[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

Re: Browser Fingerprinting

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@xxxxxxx> writes:

> Here is an interesting article on so called "Browser
> Fingerprinting" [1]. This can be of some concern to
> people using uncommon browsers like Emacs-w3m.

I did this test at https://panopticlick.eff.org in 2017 with emacs w3m.
I was then unique among 216 118 browsers. I think the count is tested
browser the last N days. I did it again now and was unique among 175 561
browser the last 45 days with 17.42 bits of identifying information
(emacs w3m). Here are some more stats from that test:

                        Test                         Result
Is your browser blocking tracking ads?               ✓ yes 
Is your browser blocking invisible trackers?         ✓ yes 
Is your browser accepting Do Not Track commitments?  ✗ no  
Does your browser protect from fingerprinting?       ✗ no  

> Because Emacs-w3m doesn't support JavaScript, one should
> be safe from all that save for the cookies, but they can
> be be disabled with
>   (setq w3m-use-cookies nil)

didn't turn that off...

> Then there is also the User-Agent field in the HTTP
> request which browser supplies voluntarily.
> Because Emacs-w3m isn't the most common of browsers,
> this field can be used to identify YOU - possibly.
> Inhibit with
>   (setq w3m-add-user-agent nil)

Didn't do that.

> Now, check out the progress on [2] :)

Here I get

... full fingerprint is unique among the 1 936 960 collected so far.

> (The language is still "en" - however I don't think
> anyone can be tracked using that data...)
> Of course, the IP is still there, because otherwise the
> server won't know where to send the requested HTML.
> I think it is much more likely that tracking will be
> done using that, than the browser fingerprint!

Maybe. EFF explained to me at the time that browser fingerprinting is
more effective since IP can change over time and can be fiddled with
with VPN and so on. (Of course browser can change as well but anyway)

> But that's not a browser issue, people who look for that kind of
> anonymity will probably use VPN or Tor or be on some other *net
> altogether, besides the internet...
> Even if you feel you have nothing to hide, and you are
> not paranoid, it can be a good feeling not to give
> anything to these bozos anyway :)

Browser fingerprinting for tracking users ought to be illegal. It's just
wrong, no matter you have something to hide or not. Edward Snowden said
something I agree with -- saying that you don't care about privacy
because you don't have anything to hide is like saying you don't care
about freedom of speech because you have nothing to say.

Best regards