Scary

Well. That's horrifying. Thanks, I guess.

So uh... By using fennec and sometimes a VPN. Am I making myself more unique and fingerprint able?

Should I be using something that sends randomised bogus data instead?

Here I thought I was private but some of these 1% figures makes it look like I'm very unique and easily tracked.

It's been a few years since I was invested in this topic, but I think the "meta" for reconciling the tension between blocking tracking and unique fingerprinting was to, in some cases, spoof information rather than outright block it.

Tor browser does that by default, though a few years ago when I tried to use it as a daily driver it was too tedious thanks to cloudflare.

Most of my research regarding browsers was focused on computers. Now that Firefox mobile can run extensions some of this might be mitigated that way.

Blocking JavaScript unfortunately makes you super unique but the tradeoff is probably worth it imo. I don't want every random site I visit to immediately run a bunch of code, especially third party nonsense. Even if it makes my traffic stand out.

For most threat models I suspect unrestricted JavaScript is more dangerous than the potential for fingerprint-based tracking. Or at least JavaScript is very likely to leak multiple unique data points, whereas a "blocks JavaScript flag" is just a single unique identifier.

Sandboxing and siloing can also mitigate some of the risk, and is relatively painless once implemented.

All of it comes down to threat model and motivation. You can probably get like 70% better privacy/security for 20% of the work, which is a good standard for a typical usecase/person. Install ublock, disable some of the higher risk and less useful tracking (websites don't need my fucking battery and gyroscope).

Diminishing returns start to hit hard, in part due to the passive fingerprinting / active tracking tension, due to cloudflare, due to everyone around you that doesn't give a shit. Anything on the other end of the risk spectrum should just be done without a smartphone in the vicinity, if possible.

The only thing in there I find surprising is the battery info. I'm not sure what legitimate use a website would have for that one. And perhaps that the gyro isn't behind a permission. There's pages that use it for 360 video for example, but you should have to allow that one.

Your IP address is a fundamental part of communication over the Internet, obviously the servers you speak to are going to need to know where to send their replies. There are ways to mask that ofc; proxies, vpns, etc.

Timezone+Language are needed for localization.

Display information and preferences, to render things correctly/as desired. Desktop web pages look like crap on a mobile display (and what type of mobile? Tablet, or phone?), plus they can't (well, shouldn't) show things in darkMode unless you tell them that's what you want...

Cookies: it does say 0mb stored by others for me, but that's not entirely true. Sites are typically given independent storage so they can't read eachothers cookies, but they can work together to have one site read its own cookies and pass that on to the site you're currently visiting, on request, all embedded in the original page you were viewing. Just because they can't read eachothers storage directly doesn't necessarily mean thay can't get the data. 10gb per site seems like an absurdly high limit for this though. You could store whole movies in that space.

Visibility is one I've known but never really liked. The only 'legitimate' use for that I've seen is pausing media when it leaves your screen (or waiting to start media until its entered view), but half the time that's undesirable anyway. Why should a site know if, when, and how long I've looked at a particular portion of the page?

It already got my location very wrong.

Very well done site!

Ty for sharing

I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.

That’s it.