Sayona
Miguel de Icaza ᯅ🍉“You opened this page. It already knows the following.”
Bill@Migueldeicaza I know you knew the browser provided all of that before you opened the link. I did too.
Were you still as freaked out as me, even though you knew it was gonna happen?
Offbeatmammal@Sempf @Migueldeicaza it's one thing knowing it, but quite another seeing it unfold in front of you. Experiencing it makes it more visceral
@Offbeatmammal @Migueldeicaza This reminds me of showing developers how ineffective browser security controls are against an attacker. The developer knows that the browser is just talking to a backend server and that you can insert yourself between that space but it's very different seeing it.
saxnot ➡️ GPN, RockHarz@Sempf @Offbeatmammal @Migueldeicaza ah damn it didn't work for me
most things report "your browser blocks this" and some things like location or language are a shot in the dark
most things report "your browser blocks this" and some things like location or language are a shot in the dark
dory@Migueldeicaza the gyroscope data through the browser is the one that freaks me out every time.
you'd think over a decade of Niantic shenanigans would be the salient reminder
@isilzha314 @Sempf @Migueldeicaza that stuff has been working for you? Hm
It said I am lying completelt flat (i am not) with 0° inclination
@Sempf I really loved the tone, typography and disclosure- such a. Rautiful way of presenting it :-)
MaineC@Migueldeicaza @Sempf thank you so much for sharing that link! I know someone who'll love it.
Now I'm wondering if there's anything similar showing what your average commercial social media, games and AI chatbot apps are collecting...
@Sempf @Migueldeicaza i freaked out it took them 91 seconds
that can't be right
the things measured probably could be collected in 200 ms or less
rustynail@Migueldeicaza funny thing, if I use an anti-fingerprinting browser and a vpn and stuff like that, most things this page tells me are fake, but there is another website called something like amiunique.org, which tells me that the combination of all the fake things about me can still uniquely identify me on the internet... at least among its other visitors I guess
CritteRo@rustynail @Migueldeicaza `amiunique` considers me unique because I have my taskbar on the side, so the browser viewport is "unique".
LiquidParasyteVivaldi was found wanting.
Firefox was quite a bit better.
Firefox Focus was basically the same.
Surprisingly Cromite was the best overall.
All, for whatever reason, reported the exact gyroscope position.
My question is why the fuck do browsers even report this data
Officeplant@liquidparasyte @Migueldeicaza weird but nice to know that iOS and Safari are at least smart enough to block gyroscope and battery by default
@liquidparasyte not Safari :-)
Jesse@Migueldeicaza @liquidparasyte this is pretty eye opening and nicely presented. I do have a small gripe with safari because they disabled gyro suddenly about a decade ago without even leaving an option for the website to request gyro access via a dialog, thus breaking some genuinely cool web apps. There was a better way thru could have done it while still blocking silent gyro access
Ben Hammond@liquidparasyte @Migueldeicaza
felt a bit better after I read
https://vivaldi.com/blog/shared-networks-tracking-fingerprinting/
and noticed that the battery level was indeed inaccurate
EndlessMason@Migueldeicaza
> You have not enabled Do Not Track. This is the default. It means either that you chose not to, that you did not know it existed, or that you know it makes no difference. All three possibilities are informative.
Statements dreamed up by the utterly deranged
aburka 🫣@EndlessMason @Migueldeicaza I'm pretty sure all of these statements were dreamed up by an llm
@Migueldeicaza
This actually reminds me of support scam and ads for virus checkers from the 90s web.
A big fat popup that says "we have copied all the files from your computer
<iframe src="file://C:\">" and like... lamo, i guess.
Trey@Migueldeicaza AI slop site just learned what basic fingerprinting is
irelephantIt thinks I'm in london.
Wilm@Migueldeicaza it did not identify my browser correctly
BoudTo see a more complete #AmIUnique parameter list:
@WilmBoerhout @Migueldeicaza plus it's terribly easy to change that in a number of browsers...
clonedhuman@Migueldeicaza Is there a way to prevent this?
@clonedhuman @Migueldeicaza a VPN will hide* your IP (and thus aprox. location, and Timezone). There are also browser extensions that can change your User Agent (the metadata that tells websites your OS, browser, etc). That will pretty much cover everything.
Keep in mind that the website uses spooky language for what are either generic browser APIs, or plain old fundamental functions of the Internet.
@crittero @Migueldeicaza Thanks for the info! I did get an extension to change User Agent. Might not use it all the time.
COD@Migueldeicaza it was off on my location by 600 miles
Alexander Diemand 💚@Migueldeicaza tried it with tor browser. It does not know about gyro or so..
Magical Grrrl Betty@Migueldeicaza ehh, a lot of scare tactic language, and not a lot of actual explanations of the potential danger.
like, the "what renders your world" tells me nothing about how this information can actually be weaponized in any way.
or how it can tell what fonts i have. So? it gives no explanation for why this is dangerous (if it even is)
🫤
@magicalgrrrl oh bummer I will try to do better and deliver content that is more suitable for your needs. Thanks for letting me know, I will try to adjust my posts to meet your expectations in the future.
