▲Maybe it's just because I am old, or have worked on internet software for almost 30 years, but none of this seems surprising or even concerning?
Someone sets up a server that accepts connections to it and then someone sends a connection request to it.
There has been no agreement on anything, no expectations or rules established. No one forces the server to accept any connection request it gets, and no one forces someone to make a connection request to that server. What the server returns and what the client does with that are completely up to each side.
I feel like this agreement (or lack thereof?) works both ways. I don't think users should get mad if a website decides to use information about your connection request in anyway it chooses, but I also don't think a website should be able to get mad if I do whatever I want with the data it sends to me.
In other words, websites can choose to remember whatever they want about my IP address and my request details, and I can choose to do whatever I want with what they send back to me (i.e. I can block ads or refuse to make followup requests that the site tells me to make, and i can choose to display the response in whatever way i want to) I asked for data, they sent me data.
If I don't want them knowing stuff about me, I shouldn't send that stuff in my request. If they don't want me to have that data unless I also display ads, then they should make me agree to that before sending me the data.
Of course, I know in practice most people don't understand what their browsers are doing, and there aren't a ton of practical choices for people around what their browser sends, and the internet is no longer an optional thing for a lot of our lives. I also know that things like DDOS attacks and the like make a completely 'anything goes' setup impractical.
However, I still have this gut feeling that we shouldn't expect too much from either side when we make an internet request.
I remember late 90s - we made a website that greeted incoming readers with message “Hey, you come from {ip address}.”
Today, it seems that websites track and collect much data as they have partnerships with 1,000 partners (see cookies consent window).
> Of course, I know in practice most people don't understand what their browsers are doing, and there aren't a ton of practical choices for people around what their browser sends, and the internet is no longer an optional thing for a lot of our lives.
This is the root problem. Your browser is supposed to be your agent. It's the User Agent, after all! It should be working on the user's behalf, users should understand what their browsers are doing, and browsers shouldn't be doing anything without the user understanding and affirmatively consenting to it. I should be the ultimate authority over what my browser sends, and browsers should make it trivial to exercise that authority.
In reality, the browser is Somebody Else's Agent. It's working for the web developer, giving him all sorts of things that make his life easier. And it's working for the advertiser, providing tracking clues and fingerprinting. And it's working for the browser developer, collecting metrics and telemetry and god knows what else for them to do god knows what with. But, it's not really working for me or on my behalf anymore, I'm just a passenger in the car.
EDIT: Understood that IP address is not something under the browser's control, and it's unfortunately necessary to reveal in order to connect to a web site. It's a terrible mis-feature that IP addresses (by default without a VPN) can be reliably mapped to countries, state/provinces, and sometimes even cities. This is a huge design flaw in how we hand out IPs. In a better world, having an IP address shouldn't reveal anything about someone's geographic location.
cortesoft29 minutes ago
[-] I don’t think it is as simple as saying browsers are working for the web developer and advertisers.
All the features that allow web sites and ad companies to track and target ads are features that are primarily there to give functionality that makes the web a better experience for users. JavaScript allows websites that are better experiences than not having it. I know some people disagree, but I think they are either intentionally ignoring useful things or have a purity view of the web that doesn’t match most people.
ryandrake14 minutes ago
[-] I guess what I'm advocating for is that it should not be all-or-nothing, and it should not default-on:
Most web sites have no business knowing my time zone. Why are browsers offering it up? That should be gated on the user's permission.
Most web sites should not be able to determine what my screen resolution is, or what my operating system is. Browsers should also hold that back and only disclose it with the user's permission.
Most web sites should not by default have access to all the shit JS gives them access to. Battery Status, Web Audio, WebGL, Sensors, WebRTC, Geolocation, media devices (camera and mic), clipboard, local storage... All of these have uses, but should be behind individual, easy to access per-website preferences, and by default the site shouldn't even be able to query for their existence (which is enough to fingerprint), let alone call them. I shouldn't have to blanket turn off JavaScript to kill these things.
All a website needs to know about me, my browser, or my computing environment is I want to "GET /".
Obscurity434015 minutes ago
[-] They dont need to collect your accelerometers information of your irl movements or your devices' automatic time zone stuff i dont think. That basically gives away you're using a VPN and makes it easier to fingerprint you
reply▲> You appear to be in Denver, United States. Your internet provider is Netskope Inc. We know this because your IP address — 163.xxx.xxx.32 — was the first thing your device sent us. We know the rest of it. We chose not to display it. Most pages would not have made that choice. We did not ask for your location. Your address arrived before you did.
"We know the rest of it. We chose not to display it. Most pages would not have made that choice" this is written to frighten children maybe? Also that's not my internet provider. Maybe it's my ISPs upstream provider?
there was a prank way back, that used simple html, css and javascript, to instruct the browser to display IP address, public, and local, popup a stream from the webcam, and place them among a crafted document intended to trigger i.e. troll people.
no data was cast to internet, it was all code executed with local user permissions to access the devices devices and logfiles displayed inline as "proof" that you are standing on stage with naught but your drawers.
people were at times moved into a panic and could be manipulated into making contact with malignant entities. there were casualties.
never underestimate the damage that can be caused by manipulating perceptions of the current situation,its not a joke, its handgun serious.
Maybe it's because I'm idealistic in addition to being old, but I think a lot of this functionality was in fact added for explicit purposes.
A client sends the language header or the list of supported fonts not so that the server can "do whatever they want with this data." There is (or was) a real reason for it when we came up with these standards.
The fact that website providers, or more specifically ad-networks, have chosen to use these for other purposes is breaking that implicit agreement.
(edit) but you're probably right that i'm expecting too much.
Sure, but I think some of the stuff it sends isn't necessary. A website doesn't need to know the list of fonts on my machine, for example.
Some of them are questionable: most websites do not need to know my time zone, but when a website can use that in a useful way related to its functionality, it would be annoying if the browser were to popup an allow/deny dialog, and even more annoying if I had to manually set it in the website's bespoke settings panel.
I'm not sure what the solution is here.
I don’t understand why that would be an implicit agreement, though? Why would I expect that the website would not try to figure out who I am?
They are free to remember whatever they want about my request… but I am also free to modify the request however I want, if I choose to randomize the list of fonts or choose to not send it or whatever.
> Why would I expect that the website would not try to figure out who I am?
For the same reason I expect my neighbor not to kill me or steal my shit. We live in a society, with societal expectations around behaviour. I, personally, would prefer not to live in an uncivilized jungle where the only rule is "do whatever you can get away with".
cortesoft26 minutes ago
[-] “Kill me and steal my shit” is a lot different.
