[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

Re: Browser Fingerprinting

Boruch Baum <boruch_baum@xxxxxxx> writes:

>> Does your browser protect from fingerprinting?       ✗ no
> This has me puzzled. How did the website reach this answer? My memory of
> this subject is that fingerprinting can only happen when the client
> either voluntarily puts fingerprinting data in HTTP GET/POST requests,
> or when the client has a javascript API that can be queried to reveal
> fingerprinting data. AFAICT, neither emacs-w3m nor w3m do either. Off
> the top of my head, some examples of fingerprint data that I remember
> being common are: available fonts, display geometry and properties,
> geo-location, data from device sensors (eg. temperature, accelerometer)
> , hardware specifications, software environment, and device specific
> stuff like UUID numbers.

The fields tested as browser characteristics were

User Agent
Browser Plugin Details
Time Zone Offset
Time Zone
Screen Size and Color Depth
System Fonts
Are Cookies Enabled?
Limited supercookie test
Hash of canvas fingerprint
Hash of WebGL fingerprint
WebGL Vendor & Renderer
DNT Header Enabled?
Touch Support
Ad Blocker Used
AudioContext fingerprint
CPU Class
Hardware Concurrency
Device Memory (GB)

And most of the values are "no javascript" when testing with w3m,
otherwise yes/no or true/false. The "no javascript" gives a
fingerprinting value as well (bits of identifying information).

The most identifying characteristics is User Agent followed by

Browsing the web with a text based browser is not a common thing to do,
so from a browser fingerprinting point of view I guess the uniqeness is
to be expected.

Best regards