
Slight correction: Spoofing it is table stakes for ever so slightly capable actors.
These will still help against the masses of dumb actors flooding your stuff.
What’s ja3?
Here you go: https://developers.cloudflare.com/bots/additional-configurat...
It's a better explanation that I can provide.
Oh! Now I wonder, if crowdsec could issue bans based on that
Don’t confuse privacy with anonymity. One is a right in the US, the other is not.
Not trying to be sarcastic; I may be unaware of some relevant legal framework for the US, could you please elaborate which one is a right and how is it enshrined and enforced?
Not American here, but I'm aware of both privacy in mixed forms (privacy act 1974, HIPAA, COPPA, and CCPA in California); as well as anonimity in First Amendment et al since there's case law (IANAL) demonstrating the requirement of anonimity to avoid persecution of free speech.
All of these have limitations and exceptions in a complex legal system. But to issue a blanket statement like the comment above is no really correct - just trying to make a point, I guess
The only way to have privacy in a semi public location, like the Internet, is anonymity.
Ask any celebrity how much privacy they have. They can’t even buy Starbucks without people commenting on how fat their comfy clothes make them look. Because they have no anonymity.
I’m curious if there is a product like cloudflare’s remote browser isolation that obfuscates it in that way.
All this and I still need to click on the cookie pop ups like they'll bring the cargo planes to the island.
How exactly do advertisers take fingerprints and translate that to targeted ads for each user?
A combo of your IP, browser fingerprint plus the fact that you logged in somewhere and that links to your actual name etc. Identify you in isolation is not very useful. It's connecting that identity to another place that's valuable.
The browser history is collected across multiple sites to form a profile. If the user ever enters their email address or logs in, their entire history is deanonymized.
There is no good technical solution here. But the damage could be limited if browsers at least limited entropy somewhat. Stuff like reading back canvas contents should need user approval.
Just make sure it’s sufficiently illegal to keep this info. Find and make big visible examples of fining companies that trade in this info. If a company sells a product that fetches ads based on an ”identifier” their little js snippet computed then just pay them a visit. Fine both them and their customers to the max extent of the gdpr (or equivalent).
10 years too late.
I mean... I don't give a fuck about fonts, I don't give a fuck about drawing shit to some canvas. Can I not just opt out?
Yes, I know that's ski-mask bla bla bla, but I still don't want my browser to be doing this nonsense.
There's the gemini protocol and gopher.
When I think of all the tracking that goes on, these are becoming more lucrative.
Gemini and Gopher are better than the existing WWW, (although there are others as well, such as Spartan (uses the same file format as Gemini, but it is a different protocol without TLS), Scorpion (my own format, intended to be between Gemini and "WWW as it should be if it was designed better"), and others).
However, you might also want to access HTTP and HTML, and to do so without needing to load fonts, pictures, etc; you might use a web browser that omits many of these features. However, it also can result in some problems; there are a few ways to work around some of these, such as adding your own scripts to handle some services, adding proxy services for handling some services (although some of these can use other protocols such as Gemini), and/or using the HTML/CSS commands in other ways (e.g. using ARIA to decide the formatting rather than using CSS). However, there are other issues, e.g. if the web page you download includes more junk than the actual main text.
JavaScript disabling helps a lot, regardless of what author says. It disables most of the tracking attempts, improves security and most of all pages load faster and hardly break if you're just browsing anyway.
The whole article never mentions the gold standard of anti-fingerprinting, Tor Browser. It just shows how shallow the article is when it mentions Mullvad Browser, a fork of TBB, instead of TBB itself! There's also no mention of using an upto-date DNS block list to thwart fingerprinting attempts even more
Yeah, I don't get it. Tor browser alone, with no additional configuration and basic hygiene, is enough to stop any fingerprinting and tracking. The only problem is that it's too private, and tor traffic is often associated with crime, so it's sometimes blocked, notably by cloudflare.
I don't use it for daily browsing, but when I want to search for something I don't want associated with me (for example, health concerns) I just use tor browser and don't worry about tracking.
The Tor Browser won’t effectively stop fingerprinting, if anything it makes you more unique due to the low amount of people worldwide using it, and then you add points of data by using different DNS providers, extensions etc.