This is more like, I am not offended if my neighbor notices that I leave my house around the same time everyday and come home around the same time. I don’t expect my neighbor to look away when I step outside. If I put something in my yard visible from their house, I won’t get offended if they look at it.
Killing and stealing are completely different things than “paying attention to what I do when I am doing things they can see”
Website is a good dog. But its owners don’t have to be good as they can re-sell data about you to someone else.
Some sites can have more than 1,000 partners - you can explore their intentions in cookies consent window.
>
Why would I expect that the website would not try to figure out who I am?Because doing so is creepy.
The location it chose was laughably inaccurate (and since I'm the kind of person who posts here I know why). Censoring the IP address was a little cheesy, but down at the bottom it gets better.
It knew how much my phone was charged and it made correct inferences about my device. It accurately read my gyroscope, how I interacted with the touch screen, and it demonstrated (not new knowledge to me but probably interesting to the general public) how these things could be used to identify you and also to make inferences about you (if you are sitting, standing, lying down, etc).
It starts slow but it got interesting.
I learned that either my phone's gyroscope is broken or my browser obfuscates it.
Still interesting, even if not surprising.
I remember some users with phpBB signatures some 20 years ago that did the "I know where your IP address lives" trick. Yeah, a bit surprised this is still being done, only today not as some silly troll move in a forum but on some professionally designed website.
reply▲gonzalohm25 minutes ago
[-] One thing is using information about my connection like my IP and a different one is my browser exposing the angle that I'm holding my phone.
I should be able to expect some privacy from my device. What if my browser starts sending a picture of my front camera with every request, is that okay?
I think a lot of us old tech folks want to still believe in those techno-libertarian ideals of the old web. However, in order to do that we largely need to ignore the capitalistic and authoritarian ideals of the modern web.
Us not owing each other anything worked great in a prior era when people were largely correct in assuming most people were good actors. But as soon as the money and power of the internet became real, things started to turn more adversarial. The assumption of trust and lack of responsibility makes it easy for one side to take advantage of the goodwill of the other. And the technical and power imbalances inherit to the server-client nature of the web means that abuse is more likely to flow in one direction than the other.
I agree entirely. Those of us old enough to have experienced those dreams are naturally going to mourn the loss of the Internet as a place for wild experimentation because we know so much good came from it and there isn't any true replacement.
But it's become clear that in the absence of governance, standards of behavior, and rules both explicit and implicit, the Internet has grown toward tyranny and automated exploitation rather than freedom.
We need to set some rules and expectations that people can rely on, otherwise rules will continue to be imposed on us.
My students are essentially forced to use MS services. So... there is that.
So am I, come to think of it.
That seems more of an issue with the school, though, rather than the actual web request. In this case, there IS a prior agreement between the school and MS, so there can be additional expectations about how that works.
reply▲I didn't know the browser made an agreement between myself and it. Here I am thinking that I am forced to use monopolistic tech because I a US citizen have zero say in the direction of technology in the country, that's decided by undemocratic financiers gambling with pension funds in SF. Silly me.
reply▲Browser volunteering an angle at which I'm holding my phone is a bit surprising.
reply▲Why? Some web apps might want to present a different interface if you’re in landscape.
reply▲You don't need an angle for that. That is highly invasive and can be used to target unique individuals. Why not default to a pro-human oriented mindset rather than pro-corporation?
reply▲That's much more reliably conveyed by looking at the viewport dimensions.
reply▲Someone sets up a server that accepts connections to it and then someone sends a connection request to it.My disappointment is not with websites. It is with browsers. They have continuously prioritized dark pattern support. They have consistently removed user control.
I mean it's not the websites that default to recording every keystroke, default to tracker persistence, default to phoning home with daily telemetry, etc.
When I first started using HN, I ran four very different browser engines. Now there's no real choice.
reply▲nemothekid44 minutes ago
[-] None of the information on the website I would argue is a dark pattern. The remote server knows my IP address? Yes that's how the web works.
The server knows my window's resolution? Well I think thats very useful information for the application to have for layouting.
You know what other application is recording my keystrokes right now? HackerNews. "recording keystrokes" is also known as "typing in a text box"
* I'm not in that city.
* It's running a kind of Chrome on a kind of Linux, at a stretch.
* Nobody can infer when I work and when I sleep. That includes me.
* The recent, high-end display is the screen of a low-end tablet I bought in a supermarket five years ago.
* But yes, browser fingerprinting is annoying.
* Since you can detect light mode, would it kill you to honor it?
The amount of fingerprinting this page reveals pales in comparison to what actually happens in the wild
reply▲its ease is also vastly inflated. If it was as simple as this site makes it out to be, companies like fingerprint.com don't exist.
reply▲Don't know about easy but their JS lib doing this is quite good:
https://github.com/fingerprintjs/fingerprintjs
Honestly surprised to see it licensed as MIT now too. It was something less permissive before. They aren't doing anything too crazy, more like being the first ones to be open about it.
I couldn't imagine what else companies like Google or Meta or TikTok can extract out of it that no one else can't. Integrations aren't exactly hard to make, quality is hard yes, but making half assed plumbing is sufficient too.
Those advertisers benefit from monopolistic markets with zero regulation while owning the platforms they sell advertising on that requires their explicit malware in order to use, what is unique about their finger printing versus what fingerprintjs provides?
BugsJustFindMe5 hours ago
[-] * That's the wrong battery percentage and the wrong charging status.
> Since you can detect light mode, would it kill you to honor it?
It would probably still be low contrast garbage even if it did. :/
The 100% charging readout is the desktop-with-no-battery phantom. I pushed a stricter filter for that earlier, you may be on a cached copy (try a hard refresh). On the light-mode call: the page detects your preference but doesn't honor it, intentionally. The irony being that the demo ignores the same signal it points out. I take the cost of the annoyance.
reply▲Okay but it's really hard to read for those of us with old people eyes.
reply▲> It would probably still be low contrast garbage even if it did. :/
My guess this is LLM slop website generation. And they forgot to prompt to include high contrast text... And the site owner cant make the changes without a sloperator.
nozzlegear42 minutes ago
[-] >
I'm not in that city.I'm using Apple's Private Relay VPN so it was hundreds of miles off. It's always interesting to see where websites or services think I'm located using their geolocation databases, but if I turn it off they can pinpoint me within a couple of miles. Thankfully almost nobody has ever blocked Apple's VPN, so I never have to turn it off.
