You really can't put too much faith into the "you're unique!!" conclusions that fingerprinting sites give out. The sites don't receive much traffic, because only privacy nuts visit them, so any conclusions that you're "unique" (in the world?) is suspect at best. Most (all?) also take into account volatile attributes like the version number, which makes the previous problem worse by further reducing the actual sample size.
Suppose a fingerprinting site used (user agent, timezone, user language, screen resolution) as an uniqueness key for its fingerprints, and those were the only fingerprintable attributes. User agent changes often, basically every month for firefox and chrome, so the version information is basically garbage. If you had two firefox users visit the site two months apart, but with the same timezone, language, and screen size, then for all intents and purposes they're indistinguishable. However most fingerprinting sites will happily say "you're unique out of 1 million visitors!".
To make this even worse, people will inevitably revisit these sites and use "fingerprint blocking" extensions, which randomize various attributes. The fingerprinting sites aren't very sophisticated and can't tell attributes are being faked, so it'll record that as a new visitor, which has the effect of bumping the denominator even more. Instead of saying you're unique among 1 million users, it'll say you're unique among 10 million users, but that's a lie, because 9 million of those devices never existed.
You should not forget that sites can use cookies to link old and new fingerprints. So if you visit HN after browser upgrade it will still understand that it's you and share the fingerprints with fingerprinting community. Also, fingerprints related to hardware (like GPU name, CPU type and core count) do not change often.
> If you had two firefox users visit the site two months apart, but with the same timezone, language, and screen size, then for all intents and purposes they're indistinguishable
Absolutely wrong. The users will have different hardware, maybe different ISPs, cities etc.
>You should not forget that sites can use cookies to link old and new fingerprints. So if you visit HN after browser upgrade it will still understand that it's you and share the fingerprints with fingerprinting community.
They theoretically could but which sites are actually doing this?
>Also, fingerprints related to hardware (like GPU name, CPU type and core count) do not change often.
That basically boils down to what phone model you have. The number of iPhone 16 users (for instance) in a given city isn't exactly small.
>Absolutely wrong. The users will have different hardware, maybe different ISPs, cities etc.
If you read the comment more carefully you'd understand that it was toy example to prove a point, not a claim that you can only be fingerprinted by those attributes. I even specifically prefaced it with "suppose".
> The sites don't receive much traffic, because only privacy nuts visit them, so any conclusions that you're "unique" (in the world?) is suspect at best
Very much this. For example, according to that amiunique.org link, I am literally the only person on the planet who has their browser set to Japanese and that alone makes me unique.
> so any conclusions that you're "unique" (in the world?)
I don't think too many people are labouring under this idea, I think it's implicit that "unique" is in terms of those people those people who've volunteered for fingerprinting by this site.
I was amused to see that my referer value of 'https://news.ycombinator.com/' matched 1/1000th of "all" browsers, Hacker News is popular in certain circles but clearly this is self-selecting sample.
I'm in the Pacific Time Zone which covers LA, SF, San Diego, Seattle, or 51 million people. Apparently, 90% have a smartphone (that includes kids) which is lower than 90% but for adults is 97%. Looking various statics of sales, upgrade cycles, etc there are probably at between 500k of 1million iPhone 15 Pros (not 15, not 15 Pro Plus, just 15 Pro)
Every iPhone 15 Pro will have the exact same fingerprint. The only settings that "leak" are langauge, time-zone, font-size, light/dark preference. There's isn't anything else an iPhone user can change.
Given those, and given most people have those set to the default, at best there are 100k people giving the same fingerprint, likely more. But, if I go to the Eff's site on my iPhone 15 pro it will falsely claim my fingerprint is unique. (https://coveryourtracks.eff.org/)
Yes, it might be unique to their server since no one visits. But if no one visits there's no point to fingerprinting. It's only popular sites that would gain from fingerprinting and yet the EFF is effectively lying about those sites ability to fingerprint.
I wouldn't call it a lie. The canvas jitter for each iPhone 15 Pro will be different. Different battery ages, different lifetime workloads. And no manufacturing process currently results in identical CPU performance.
That results in different nanosecond ranges of performance, for your canvas.
It is lie. They're making up stuff to spin their position
> The canvas jitter for each iPhone 15 Pro will be different.
There is no such thing. I write tests for GPUs and iPhones in particlar. They don't produce different results
> Different battery ages, different lifetime workloads.