The Tor Browser as a privacy measure is likely no better than a normal browser with uBlock if you’re also using it like a “normal” browser, signing into the same accounts you always use etc. My opinion obviously but I dislike people recommending the Tor Browser as a lot of it’s primary benefits are lost if you’re just using it as a daily driver browser.
I always point people to https://fingerprint.com/ to see if their browser can defeat it. Most of the time you can’t without clearing cookies, changing device resolution, change VPN location etc. something the average person can’t/won’t do. Even JS aside there are a ton of different ways to track people based off even just getting server side data when a site’s stylesheet is fetched.
On the pros of fingerprinting: it's practically the only consistent tool to prevent malicious use in certain usecases, such as app hosting and similar bot protection.
Email validation doesn't work. Ip blocking doesn't work. Captcha? Kind of. Fingerprinting? Very efficient.
I don't mind advertisers knowing more about me. If they can display ads that are relevant to me, this is a better experience on both sides.
Unfortunately there is no way to tell advertisers, "No, I'm not interested in your product. I never will be. Don't waste your money."
The top offender is Hims. No, I don't have hair loss. I don't want hair loss supplements. I also don't have ED, and I object strongly to ads for that showing up unexpectedly when I'm showing a YouTube video to someone else.
The second top offender is whoever it is (they keep changing their name) who thinks that I need some kind of Christian motivational course to get control of "the P-word". (Their phrase, not mine.) No, I don't have a problem with pornography. I am very rarely interested in it. And when it comes up every few months, I don't feel any guilt about it afterwards. Furthermore I'm an atheist. A Christian motivational course isn't going to work well for me regardless.
Yes, Google does offer a report function, and a block function, for ads. The report function seems to have gotten rid of the unwanted ED ads. The block really doesn't work when the ads are all very similar AI slop that is rotated frequently. Block this ad, and then next unwanted ad from the same source will be coming along soon enough. (The reason why I particularly dislike Hims is that they are more aggressively rotating their ads.)
Relevant/personalised ads doesn't mean ads that benefit you. It's means ads that are better able to extract money from you.
It means that, when you need a new dishwasher, you will never see the actual best dishwasher for you, only dishwashers that are a bit more expensive than you actually need but you will end up buying one of them anyways.
It means that you are more likely to see products you would impulse buy just after you get your paycheck. Or slightly inflated prices on things you usually buy.
It means ads designed to take advantage of addictions to sugar, alcohol, gambling etc
Finding stuff you actually want to buy has never been easier, you can find hundreds of reviews and comparisons instantly. People who opt into personalised ads don't end up being more savvy online shoppers, they just end up buying more junk.
My preferences are based on my understanding of myself.
I do not have those problem addictions. Of course I am going to comparison shop for any large purchases. I am good enough about controlling spending that excess junk isn't one of my problems.
But what I do have a problem with is coming up with creative ideas for people in my life. So, for example, I would have never thought to look for https://www.zazzle.com/cup_equation_love-168099175298227864. But I'm very glad that someone out there knew enough about me to guess that this might be an item that I'd like. And my wife liked the cup a whole lot.
Does this happen often? No. But I'm perfectly happy to pay a premium for a product when an advertiser gets it right.
If you don't mind them knowing but resent the ads, you can just block the ads. You can do dns ad blocking[1], in-browser plugins/extensions[2], finally, patch the apps[3]. Or deploy all of them.
[1] https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#...
[2] https://ublockorigin.com/
[3] https://revanced.app/patches?pkg=com.google.android.youtube
Perhaps you missed that I am willing to deal with ads in general? I am perfectly willing to put up with the annoyance, and like knowing that I am bringing money to the channel that I'm watching. I only want specific advertisers turned off.
A general "show me no ads" solution is not my preference.
Browser fingerprinting has been a thing since at least 2008. Kissmetrics was the first company I heard of that was doing this.
>And even though my personal safety and liberty probably aren’t at stake, I don’t want to give any support to the global advertising behemoth, by allowing advertisers access to better information about me.
Giving the surveillance economy access to your habits means making them slightly better informed about everyone. That won't directly endanger you; the SE will just become slightly better informed about how people like you function.
This will enable it to increase the amount of risk faced by some other person that you will never hear of (and vice versa) if any of you is even suspected of endangering the SE, in proportion to the risk to the SE which people like you may hypothetically pose, as quantified by the methods of nepotism-powered pseudoscience.
[dead]
[dead]