> Since you can detect light mode, would it kill you to honor it?
Seriously, I'm in my mid-30s but some of these dark mode sites make me feel mid-80s. I can't see shit on this site.
> I'm not in that city.
Same, it claims Brussels, but I'm in Antwerp.
It also got my screen resolution wrong.
georgemcbay2 hours ago
[-] > I'm not in that city.
Same, it said Riverside but I'm in San Diego (about 100 miles away from Riverside).
Of course, its just using a geolocation database for the IP address and thus reporting the location of some switching center Verizon runs and not my actual location.
If you're trying to prove a point about privacy its probably best not to lead off with information that can be off by hundreds of miles while presenting the fact that it "knows" this information as being darkly ominous.
Presenting this information while being wrong probably does the opposite of the site's intent and gives some people a false sense of security because what real websites and apps track about you using digital fingerprinting is a lot more detailed, personalized and (usually) correct than what this website presents.
quietsegfault2 hours ago
[-] > Nobody can infer when I work and when I sleep. That includes me.
Are you like /severed/ or something? Surely you can infer when you work and sleep from your experience living your life as you.
> Surely you can infer when you work and sleep from your experience living your life as you.
Not everybody has a schedule. Mine is essentially "eat when hungry, sleep when tired", and my sleep patterns more closely follow a 26-hour day than a 24-hour day.
It was much better for me.
* Your socks don't match anything in the room.
* The man you thought you killed in Tuscaloosa woke up and walked home an hour later and is now a chiropractor in Shreveport.
* Your daughter is pregnant by the kid who trims the hedges.
* Your dog is dreaming about the squirrel in the wood pile.
How does it know?
I am once again asking privacy advocates to try sounding normal for once. Trying to make a browser accessing your timezone sound nefarious isn't going to convince anyone of anything.
reply▲It's the usual terse LLM voice that makes everything sound dramatic. Nails on a chalkboard
reply▲warkdarrior2 hours ago
[-] > Trying to make a browser accessing your timezone sound nefarious isn't going to convince anyone of anything.
But I am the only person in this timezone in the world. It uniquely identified me!
AlecSchueler57 minutes ago
[-] The claim was that a site could "infer when you sleep, when you work, and when you browse because you cannot sleep." Is that not true? I know that the timing of my HN comments tells a pretty clear story about my schedule having recently looked at a histogram.
reply▲Visiting without JS: "With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops."
I find this hyper dramatic LLM language extremely off putting, but appreciate the signal that allows me to completely disregard it.
Whether or not the information is accurate isn't really the point. It's that it serves as a way to identify you even without cookies. I looked for better websites, the EFF one[0] is informative.
My browser fingerprint was unique among the visitors in the past 45 days.
[0] https://coveryourtracks.eff.org/
> Our tests indicate that you have strong protection against Web tracking.
Gotta love Firefox with ublock origin in advanced mode, even without JavaScript disabled so the site worked.
capitainenemo2 hours ago
[-] uMatrix + NoScript personally (yes, seems silly, but I find NoScript's UI more convenient for script toggling, while liking uMatrix's fine grained controls)
Did you enable firefox resist fingerprinting?
Also maybe letterboxing, which I think is not enabled by that flag by default, and also helps with CSS fingerprinting.
I used to use umatrix, preferred it to ublock origin advanced mode. However, isn't umatrix unsupported?
reply▲capitainenemo50 minutes ago
[-] It hasn't received updates in a good long while, but seems to work fine, for me anyway. Has some rough edges, logging blocks when there's a bunch of redirects is a bit of a pain, making it hard to fix whitelisting in complicated things (like the dozen domains microsoft uses for auth) but apart from that...
reply▲capitainenemo40 minutes ago
[-] (and ofc there's a bunch of forks adding bugfixes, some even relatively recent in activity, but unfortunately none have become the blessed official maintainer)
reply▲Did you specifically re-enable javascript? Ublock origin on medium mode blocks all the tracking javascript and I'd think advanced would follow the same basic starting point.
reply▲Yeah, didn't work without it.
reply▲If i run that (or similar sites) multiple times, shouldn't I like.. not be unique each time?
reply▲tossandthrow4 hours ago
[-] At least in Europe the gdpr still counts, even when you don't use cookies but fingerprinting.
So if you use this information you still need to disclose it and process data in accordance with the law.
In my case, the site reports "The technique is called browser fingerprinting. It is legal everywhere."
It is definitely not legal in Europe, when used to track individual users. The consent pop-ups are not only about cookies.
id still prefer the information be inaccurate. since sites are rude enough to try and track me, the least i can do is feed them unique garbage.
reply▲The website is pretty & the overdramatic copy is fun, but there's much better fingerprinting demos out there.
The number of data points shown here is low - there's plenty more it could be checking - & a good number of them seem to be wrong (it's only detecting one as explicitly "withheld" but I believe a few of them actually are, leading to garbled output).
Needs some QA.
InsideOutSanta4 hours ago
[-] The overdramatic tone is pretty funny. "You are in [wrong city]. We could send a team on ninjas to kill you right now, but we chose not to. You are welcome."
reply▲In short, another AI-generated slop project.
I've seen this exact UI style a dozen times now and it's always accompanied with tell-tale overly verbose, overly dramatic text.
A vibe-coded EFF Cover Your Tracks. The fact this made it to front-page is spookier than its contents
reply▲moritzwarhier2 hours ago
[-] exactly, it even looks like a page created by someone asked to "replicate this, non-obviously, add fancy landing page theme".
Fugly.
camillomiller3 hours ago
[-] Yes! By a user who’s 21 days old, has never commented and it’s not even following this thread as he has absolutely never replied and never will. Having these kind of submissions not flagged is killing hacker news
reply▲I disagree, the discussion is still interesting to me. The page might be low quality AI slop (though it claims it’s not), I did find the discussion about it informative to a degree.
reply▲reply▲Hmm interesting. I tried the EFF site and among other things it told me I'm on "MacIntel".
Gave me a scare, thought I'm still somehow running an x86 build of Firefox.
Both linked in the Sources & Confessions modal at the bottom. Cover Your Tracks is the spiritual ancestor of this whole piece. amiunique is more rigorous; this is the editorial cousin.
reply▲Brutally dark site doesn't seem to show much to my eyes. No modal appearing at the bottom.
reply▲I love that the very first thing it showed was wrong
> San Pablo, California, United States
> You appear to be in San Pablo, United States. Your internet provider is AT&T Enterprises, LLC. We know this because your IP address — 108.xxx.xxx.233 — was the first thing your device sent us
I am in San Francisco. IPs are not a reliable location identifier and never have been. Especially on mobile. Thank you for coming to my ted talk
> We did not ask for your location. Your address arrived before you did.
