A web page that tells you what your browser gave away the moment you arrived. No login, no form, no permission. Most pages do this. None of them tell you.
Laughing my ass off reading through this. The sanctimonious and passive aggressive threatening tone is perfect for how much info it got wrong just because I use Firefox and an adblock. YOUR BROWSER DIDN’T TELL US ANYTHING ABOUT THIS, LIKELY BECAUSE ITS FIREFOX. BUT THAT MEANS WE KNOW YOU USE FIREFOX AND WE ARE CHOOSING TO BE SAFE WITH THAT INFO, YOURE WELCOME, PWNED!!!11!1111!1
Teaching people about fingerprinting and how important understanding it is for personal privacy is good, but acting like a 4chan script kiddy group and making bizarre empty threats like you’re mr robot ain’t it, dawg.
From other comments this is likely some AI slop to sell a product, but if they’re serious they come off like they just slept through sec+ and think they’re shadow brokers now lmao
This volume requires JavaScript. That is part of the point — your browser is what is being read.
With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops.
The fact that they’re stopped from “the telling” says a lot about their abilities, but not much about “the disclosure”.
I imagine it was just stuff collected in most server logs: IP Address, user agent string… I’m not too concerned, really.
On a bog standard phone with dns blocking and nothing more, it was able to identify a lot of information. Some pieces of information I didn’t realize are sent to websites when I visit them. It’s a good demonstration of fingerprinting.
Using a slightly less popular browser with a single privacy addon almost completely circumvented their fingerprinting. Changing the user agent to mask the few pieces of almost useless info it did get, would have totally circumvented their fingerprinting.
I understand the average user would have more correct indicators. The point is, if they’re going to run a service like this, pretending to be hackers and making entirely toothless threats to scare people with info they likely don’t even know how to interpret themselves, shows how incompetent they are and that they don’t actually want to educate. Hence why most legit groups that do education like this choose to present themselves as professionals and adults instead.
You should try fingerprint.com .That is what Dropbox, Booking.com, TikTok etc use and you need Firefox with Jshelter set to the following settings to defeat it.
Time precision: High
Locally rendered images: Little lies
Locally generated audio: Little lies
WebAssembly speed-up: Enabled
Everything else including Fingerprint Detector disabled
I’m not saying I’m a sec expert and impervious to tracking. I don’t need to try multiple sites until one gives me more correct hits, I understand the basics of fingerprinting and how it can be used maliciously. I do more than the average user to safeguard my information.
My point is, real sec professionals attempting to educate and make the general public more knowledgeable about privacy don’t have to rely on scare tactics and vague implications that they live in the matrix and are coming for you to accomplish that. It makes them look like ding-dongs who need to take the trenchcoats and sunglasses off and open the blinds. This thankfully seems to be a common sentiment in this thread.
Even bog standard ios hides some stuff they claim to have.
WHAT RENDERS YOUR WORLD
Apple GPU
Your graphics processor identified itself as Apple GPU. This tells us the manufacturer, the generation, and roughly the price of your machine. Combined with your screen size and font list, this string alone can distinguish your device from most others on the internet. The technique is called WebGL fingerprinting. No permission is required.
Uh sure, that string tells you the generation and price.
Laughing my ass off reading through this. The sanctimonious and passive aggressive threatening tone is perfect for how much info it got wrong just because I use Firefox and an adblock. YOUR BROWSER DIDN’T TELL US ANYTHING ABOUT THIS, LIKELY BECAUSE ITS FIREFOX. BUT THAT MEANS WE KNOW YOU USE FIREFOX AND WE ARE CHOOSING TO BE SAFE WITH THAT INFO, YOURE WELCOME, PWNED!!!11!1111!1
Teaching people about fingerprinting and how important understanding it is for personal privacy is good, but acting like a 4chan script kiddy group and making bizarre empty threats like you’re mr robot ain’t it, dawg.
From other comments this is likely some AI slop to sell a product, but if they’re serious they come off like they just slept through sec+ and think they’re shadow brokers now lmao
Similar results with NoScript.
The fact that they’re stopped from “the telling” says a lot about their abilities, but not much about “the disclosure”.
I imagine it was just stuff collected in most server logs: IP Address, user agent string… I’m not too concerned, really.
On a bog standard phone with dns blocking and nothing more, it was able to identify a lot of information. Some pieces of information I didn’t realize are sent to websites when I visit them. It’s a good demonstration of fingerprinting.
Using a slightly less popular browser with a single privacy addon almost completely circumvented their fingerprinting. Changing the user agent to mask the few pieces of almost useless info it did get, would have totally circumvented their fingerprinting.
I understand the average user would have more correct indicators. The point is, if they’re going to run a service like this, pretending to be hackers and making entirely toothless threats to scare people with info they likely don’t even know how to interpret themselves, shows how incompetent they are and that they don’t actually want to educate. Hence why most legit groups that do education like this choose to present themselves as professionals and adults instead.
You should try fingerprint.com .That is what Dropbox, Booking.com, TikTok etc use and you need Firefox with Jshelter set to the following settings to defeat it.
I’m not saying I’m a sec expert and impervious to tracking. I don’t need to try multiple sites until one gives me more correct hits, I understand the basics of fingerprinting and how it can be used maliciously. I do more than the average user to safeguard my information.
My point is, real sec professionals attempting to educate and make the general public more knowledgeable about privacy don’t have to rely on scare tactics and vague implications that they live in the matrix and are coming for you to accomplish that. It makes them look like ding-dongs who need to take the trenchcoats and sunglasses off and open the blinds. This thankfully seems to be a common sentiment in this thread.
Or a Firefox fork with resistFingerprinting disabled (Jshelter deals with that).
Even bog standard ios hides some stuff they claim to have.
WHAT RENDERS YOUR WORLD
Apple GPU
Your graphics processor identified itself as Apple GPU. This tells us the manufacturer, the generation, and roughly the price of your machine. Combined with your screen size and font list, this string alone can distinguish your device from most others on the internet. The technique is called WebGL fingerprinting. No permission is required.
Uh sure, that string tells you the generation and price.