I apologize profusely for not meeting the moment.
Solitha@magicalgrrrl It did explain that.
Each data point alone is not important in itself, no more than any single ridge on the tip of your finger. It is the combination of them all into a whole that makes a unique fingerprint, that strips away your anonymity on the internet.
Once you become a known entity, your dossier can be fleshed out, bought, and sold. The US government has been buying this information, no warrant required. Anyone could.
caebo@magicalgrrrl It actually does: "Advertising networks combine this with your screen size, language, timezone, and GPU to identify devices across websites. Without cookies. Without accounts. Without a name. The technique is called browser fingerprinting. It is legal in most jurisdictions. It is happening on most pages you visit. None of them mention it."
It's location was 5000miles off. It's time said afternoon when it's morning. Makes me think tor does a pretty good job.
Io@Migueldeicaza idk its a nice project but i prefert projects like https://coveryourtracks.eff.org/
because they give you actual tips and tools
https://sinceyouarrived.world/taken just leaves you with a sense of awe and dispair
because they give you actual tips and tools
https://sinceyouarrived.world/taken just leaves you with a sense of awe and dispair
z3r0@IO @Migueldeicaza it is always the same isn't it? The whole internet content trying to make me feel scared but without telling me what can I do to change or at least mitigate the situation
neville park@Migueldeicaza this is cool but at this point I can practically smell LLM-coded websites. They all look the same. This one feels LLM-written as well.
@nev oh bummer I will try to do better and deliver content that is more suitable for your needs. Thanks for letting me know, I will try to adjust my posts to meet your expectations in the future.
I apologize profusely for not meeting the moment.
drmorr@Migueldeicaza lol it got half of the things incorrect, despite me not taking any particularly extreme measures to protect anything.
🌊
@Migueldeicaza most of this didnt shock me much. except for yhe fucking gyroscope why the fuck are websites using this data???
spooked me so much i enabled the sensors off dev feature on android
spooked me so much i enabled the sensors off dev feature on android
Karpour@Migueldeicaza happy to see almost all the data are completely wrong. Using Firefox with privacy plugins pays off.
Fun stuff, it says I am in Lepzig, but opened the page from another far away city.
Says I have a very modern extremely high resolution screen, that is spoofed and changes quite often.
Browser Firefox, well it is broadly based on it.
Languages in the browser, it got those right.
Fonts, told me I am unique, except it was spoofed too.
For those using plain firefox or chrome, chromium the results will be way more interesting.
For Tor it gets stuck enumerating the browser.
Furbland's Very Cool Account™@Migueldeicaza this is a cool page, but it’s also run by a grifty AI thing
@Migueldeicaza @bartt Yeah right. We already knew this for ages. And region lookup based on IP. We can do that at least for 40 years. So. What's so scary?
@Migueldeicaza @bartt I'm going to ignore this.
Bart Teeuwisse ❄️🇺🇦@ruurd @Migueldeicaza of course we know about reverse IP lookup. And various other digital finger printing techniques. This page demonstrates numerous ways very well. Non-nerds may not be so familiar.
@bartt In dat geval zou het weergeven van de feiten voldoende zijn in plaats van deze poging tot bangmakerij.
It will never know that I did not click the link.
Deadly Headshot@Migueldeicaza
Well done on the part of this old version of #Fedilab's built in browser for spoofing half the results to obscure my identity! I wish it blocked the power API though...
Well done on the part of this old version of #Fedilab's built in browser for spoofing half the results to obscure my identity! I wish it blocked the power API though...
@Migueldeicaza i like the idea
location completely wrong
What renders your world
GPU: kept back
Your browser masked your graphics processor
Battery: kept back
Your browser kept your battery level back. Firefox removed this API entirely in 2016
0° from horizontal
Your device is nearly flat — you may be lying down. The gyroscope reported this without your permission
(I guess the quib about permissions is not working that well here lol)
So I guess I am not doing that bad
@Migueldeicaza but yeah the page is correct I speak english and my browser requests english.
(I'm native german)
I like the emphasis on "other websites know more than this"
definitely
Meta and Google probably know a lot about me despite not using their services
Oh no the website knows my IP. How horrible! Why does it present it like a horrible fact?
Next up: postal worker telling me he knows where I live
@Migueldeicaza > Your device reported your timezone before the page finished loading. A website knowing your local time can infer when you sleep, when you work, and when you browse because you cannot sleep. Nothing about this was requested. The information arrived on its own.
yeah I know it was sent
that's why I sent it. It's useful to me as a user to have everyone else use my local time
at on point this is just technology working as expected
Chaddicus@Migueldeicaza it's always a bit chilling to be reminded how much data we're transmitting without even being asked or told. I also didn't realize that my browser was fingerprinting so I appreciate the heads-up.