Bunk. You asked a geolocation api/service to map my ip address back to a location. You _did_ ask for my location, using my IP as a key. And my IP is pretty much required in order for communication on the internet to work (outside of using services to hide it, but then _they_ have your info instead).
Nah. The browser has a mechanism to request geolocation. This is the ask that was not performed. The user was not asked, which is the important piece.
If I have a dictionary, I don't have to ask the meaning of a word I hear from someone I am speaking to, I can look it up in the dictionary. I may infer an incorrect meaning because the word has multiple meanings or is a colloquialism.
If I need to clarify that inaccuracy, I need other data points (for example, the context of the conversation), or I can ask my conversational partner for clarification).
I think you are misreading this. It isn't saying they didn't ask ANYONE, they are saying they never asked YOU as a user for it.
Also, though, of COURSE your address arrived first... how else are they going to send back the data you are requesting?
> my IP is pretty much required in order for communication on the internet to work (outside of using services to hide it, but then _they_ have your info instead).
Tor and similar multi-hop proxies, depending on construction, supposedly can't match source to destination IPs.
It has.. Shall we say tradeoffs.. In terms of latency mostly, but I suspect bandwidth is likely affected too
reply▲> Your graphics processor identified itself as or similar.
That checks out. I think what I have is similar to a graphics card but isn't quite.
My GPU identification is off by about a decade but it did get the brand right
reply▲Sohcahtoa823 hours ago
[-] Seriously. My laptop was manufactured last year, and the site identified it as a Radeon R9 200 series. That was a top-of-the-line GPU...back in 2014.
reply▲Same ID for mine. Are you running Firefox? Maybe that's a lie it tells to fingerprinters.
reply▲I am running Firefox. Firefox does not report you GPU according to the site, instead returning a generic "Mozilla" GPU.
More of you should be running current Firefox. It actually has serious engineering work going into protecting you from web tracking.
I work for a team entirely dependent on web tracking for Fraud prevention. The things Firefox does work to protect you and make our job harder. They genuinely make it harder for websites to track you.
Other things that genuinely help: Apple private relay. Some VPNs. Generated unique credit cards.
chrisweekly6 hours ago
[-] I appreciate the intent here, so this is constructive feedback:
- Some of the numbers are off, eg
"Your browser allocated 39322 MB of storage to this page alone"
- low contrast in dark mode makes text hard to read
The 39 GB number is a bug. I was reading quota (browser allow-up-to ceiling) and calling it "allocated." Fixed; pushing now. Contrast is intentional but I hear you. not changing it but noted, and a cleaner reading mode is on the to-do later.
reply▲Contrast is a violation of accessibility guidelines.
reply▲warkdarrior2 hours ago
[-] This site is already violating your privacy. Do you think they care about your accessibility needs?
reply▲The site isn't violating your privacy.
reply▲An instant loading page without animations and more contrast would have been more fun.
The fact that it begins with my IP address reminds me of those dubious VPN ads.
City is wrong, I may speak English but it's not my native language.
As other people said, there are much better pages showing you your browser fingerprint.
And like most people discussing these things, you entirely miss the point.
It doesn't matter whether you actually speak english natively or not, nobody cares about the actual values. Web sites don't actually care whether you have a robust font package in some way to discern whether you are a font hipster or something, they are just collecting signals.
What matters is that your physical machine and web browser combo report these values about the same way every single time they are probed, and that is used to reliably track YOU, uniquely, with great accuracy, with EVERYTHING you do on the internet, every site you visit, every mouse movement, every purchase linked back to you.
Everything.
The actual values don't have to match "reality" in any way. It's just about generating bits of signal about your setup.
> It doesn't matter whether you actually speak english natively or not
So don't you think presenting the info as it's a great uncovered secret and then getting it wrong will lead the layman to disbelieveing everything?
Of course, the other extreme is the EFF site that says "Currently, we estimate that your browser has a fingerprint that conveys at least 18.33 bits of identifying information.".
There must be some middle ground to present this info.
Access to the available font list might be useful for identifying devices likely issued by a particular organization. Unusual fonts that are part of an org's branding usually are installed as part of a standard device image. This allows employees to produce brand-compliant presentations, etc. I was an intern at GE in the mid-90's and we had a custom font with just one character defined - the "meatball" corporate logo.
reply▲> We know this because your IP address was the first thing your device sent us.
First paragraph, and I don't like this wording already. It's as if "my device" has any choice in the matter.
And actually, it's the reverse! Often enough your own device does not know your _actual_ public IP address without asking some kind of public service to snitch on your internet connection.
YeGoblynQueenne11 minutes ago
[-] Huh? The user mwheelz seems to have been [dead]'d in the time this post has been on the front page. If I look at their comments page, those posted more than 46 minutes ago (at the time of writing) are normally visible and the rest are [dead].
https://news.ycombinator.com/threads?id=mwheelz
Mods, is there something we should know? Is there maybe a reason to stay away from the linked website?
It seems like they know I have an iPhone with dark mode enabled, that I speak English, and that I'm in the USA (but wrong city wrong state). I am kinda unimpressed, I'm pretty sure they can get a lot more info than that.
reply▲looneysquash1 hour ago
[-] Would be nice if more people were focus on fixing these issues instead of just a bunch of "we already know", and making fun up the tone of the site.
Thanks op for reminding us of the privacy issues with our browsers. The EFF and others already told us, but the issues remain. Lets hope you're hear to stay and fight for our privacy alongside us.
Thanks for that. The page isn't trying to tell anyone something they don't already know, it's trying to put it in front of the people who haven't been told. The bug reports today have been gold and the volume is meaningfully better for them.
reply▲Aren't LLMs smart enough to choose better color contrast by now?
reply▲Happy to say that my browser didn't tell anything that I didn't expect it to. It even identified my IP from a location 1000km away from me.
Firefox on Android with ublock
Cute detail: if you switch to another tab and then back again it shows a banner at the top:
> You left for 6.3 seconds. We noticed.
I guess I shouldn't be surprised that it gives my exact GPU, but that was surprising to me. Just so everyone knows, its an AMD Radeon RX 6900 XT and I paid way too much for it during the covid/crypto price explosion when they were sold out everywhere. Still a bit raw about that, but it is an excellent card on Linux (fedora)
reply▲"Your graphics processor identified itself as or similar"
guess mine isn't such a specific model as yours. so I don't have a real GPU, i have something similar to a GPU??? did I get a knock off Alibaba version?
