fingerprint.com is an actual tracking company, while the front page doesn’t show what it knows it shows weather it has seen you before.
You can setup browsers to randomize fingerprints (tor does this automatically) so while your browser fingerprint is almost always unique you can see if it changes enough so it doesn’t recognise you across accesses.
Only 50% correct in my case (similar to Browserleaks), correct the OS, Screenresolution, Country but wrong site, wrong even the ISP
Site might be linked to the node of your ISP
I wonder, do phones have 6dof tracking (space + rotation) or 3dof tracking (just rotations)
because if it’s 3dof I’m calling bullshit on some of this.
I have 7 3dof fullbody trackers for vrchat (cough cough !VRChat@sh.itjust.works cough cough) and they’re so damn inconsistent and need to constantly be ready to be calibrated to line up with what your body is actually doing. Having 1 3dof device can definitely detect walking or swinging, no shot it can tell if you’re in bed or on a couch
It told me I was likely sitting while I was sitting at my dining table. I assume if your phone is angled more towards the ground it would say you’re in bed.
Probably if its tilted to the side but still reporting a tall display.
Why did it get my GPU wrong?
AI generated code will just substitute bullshit if it can’t get you the right answer
How many points of identification are needed to positively ID you? Something like 35 IIRC according to Cover Your Tracks/EFF? Might be remembering wrong 🤔
This volume requires JavaScript. That is part of the point — your browser is what is being read.
Looks like I’m safe
Turning off JS doesn’t protect you from being FPd
Sure helps a lot
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn’t necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
You know it’s just counting the change in acceleration in your phone’s gyroscope chip or whichever it is. If you are typing something the phone “moves” twice with each swipe.
This page is just putting numbers it’s collecting from your phone into a template paragraph.
Thanks! I’ll have to keep an eye out for those things.
deleted by creator
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.
Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.
Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!
I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??
The opsec implications are severe.
Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose
Well maybe fingerprint duplication, some secure proxy provides a profile to follow/ plugin to install and all their customers look identical. Still gets your traffic pegged as a customer of that service.
It shows me the time for Reykjavik after identifying the city and country correctly.
Time to start installing and uninstalling random fonts everyday.
Or you could use chameleon browser extension.
It changes your data every 5 minutes
And then you become even more identifiable cause you’re part of the 10 madmen in Google’s database who do it
In reality hes the only madmen but switches IPs in between
Well too bad!
How do I turn off JavaScript?
🗿
the data is still there tho
Can’t trust vibecoded website tbh cause they’re just saying BS there, as longest the javascripts off, it wouldn’t be able to obtain the obvious data of your devices
You absolute can fingerprint someone without JavaScript enabled. This article explains what signals a website can use when JS is disabled, and those signals include probing what CSS features your browsers supports.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/
Unfortunately it looks like the demo link in their article doesn’t exist anymore. It definitely used to, because I remember testing it few years ago. But the write up is still good.
Looks like the demo is open source: https://github.com/fingerprintjs/blog-nojs-fingerprint-demo
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
If you’re referring to browser user agent, then yes it’s trackable but other than that it is useless with no JS cause it can’t access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don’t use “most browser” like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
You can still fingerprint a user based on CSS features.
https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/#css
Whoops, I dunno why it’s formatted weirdly
Because it’s AI-slopped.
Your finger moved 899 times… what???
It seems to count a swipe as a series of dozens of movements. Probably to show there’s a clear fingerprint even in how exactly you move your finger.
Websites don’t just get a “swipe” command. They know exactly where your finger is on the screen at any given moment.
What other tabs were open? 👀
all trackers hate this one trick
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
Nothing makes you more unique than being one of the few people who disable java script
Better a known locked door than inviting them into your home
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
And yet here they are showing me their webpage in darkmode 😒
Well they did say they don’t use the information 🤣
