this post was submitted on 12 Jul 2024
67 points (97.2% liked)
Privacy
31946 readers
636 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If EFF always says your browser has a unique fingerprint then that means the anti-fingerprinting is working, no?
If your fingerprint is unique, that means you can't be confused for someone else.
That is literally the opposite of anti-fingerprinting.
You want to look like 1000's of other people, so they can't prove it was you that visited a particular site and use that information against you.
If it's unique every time it means they can't create a consistent fingerprint for you.
A UUID assigned to each user is unique, but that's not useful for tracking unless you can ensure each user keeps the same number across visits.
The idea with anti-fingerprinting is the idea that no matter who you are or what your setup is, the fingerprint is created, it matches many, many other browsers
Imagine a sea of people in Guy Fawkes masks.
No, the idea is that you can't be traced via fingerprinting.
Both strategies accomplish that.
The issueI have with the "always unique" plan is that if they can determine your browser was associated with some set of unique IDs, then they can track you. Imagine a TOTP where the keys were leaked so the adversary can determine the entire set of possible codes.
If everyone's fingerprints always match each other's, then you have plausible deniability.
The only scenario in which this could happen would leave both strategies equally vulnerable.
Try it with Mullvad Browser or Brave. The former should give "You have a non-unique fingerprint", while the latter should give "You have a randomised fingerprint".
I personally prefer Mullvad, as it's not run by a raging homophobe and it's not based on Chromium.
You and 1000 friends go to a party all dressed in the same Mr Blobby costume. When one of you gets absolutely shitfaced at the open bar and vomits in the middle of the dance floor, they get kicked out and banned from next week's rager. Next week rolls around, and 1001 Mr Blobbys rock up on on the dance floor, because management has no idea which Mr Blobby cost them their deposit last week.
You and 1000 friends all go to a party dressed as a unique DeviantArt Sonic OC. One of you fails to hold their liquor. They get kicked out. You all attend the party next week all wearing a completely different costume of a completely different DeviantArt Sonic OC, since the number of them is functionally infinite. Management can't kick the vomiteer out because as far as they're concerned, Jimmy the Hedgehog didn't show up this week, because whoever was Jimmy the Hedgehog is now Steve the Echidna.