Real bug. Firefox returns "Mozilla, or similar" for the renderer string and my parser was grabbing the second half. Fixed; pushing in a minute. Your GPU is fine. Your browser is doing the right thing.
reply▲I got "or similar" from Firefox and exact make and model from chrome. Probably a browser issue and not a hardware issue.
reply▲Confirmed. Firefox's privacy hardening returns "Mozilla, or similar" or just "Mozilla" as the renderer string. Chrome doesn't (yet). My parser was treating the Firefox string as if it were ANGLE format and grabbing the wrong half. Fixed.
reply▲not regretting choice of browser at all
reply▲Yeah the exact kind shouldn't matter - just the WebGL capabilities.
reply▲The GPU string really is the spicy one combined with screen + fonts it's enough to single you out across most of the open web. The card itself is a tank.
reply▲Yea that is a strong fingerprint. Especially if any of the other things were correct or someone has a way to model your behaviors. How long you scroll vs how often you type etc. and somehow that's still not enough for big tech and they need biometrics, photo IDs, etc.
reply▲Yeah, the bottom counter on the page is meant to make exactly that point. Mouse movements, scroll velocity, tab switches, reading pauses are all features in modern fraud / "trust" scoring systems alongside the static fingerprint. Biometrics is the next layer, and it's already happening on the back of "passive" liveness detection most people never see.
reply▲It got mine quite wrong (Firefox).
The thing that bothered me is that browser are still sending the Referer info. I thought that was not supposed to work under https?
you are using a Radeon RX 6900 XT on Fedora Linux. we know this because you admitted it in the previous comment.
reply▲My battery is at NaN%, the site is cool but it should probably change the text if I’m not actually exposing that information.
It got the city wrong but close to where I live. This stuff would be wildly wrong if I fired up my VPN. Although its annoying when I connected to a VPN to Steam it’ll often show my prices in Canadian dollars instead of USD.
Heh, my battery (which I don't have cause this is a desktop) is at 100% apparently
reply▲Battery: kept back
Your browser kept your battery level back. Firefox removed this API entirely in 2016, after researchers proved it could be used to track a visitor across websites without cookies, without consent. The API still exists in the specification. It was simply hidden — from you, and from any page that might ask after it.
Well, at least something positive from the shit I take for not sheepling my way through life using Chrome
I got this message and I'm on Chrome, on a laptop. I tested in the console on that site and was able to get the battery level though, so I'm pretty sure their check is just broken.
reply▲IdiotSavage5 hours ago
[-] > Where you were before
> news.ycombinator.com
This has always bothered me the most. I disabled the 'Referer' header once, but it breaks many websites.
The Referer header is the one that's hardest to opt out of cleanly, strip it at the network level and too many things break. Referrer-Policy lets the origin set the rule, but the visitor doesn't get to choose. There's a quiet move toward Referrer-Policy: strict-origin-when-cross-origin as a sane default in modern browsers but it's still origin-dictated, not visitor-dictated.
reply▲I strip/forge it with a old, probably outdated firefox extension (Referer Control.) But you still got news.ycombinator.com. How? I thought the extension was broken, but it's not.
That was actually my only surprise, everything else I was expecting.
edit: ignore this, looks like I just needed to save my preferences again. Thanks for showing me that I have been leaking my referer for some mysterious amount of time.
It's interesting that this breaks things. When trying to link to an internal password vault at work it would always break. People would have to click the link on my site, then reload it to get the page to load. This wan an issue for years, across multiple versions and despite many people offering up ideas to help solve it. One day I thought maybe it was a referrer issue, so I had it open with noopener,noreferrer, and that fix it.
It seems odd that any site would require a user come from somewhere.
Hah I remember the picture of the scrotum.
reply▲> Your screen is 320 by 568 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display.
It’s been a long time my 2016’ iPhone as been called recent or high-end but I’ll take the compliment, thank-you.
chainingsolid2 hours ago
[-] Ya, I'm not running my Pinephone's display at x2 cause its a high end display on a $200 phone.....
reply▲Text is so dim is really hard to read.
reply▲> Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique
The set of fonts available in stock iOS is hardly going to be unique now is it?
That it is even possible to install fonts onto iOS would be news to most users.
mcintyre19941 hour ago
[-] > Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique
Is this actually true? Because I don’t even know if I have any control over this on iOS, and if I do then I’d guess almost nobody diverges from the default?
____tom____2 hours ago
[-] I doubt the fonts on my iPhone identify me. As far as I know, they would be the fonts it came with. Or can apps install fonts?
reply▲Something attacked my computer.
I shut the page, and some old one popped up.
I shut it, and they popped up again
I shut my browser, and Notepad++ was filling with <cr><lf>
I closed Notepad++, closed every open app, and restarted.
reply▲Mine told me my graphics card was "or similar" so my stock Firefox is doing at least okay.
While I still follow the general privacy first tenets, I have ended up backing off on some tools (noscript and librewolf) at the extremes of privacy because if every site is going to track everything by my IP or by my ASN or browser fingerprint, I do have a happy medium of being private enough while not being utterly broken in my browsing.
Roughly that looks like email aliases on demand via sieve rules, ublock origin with liberal use of filter lists, different handles and a password manager, frozen credit ratings, and Tailscale exit nodes or Mozilla(Mullvad) VPN for uncontrolled WiFi access points for my jnrootabke android device and mostly signal for comms.
I'm getting to old to be a privacy extreme enthusiast when all of my family side channels everything straight to Facebook, so this is the impure level of privacy I can sustain.
Same for me, also the "screen" size is off (just shows window size), the location is off by hundreds of kilometres and other information is quite generic (battery level "kept back", small set of standard fonts available...).
reply▲> You came here from news.ycombinator.com. Your browser told us the address of the page you were reading before this one. Every link you follow tells the destination where you were. The page you just left knows you left. This page knows where you came from. Neither was asked.
I thought this didn't work anymore and browsers left out the referer in the case of https, is that not so then?
I believe you only lose the referer header when switching between http and https.
reply▲Aside from the fingerprinting methods, the graphics processor string seems to be the most immediately personal data given up (other than location, which was incorrect for me). I could see sites tailoring ads around an assumed class, income, and level of digital literacy based on this data point alone.
reply▲Dunno what it is with the wording but my brain started reading it in a bit of a "Hello Clarice" Hannibal Lecter style lol
>The specific combination of fonts on your device is nearly unique — like a fingerprint made of letters
Is this one true? I've not made any changes to fonts on my phone that I know of, wouldn't it just be bog standard iPhone fonts?
