this post was submitted on 20 Nov 2025
398 points (98.1% liked)

Technology

76949 readers
3495 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
398
Browser Fingerprinting And Why VPNs Won’t Make You Anonymous (hackaday.com)
submitted 2 days ago by tonytins@pawb.social to c/technology@lemmy.world
102 comments fedilink hide all child comments
 

Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quite far from the truth, as interacting with internet services like websites leaves a significant fingerprint. In a study by [RTINGS.com] this browser fingerprinting was investigated in detail, showing just how easy it is to uniquely identify a visitor across the 83 laptops used in the study.

As summarized in the related video (also embedded below), the start of the study involved the Am I Unique? website which provides you with an overview of your browser fingerprint. With over 4.5 million fingerprints in their database as of writing, even using Edge on Windows 10 marks you as unique, which is telling.

you are viewing a single comment's thread
view the rest of the comments
[–] afox@lemmy.world 24 points 2 days ago (3 children)

Good luck I'm behind 7 proxies

[–] undefined@lemmy.hogru.ch 4 points 1 day ago (2 children)

I’m here with multi-hop VPN with the first two hops staying in-country and the rest all random + a shit load of DNS blocking lists and browser extensions + blocking Google. I use different VPN providers too. I’m also introducing variable delays to my traffic to make NetFilter data less helpful.

[–] hietsu@sopuli.xyz 9 points 1 day ago (3 children)

Hops don’t matter at all against fingerprinting, which includes things like fonts you have installed, the os, os version number, browser version, extensions, some browser settings/flags, timezone, keyboard layout, your screen resolution, dpi, and what ever the crap the ”canvas” has stored. So pretty much no matter what you do, you’re unique.

You can use some browsers that resist fingerprinting but guess what, those are so rarely used that again you shine like a beacon. I’m still yet to find an browser extension that would fake all my fingerprint parameters by setting them as what is the most common one in each category. So a Windows user running latest Chrome full screen on Fullhd monitor.

And there is nothing stopping websites running the fingerprinting services and scripts on their own server, albeit most rely on third parties for convenience, and these at least can be blocked.

[–] undefined@lemmy.hogru.ch 1 points 1 day ago

Right, that’s why I mentioned all the blocking at the DNS and browser extension level — most fingerprinting is being done by third-parties — I generally don’t see first parties fingerprinting but if they do it’s likely a website I chose to be on rather than some shady <script> from God knows where.

[–] artyom@piefed.social 2 points 1 day ago (1 children)

Some privacy browsers will randomize your fingerprint

[–] hietsu@sopuli.xyz 2 points 18 hours ago (1 children)

Randomized = unique, unless it is done ”smartly” by setting some very very common combo. Or unless it randomizes for every page load (which I recon would mess up many site functions, window width/height for example). And if there is not that many users having this on you shine like a beacon again as ”that randomizer guy”.

[–] artyom@piefed.social 1 points 17 hours ago (1 children)

Randomized = unique

...no

[–] undefined@lemmy.hogru.ch 1 points 10 hours ago* (last edited 10 hours ago) (1 children)

I imagine it’s somewhere between what both of you are saying.

I imagine “randomized” means a random common “fingerprint” (with parameters like user agent, language, etc) rather than just a unique set of randomized parameters (say, time zone in US but language set to Farsi which would be unique to an extent).

[–] artyom@piefed.social -1 points 10 hours ago* (last edited 10 hours ago) (1 children)

I mean it doesn't matter if it's unique or not. What matters is that your fingerprint changes as you browse.

[–] undefined@lemmy.hogru.ch 1 points 10 hours ago* (last edited 10 hours ago) (1 children)

Sorry but that’s totally wrong.

The entire point is that if it’s unique it can be considered a fingerprint — in fact the entire reason it’s called “fingerprint” is that in theory it’s unique like a real fingerprint.

If it’s common then it’s unreliable as a fingerprint because it’s no longer unique. Therefore whether it’s unique or not is the entire point and relevant to the topic.

[–] artyom@piefed.social 0 points 9 hours ago

Sorry, but that's totally wrong.

Imagine if you changed your literal fingerprint. No one would be able to trace it back to you.

Likewise, if your fingerprint changes as you browse, those activities can no longer be linked together, because you no longer have a "fingerprint" at all.

[–] Anivia@feddit.org 1 points 1 day ago

Laughs in Tails Linux

[–] GreenShimada@lemmy.world 10 points 1 day ago (2 children)

Please understand that browser extensions make you more easy to track. I used to be under the same assumption, but uBO is as far as you should go. fingerprints include your extensions.

[–] artyom@piefed.social 4 points 1 day ago (1 children)

That depends on whether your browser exposes them, and if/how they affect your fingerprint. If you go to deviceinfo.me it will show you what your browser is exposing.

[–] GreenShimada@lemmy.world 2 points 19 hours ago* (last edited 19 hours ago)

Yeah, there's also the covermytracks.eff.org and amiunique.org and https://abrahamjuliot.github.io/creepjs/index.html which is my favorite

[–] undefined@lemmy.hogru.ch 5 points 1 day ago (1 children)

My thinking is that most of the fingerprinting is happening by third parties, and where it’s the website operators themselves I’m not super concerned about being fingerprinted.

[–] GreenShimada@lemmy.world 2 points 19 hours ago (1 children)

Look at the uBO trackers on each site and you'll br surprised how often Google comes up.

[–] undefined@lemmy.hogru.ch 1 points 10 hours ago

From their domain that I’ve already blocked with DNS? Or are you talking about first-party scripts calling Google (which I’ve also seen though much more rare)?

In any case I block those too.

[–] Nighed@feddit.uk 1 points 1 day ago

If you go to the site, what does it think of your fingerprint?

[–] ZoteTheMighty@lemmy.zip 0 points 1 day ago

That's the point. It doesn't matter how many middle layers there are, if you're using a web browser, there are hundreds of pieces of information that can still be used to uniquely identify you. Do you have WebGL enabled? If so, you could be identified with 100 constantly changing proxies.