- cross-posted to:
- technology@lemmy.world
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
- technology@lemmy.world
You must log in or # to comment.
This volume requires JavaScript. That is part of the point — your browser is what is being read.
Looks like I’m safe
It shows me the time for Reykjavik after identifying the city and country correctly.
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
Time to start installing and uninstalling random fonts everyday.
Or you could use chameleon browser extension.
It changes your data every 5 minutes
And then you become even more identifiable cause you’re part of the 10 madmen in Google’s database who do it
In reality hes the only madmen but switches IPs in between
Your screen is 360 by 640 pixels, rendered at 4x density — which means it is almost certainly a recent, high-end display
GUESS AGAIN, IDIOTS!
Your finger moved 899 times… what???
It seems to count a swipe as a series of dozens of movements. Probably to show there’s a clear fingerprint even in how exactly you move your finger.
Websites don’t just get a “swipe” command. They know exactly where your finger is on the screen at any given moment.
What other tabs were open? 👀
Well too bad!
🗿
the data is still there tho
Can’t trust vibecoded website tbh cause they’re just saying BS there, as longest the javascripts off, it wouldn’t be able to obtain the obvious data of your devices
You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
Looks like the demo is open source: https://github.com/fingerprintjs/blog-nojs-fingerprint-demo
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
If you’re referring to browser user agent, then yes it’s trackable but other than that it is useless with no JS cause it can’t access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don’t use “most browser” like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
You can still fingerprint a user based on CSS features.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/#css
Whoops, I dunno why it’s formatted weirdly
Because it’s AI-slopped.
Well then I am glad that it got most of it wrong. I don’t even put thaat much emphasis on fingerprinting countermeasures. Apparently, using Firefox in a private tab is enough.
And yet here they are showing me their webpage in darkmode 😒
Well they tried
Yeah that was the one part they were way off on for me
all trackers hate this one trick
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
Nothing makes you more unique than being one of the few people who disable java script
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
Great news. My VPN is working!
I’m not even on VPN and I was located half a country away in Europe
It’s been a few years since I was invested in this topic, but I think the “meta” for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.
Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.
Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.
Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don’t want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.
For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a “blocks JavaScript flag” is just a single unique identifier.
Sandboxing and siloing can also mitigate some of the risk, and is relatively painless once implemented.
All of it comes down to threat model and motivation. You can probably get like 70% better privacy/security for 20% of the work, which is a good standard for a typical usecase/person. Install ublock, disable some of the higher risk and less useful tracking (websites don’t need my fucking battery and gyroscope).
Diminishing returns start to hit hard, in part due to the passive fingerprinting / active tracking tension, due to cloudflare, due to everyone around you that doesn’t give a shit. Anything on the other end of the risk spectrum should just be done without a smartphone in the vicinity, if possible.
I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.
That’s it.