Curiosity not challenge
Would be cool if you actually did track just to prove the point like "you've opened this page 6 times now, 2 of those were via VPN and one time was using the Firefox Focus browser. Have you found any flaws in the data yet?"
As far as this website reports, I'm undistinguishable from most other Mac users in Brooklyn, New York. Seems like it's not actually highlighting the frightening aspects of fingerprint.
reply▲Yeah, your browser fingerprint might be a needle in a needlestack. You might not be able to distinguish one needle from another needle easily, but if you have enough needle samples you can start to identify what the needles are pointing at. Data aggregators collect enough pseudo-indistinguishable needles to be able to disambiguate and associate them with a known identity or cohort. For example, your mobile browser might be indistinguishable from most other Mac users in Brooklyn, but your mobile browser might be the only one running on a device from an IP address that regularly logs a meal in MyFitnessPal at that Starbucks wi-fi before making Apple Pay/Google Wallet purchase, hits the next 8 stops on the train before connecting to the same cell tower at the narrow window as you enter your office (telling on myself a bit, tho I am in Vancouver, not Brooklyn).
Span this across all of your movements and activities across multiple aggregators and it's a trail of movement through a fog of data that is fuzzy, but enough to identify you, or a small cohort of similar users.
"With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops."
This is surely only partially true.
1vuio0pswjnm74 hours ago
[-] Perhaps this illustrates the ridiculous level to which website operators make assumptions about website visitors
This phenonemon is much older than "browser fingerprinting"
I thought the referer was not available under https anymore
reply▲Trying this in Lynx I'm surprised it didn't at least get some information from me in the request headers. You don't need JavaScript to pull things out of them.
reply▲nathanmills5 hours ago
[-] You can't gaurentee any of this is fingerprintable without checking twice (i.e. give the user a unique url, then ask them to restart the browser and visit it). In privacy browsers like LibreWolf or Mullvad Browser this is almost all spoofed, save for things like the IP which needs to be hidden/changed independently of the browser.
reply▲Correct on rigor. Proving a fingerprint requires the two-visit protocol you describe. The page doesn't actually compute a stable fingerprint or attempt to track returning visitors, it shows you the signals that go into one. The barcode at the bottom is deterministic from the data shown but isn't compared against anything stored. Sloppier than a real fingerprinting tool, by design.
reply▲pretty interesting but why's this website so dramatic, like it thinks it's making me uneasy and paranoid or something
reply▲Because it's AI slop. It's the same tone every time
reply▲Most of this is pretty standard stuff but one thing I did learn is some of the fingerprinting techniques I wouldn't've thought of. Like Mozilla/Apple not sharing GPU or battery information being used to confirm which browser I use even if I fake the User Agent String.
reply▲deferredgrant3 hours ago
[-] Browsers are stuck between compatibility and privacy. Every bit of environment detail has some site that claims to need it, and every extra bit makes users easier to distinguish.
reply▲GMoromisato4 hours ago
[-] Someone should do a demo where they take all the info from the browser and feed it to an LLM to describe the person as accurately as possible. I bet it would be 10x better than any horoscope.
reply▲The text legibility of the gray on black is a serious problem. My eyes aren't that bad but I can barely read this.
reply▲My eyes aren't great and I had to pinch-zoom to read parts of this page.
reply▲Its mixing confidential info. For example, you know I'm connected from a location, but you do not know my precise location. I connected from a tower that is from Odido, but I am not paying Odido for a subscription.
reply▲Right, IP-to-geo is approximate and gets a lot of cases wrong (yours among them). Most ad networks use it as a region/DMA hint, and not precise positioning. The point of including it isn't precision. It's that any location is more than nothing, and the visitor never opted in.
reply▲internet20003 hours ago
[-] Yes, I'm on a MacBook Air in Eastern Time and I speak English. I'd have told the website that myself if they had asked it.
reply▲Eastern Time, USA, or closer to Bangladesh?
reply▲reply▲pixel_popping4 hours ago
[-] What's terrible about them?
reply▲They track us around the web.
reply▲pixel_popping3 hours ago
[-] But anybody knows (in tech I mean) that a browser client leak a lot of things and sustained tracking is easy even cross-browsers (and cross-devices too with more advanced techniques), including history (easy to know which websites were visited with timing analysis in loops and iteration), it falls on the responsibility of the user to achieve privacy, but it requires heavy sacrifices that frankly most users are not willing to do, fingerprint.com is really basic and doesn't go to a great length at all actually to track users (fortunately).
Reality is that most do not care about privacy (look at the number of Google users, even developers themselves who are completely aware of it and continue to "embrace" the mass tracking). There is also the mass brainwashing which is an issue where people that use VPNs think that they are anonymous and this is terrifying to think (thank you NordVPN non-sense, which also use Google Analytics which then correlate entire traffic later-on, what a joke).
Similarly, just like how somebody would think that a company selling weapons that are expressly used to harm protestors is a terrible company, a company that tracks its users and invades their privacy is a terrible company.
We can see that big companies are able to do a great deal for privacy like Cloudflare and Apple (relatively speaking).
>Reality is that most do not care about privacy
Most people don't understand how much they are being tracked online, and even less know how to start preventing it. The vast majority of people care deeply about privacy. It is a natural human desire. Ask someone that says they have "nothing to hide" if they would be willing to let you install a camera pointed at their bed. Are they doing anything wrong in bed? Anything to hide? No. They still deserve privacy.
Saying you don't care about privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say. [1]
Just because people don't care about the issue doesn't mean they shouldn't have the right by default. Privacy should be the default. It is bad for you to have less privacy because it gives governments, corporations, and other people significant power over you and allows them to harm you more easily. Also it is your right, just like the 1st amendment.
[1] Edward Snowden
I would never use NordVPN–I think their marketing is deceptive and they don't accept private payments, among other issues, but there is a big difference between the VPN collecting data and just their website. Bitwarden has a privacy respecting pw manager, but their website uses analytics.
reply▲pixel_popping1 hour ago
[-] Absolutely, Nord is a sh*t company when it comes to privacy, they removed the anonymity claim as well recently and changed it by "Security", but anyway a VPN is far (very far) from being enough to reach decent level of Opsec. Anyway, VPNs that care can start use Enclave at the very minimum, but it's insufficient as traffic can easily be correlated if you disconnect peers one by one (gov can just sniff DC firewall, then DDoS each IP connecting through it, check if the guy is still online... (ton of ways)). Mullvad is clearly more trustable regarding the steps taken to ensure more privacy, but it's not enough on its own and even them say so.