This is not something you can check from a webpage on an iPhone
> That results in different nanosecond ranges of performance, for your canvas.
There is no nanosecond measurement you can use to generate a fingerprint in a browser. All you'll get is noise which will give you a different fingerprint.
Maybe if you ran for several minutes with a frozen page doing nothing but timing could tease some signal out but no sites are doing that. No one would continue to use a site that froze for seconds every time they visited.
That doesn't sound like you've actually read any of the widely adapted and used techniques, employed by everyone from PornHub to Meta, nor does it sound like you're willing to.
>That doesn't sound like you've actually read any of the widely adapted and used techniques, employed by everyone from PornHub to Meta, nor does it sound like you're willing to.
It doesn't look like you read the comment you're replying to either, because you failed to respond to any of the specific objections that were raised. Let's try again with the first one: do you have any proof that "canvas jitter" as you described it (ie. it varies between devices of the same model) actually exist?
Have you bothered to look, yet? It's been in use since 2012. Responding to specifics, when someone is acting out of bad faith, isn't generally a good idea. But fine.
> In 294 experiments on Amazon’s Mechanical Turk, we observed 116 unique fingerprint values, for a sample entropy of 5.73 bits. This is so even though the user population in our experiments exhibits little variation in browser and OS.
> In 294 experiments on Amazon’s Mechanical Turk, we observed 116 unique fingerprint values, for a sample entropy of 5.73 bits
The claim being disputed was "canvas jitter for each iPhone 15 Pro will be different", not the broader claim of whether canvas fingerprinting exists at all. 116 unique fingerprints out of 294 doesn't really prove the former is true, especially when you consider that people on Mechanical Turk are probably all on laptops/desktops, which have more hardware diversity compared to smartphones. Moreover if the claim is that every (?) iPhone of the same model has different canvas outputs because of "canvas jitter", wouldn't we expect far more unique fingerprints?
Went down that rabbit hole of training crows to do things. Crows are such amazingly intelligent creatures. There is a whole scene of people teaching and training wild crows silly things.
I had to stop feeding the local crows. I thought I'd been training them to come when I called, but realized that they had started training me to come out by pecking my roof.
I started feeding a wounded pheasant that frequented my garden. I trained it to come to a specific place near the back door so the local squirrels didn’t grab everything. The pheasant soon learned that it could get me to come out with food by going to that place and squawking loudly
It's always me coming into these comment sections on animal intelligence posting shadow the rat videos, well, I love rats sooo much, so here I am again. They're really wonderful pets who are clearly very loving and extremely intelligent. Cannot recommend them enough, they're fantastic. https://www.youtube.com/watch?v=AV9z0c1hjnA
Proton Mail's extremely bureaucratic operational deafness, and their glacial pace of product features and open-sourcing, would certainly lend support to that idea.
I actually wish this was true. I want an email service that would last forever and is secure enough from my threats, namely security breaches of the email host and account takeover from non state actors.
Gmail is close enough, but I want an alternative. An email service run by the nsa or the cia would be great.
I would be interested in this too. Also from my laymen understanding it should be not that hard to develop filters for at least larger particles. Or is that too simple thought out?
I trust any bar more about privacy than anyone on the internet. Their incentive to maximize consent to stalk me and my behavior is close to non-existing.
This is quite a silly comparison, because these cards are cheap to produce and trivial to manufacture relative to something like a car. The value is from the perceived scarcity, not from the perceived quality or luxury or usefulness, and the scarcity is at the whim of the manufacturer who artificially decides which cards will be scarce and which will be common.
To be fair, unlike a monopoly controlled product, Ferraris are fungible in that I can equally not be able to afford a Lamborghini, Bugatti, Koenigsegg and numerous others. We have many options for cars we can't afford. The Honda will have to do. :-)
Not a useful comparison, since the limitation isn't of the supply of cards overall but of particular cards that (other than the material printed) are identical to the common ones.
I would put logging as a bottom tier feature for most chats. The characteristic of chats is in the moment and not some archival function. I am a heavy discord and telegram user but overall I would value the benefit of everything getting deleted after 72hours higher than the few times I actually search for something older than that.
from the perspective of average redditors, intelligence is obedience to social norms. obedience is their highest virtue, and the more intelligent you are, the better at obeying you can be.
Problem is minimal viable expectations and how fast these ar filled. In 90% of Reddit you will get flamed for offering money for anything. Wouldn‘t even touch my mind to go there.
