Decided to test some browser fingerprinting this morning via the Cover Your Tracks tool by @eff. @brave, @librewolf, and (no surprise) @torproject all performed (or appeard to perform) better than @mullvadnet.
This one is also an interesting test because it has ways around many obfuscation attempts that privacy oriented browsers utilize. Well… less of a test and more of a showcase how creepy js is.
On my setup it was able to get way more info compared to coveryourtracks. For example, creepjs always detects my actual display size, but coveryourtracks doesn’t.
https://abrahamjuliot.github.io/creepjs/
Not even chameleon seems to be able to hide all your stuff from creepjs.
So the best privacy you can get is to disable js completely.
How does this work exactly. I get it can see a fair amount of stuff on my browser, but if I close the page and then reopen the visit doesn’t go to 2 and I don’t see the signature I added. Does this mean it cannot fingerprint my setup?
Edit: I also tried this on my fairly vanilla firefox installation with ublock origin and I see that the visit count will go up as I return to the page—so I suppose the fingerprinting is working on that setup. On my iPad with adguard each visit appears to be unique.
That would be just one last step before giving up on using internet entirely
Thanks for sharing CreepJS. Agreed on JavaScript. I’m a fan of LibreJS filling in a gap after uMatrix was discontinued.
Wasn’t most/all of uMatrix functionality folded into uBlock Origin?
Dunno. I like uBlock Origin a lot but disabling scripts per site is not something that feels very comfortable for me. With LibreJS it can be quite a hassle but I’m already quite used to that, and on the way I kind of learn things. Like that blocking scripts about Apple and Google logins at Twitter with LibreJS helps with clutter free reading and not being asked to login.
@Deckweiss Thanks! Can’t say I fully understand the analysis (yet), but it seems very thorough. Time to dig into the documentation.