For Bitwarden, well, US government (and Google, and more) is aware of your usage of it through their analytics so I wouldn't say it's really privacy respecting but sure, there is a bigger effort yeah.
yakkomajuri5 hours ago
[-] DuckDuckGo browser helped mask some stuff, but definitely a fair amount still goes through.
Annoyingly the web is becoming a bit more annoying to browse as a DuckDuckGo (mobile) and Brave (desktop) user. With a VPN on top it gets even worse.
Another vibe-sloped false-integrity derivative. Cmon, OP..
reply▲How do we get our browser to stop sending all this information? It's really maddening.
reply▲I tried it with a VPN running and in the Mullvad browser and it got all the big stuff wrong.
Where are you was sent to another location due to the VPN, this was all it really impacted. When you arrived was wrong because of the Mullvad browser, even without the VPN enabled it reports that I'm in Reykjavik, which I'm not. What you brought with you, it got the resolution wrong, as the browser locks itself to various resolutions to prevent this kind of fingerprinting. GPU and Battery both say "kept back", I assume this means it couldn't get anything, because when I run in Safari it says Apple GPU.
chainingsolid2 hours ago
[-] 2/3 of the big browsers are open source, you could just change it this year! (Assuming your mobile device isn't from the former personal computer company turned status symbol manufacturer).
Harder problem is getting the economic system that relies on this information swapped out. Have fun when 99% of web doesn't 'work'.
the breathless fearmongering but also condescending tone of this really makes it hard to take seriously. yeah, you can "digitally fingerprint" me when i browse the web. do you know when else you can get my fingerprints? literally any time i touch something in the real world, i leave my fingerprints behind. and nobody is making websites telling us all what a risk to privacy that is.
if you want to make me afraid of browser fingerprinting, try explaining how that information can be used to harm me. i'm aware that it's possible, i just don't care because it doesn't seem like it's that big of a deal.
dark gray on black text was a terrible choice, virtually unreadable contrast
reply▲It's Claude that chose this and it doesn't really have eyes, so that's the reason
reply▲If the color scheme weren’t so atrocious, it would almost be possible to read what it says.
reply▲The stats are wrong - on Android my finger has not moved triple digit times, and I haven't tapped double digit times. In 4 seconds.
My general location is also wrong.
This site's theme is barely visible.
And the entire idea for the site is at least couple decades old.
Unoriginal slop.
praveen44632 hours ago
[-] good stuff but useful for non tech ppl. We already knew those things are exposed by the browser. probably worth putting in x/reddit
reply▲With javascript off it just stalls at "reading" forever. There are certainly some viewport properties and other things it does know even without JS execution, but the mitigation is significant. And the page itself (the JS application) cannot act on that data or communicate it. Instead it has to be processed by some other application on the backend or wherever. Not in my browser by my computer.
reply▲I can't help feeling that if you're turning JS off, you might as well turn off your computer to protect your data.
reply▲As an experiment, I made a small retail shop (< 30 products) that would use JS for modern style async/await calls, but would then use old school POSTs if JS was disabled with full page reloads on every POST. it sucked to dev and as UX, but it was possible to do. Had the non-JS POST style updates been any less annoying, it might have been viable. Nobody likes full reloads. They suck. JS can do nice things for UX. It's just that we can't have nice things because people suck
reply▲Nah, HTTP logs still leak my circadian rhythm.
reply▲This site actually works just fine without JS.
reply▲That's actually a fantastic idea!
Oh wait, no, I'm an e-addict. Drat! Curse this monkey!
I'm not worried about my privacy. No one can read the dark text on that page anyhow.
reply▲Update: I pushed two rounds of fixes for things people caught.
1. GPU "or similar" stranded prose. Firefox returns "Mozilla, or similar" as the masked renderer string and my parser was grabbing the second half. Masked-GPU case now gets its own observation.
2. Desktop battery showing NaN/100%. Chromium reports a phantom 100%-charging battery on machines without one; my filter was too narrow. Stricter check, falls through to "kept back."
3. Storage quota of 39+ GB reading as implausible. Now expressed in GB, and the prose was reworded ("would let this page write up to" rather than "allocated to").
4. Screen size matching window size (Firefox letterboxing / Brave farbling). Page now names it: "your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work."
5. "Recent, high-end display" being claimed on old retina devices (iPhone 5-class). Tightened the heuristic.
6. No-JS hangs at "reading." <noscript> block added.
Worth saying directly since it came up. The prose is hand-written. Each observation has a small set of templated registers and the code selects among them based on what the data returns. There is no LLM in the runtime path. AI helped me iterate on the spec like it does for most projects now. The sentences on the page are mine. If that's not the kind of work you're in the mood for, fair, but the slop charge is wrong.
pixel_popping3 hours ago
[-] But why don't you show real tracking capabilities? Not what's accessible via the browser directly and legally :/
reply▲> This volume requires JavaScript. That is part of the point — your browser is what is being read.
> With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops.
What? When I enable JS it shows me a lot of stuff that is only queriable with JS.
joshstrange5 hours ago
[-] It's somewhat interesting but over half of what it talked about is just silly.
- Reverse IP/geocode (while be cute about "we won't show your IP", oh no, not my IP!)
- Timezone - Ok, yeah, lots of websites need/make use of that for completely legit tasks
- Browser/OS/Screen size - boring, again mostly needed or historical
- GPU - Again, not super interesting IMHO
- Battery - Ok, this is the first one I think should be behind a permission dialog
- Language - Come off it, that's just table stakes
- Fonts - Again, not sure how else this should work in a "perfect" world
- Cookies/dark mode/DnT/etc - Ehh, again aside from fingerprinting (which ruins everything) these are all QoL improvements IMHO
- Referrer - Again, this is just how the web works
I think the websites that take all of that and show you a fingerprint or show the data in a more data-oriented way are way more compelling.
This, almost certainly vibe-coded, website doesn't do anything novel and hits on a huge pet peeve of mine: using low-quality arguments for a legit issue (fingerprinting). By mixing in stuff like your IP/Language on the same level as Battery/GPU/other-fingerprinty-things it makes the whole argument less compelling.
thesuitonym4 hours ago
[-] I'm with you on almost all of this, but since you (almost) asked, here's how I think fonts should work:
The server tells your browser to display a line of text in a specific font. If that font is available, your browser does so, and if not, it displays the text in your default font, or a backup font if the developer specified one. There's no need for the server to know if it's there or not.
People discovering "just how the web works" have spawned myriad complaints, misguided laws, and general anger and confusion. I wish there was a test people had to take before they go online or something. Otherwise they'll still be mad that Chrome Incognito didn't prevent ads.google.com from registering them as a pageview statistic.
reply▲Fair pushback, and partially right. Most of these data points are individually defensible. Accept-Language helps with localization, Referer is just how links work, timezone is universally useful. The page's argument isn't that any single one is bad; it's that the bundle is identifying. Panopticlick / Cover Your Tracks measures combinatorial uniqueness, not any single point. The piece could be sharper about the distinction. Noted.
reply▲I wish it knows that I absolutely hate dark modes with such low contrast.
reply▲Wow! A significant amount of that information is wrong. I guess my corporate security is doing their job pretty well.
reply▲crazygringo5 hours ago
[-] This is just... silly. Everything it told me, while browsing on my iPhone, seems entirely reasonable.
> Every page you have ever visited knows at least this much. Most of them know more. None of them told you.
So? Why would I want the news site I'm visiting to "tell me" it knows my preferred language, that I'm using light mode, or the estimated location of my IP address...?
It's not surprising that a browser which renders text can be used to identify which fonts are available. It's not surprising that a browser which allows calculation with your GPU will identify your type of GPU.
The "without asking" framing is just silly. I expect to be asked for consent to use my webcam or microphone or exact precise location. But the last thing I want is to be asked for permission around detecting my local time zone or preferred language or my screen resolution or 20 other totally reasonable things for a website to be able to know.
Right that most of these aren't surprises individually, and right that nobody wants a permission prompt for Accept-Language. The argument isn't that you should, it's that the combination is enough to identify you across sites without your awareness, and that the wider tracking ecosystem trades on that bundle. The piece is editorial about the thing existing, not a proposal to gate every header. Reasonable to push back if you find the bundle isn't the point.
reply▲crazygringo3 hours ago
[-] Fingerprinting has exited for a long time. But this site is specifically saying "None of them told you".
The site does seem to be implying that disclosure and consent are the issues:
> We did not ask for your location.
> Nothing about this was requested. The information arrived on its own.
> Your device volunteered all of this in the first milliseconds of the connection. It will do this again on the next page you visit, and the one after that.
> No permission is required.
It's framing this as if browsers are maliciously volunteering information that ought to be protected, and that sites are maliciously hiding the information available to them.
It does seem to be clearly suggesting that even basic pieces of information ought to be available only upon request and that this must be disclosed to users.
You say this is "not a proposal to gate every header", but it's sure looking like something close to that to me.
> Your screen is 1512 by 982 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display. Your device volunteered all of this in the first milliseconds of the connection.
No it didn't. It was queried by the JS running on the page. It's a fun demo but it could really do without the slop prose.
pixel_popping2 hours ago
[-] Yeah, no need JS to track resolution or even mouse movements with timing, pure HTML/CSS can do.
reply▲Pedantic but right. The JS queries them; the browser returns them without prompting the user. "Volunteered" is the editorial verb for that round-trip but it does paper over a layer.
reply▲It's relevant because connection-level fingerprinting is directly visible to intermediaries like cloudflare.
reply▲quietsegfault2 hours ago
[-] Jokes on them, they got the wrong IP address, dummies!!! My IP address is 127.0.0.1!
reply▲Its pretty scary when you see it like this
reply▲Vibecoded slop with LLM-written copy. When will it stop
reply▲none_to_remain4 hours ago
[-] According to the "Sources" popup, creator can't even excuse the slop as AI slop:
> The prose
> Hand-written · Template-based, not generative
> Every sentence on this page was written by Matt. The code selects among prose templates based on what your browser returned. No language model writes or rewrites anything at runtime. If a condition is not covered by hand-written prose, the page stays quiet about it — we'd rather say less than say something false.
We desperately need some tagging system/convention here. Maybe just putting [AI] into the title. This bullshit is getting really tiring.
It looks like this is an ad by the way, check op's posting history
camillomiller4 hours ago
[-] All these submissions come from bots, and users with accounts younger than a month with one single submission (in this case three times the same submission).
Maybe the system should block anyone with lower than xyz points and 20 comments to post any link?
I dunno, I guess it's hard but this shit is really affecting the community.
reply▲thatguy09005 hours ago
[-] Man what a awful looking site. I shouldn't have to crank my brightness to max to kind of read the words
reply▲I agree, this site is an eyesore.
I use windows color filters (Grayscale inverted is my preferred, in the past I used plain inverted) for poor man's dark mode (or light mode in this case) for stuff that doesn't honor my color scheme and hurts my eyes. It also has a hotkey, so it is really handy sometimes, but you need to enable it in the settings.
Assistive technologies are great, not only because they benefit those who have no choice but to rely on them, but also they can benefit the luckier people.
I can’t even read this on my phone, the text is too small and the contrast is terrible
reply▲pixel_popping4 hours ago
[-] It's really bad, it's not using proper fingerprinting techniques, no network stack fingerprinting, no browser history via DNS poisoning, no narrowing down exact country with timing and so on. I mean this is even inferior from basic tools like amiunique, what's the point?
reply▲camillomiller4 hours ago
[-] It's a piece of AI slop that this user, with an account created 21 days ago, has been spamming here for the third time.
reply▲This is a great exercise, it's generally accurate on location but it's hard to express how granular they can be Identifying users through browser information. fonts? display size? processor? how unique is that really in laymans terms?
reply▲Ok…
Are we supposed to care?
Your browser discloses a lot more fingerprinting data than this
reply▲camillomiller4 hours ago
[-] Another unreadable piece of slop with Claude fonts and style that this user has already spammed three times here with an account created 21 days ago.
This is out of control, and y'all just comment these threads as if they're made by humans.
At least it doesn't know my age
Oh wait
Netscape user.
Always a giveaway.
reply▲We've seen tens of pages like this, all done better. Now the vibe coders got into it and completely fuck up the idea.
reply▲hackersnooze12 hours ago
[-] it got both my city and browser wrong i am not too concerned lol
reply▲Lol, the description text is so dramatic.
reply▲>OH MY GOD WE KNOW STUFF ABOUT YOU
peoples obsession with 100% privacy while operating in a public space is immature. if you're that risk averse dont connect to the internet.