this post was submitted on 14 Aug 2024
220 points (97.0% liked)
Firefox
17957 readers
76 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Chameleon. My user agent changes every 30 seconds. Makes attempts to track me basically useless.
Changing your user agent will not stop you being tracked. Browser fingerprinting can work with heaps of different signals, and is very difficult to block.
It means I'm being tracked for 30 seconds. So basically useless tracking.
Chameleon doesn't just change the user agent. It changes a bunch of stuff that's used to break fingerprinting. Of course you have a fingerprint, but it constantly changes so that the data they collect is so short lived that its useless to them and therefore very useful to me.
You can try to fool it with a VPN, change country, etc but it doesn't work. Fingerprinting is very strong these days.
That website is marketing bullshit. It doesn't tell you if you fingerprint "ID" is unique. If can just spit out the same fingerprint for millions of users, and it looks impressive but its totally worthless as a fingerprint.
Try again with some service that isn't trying to sell you their product
https://abrahamjuliot.github.io/creepjs/index.html
Your extension might make you MORE finger-printable. Advanced fingerprinting scripts can detect lies told by extensions.
https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting
If you're actually interested in reducing your fingerprint you should read the arkenfox guide which leverages built in features from firefox. You'll see very quickly that if someone wants to fingerprint you it's trivial and there's little you can do short of TOR.
more reading: https://www.privacyguides.org/en/desktop-browsers/?h=fingerprint#anti-fingerprinting
Again, they can fingerprint me. Buy their fingerprint is useless because it constantly changes.
You misunderstand. They're calculating a fingerprint that identifies you across sessions despite you changing up a bunch of values on your browser with an extension because that's all highly detectable. They know it's junk data they don't use it. It actually is worse because you stop blending in with the crowd.
You're better off blending in then trying to look unique with every visit. The latter is a flawed concept.
Read the arkenfox guide they get into it. Most extensions just reduce your ability to blend in to the crowd and thus should be avoided.
They don't. I'm telling you they don't. When I disable my ad blocker, the ads I see are not relevant to me. Many times they're not even in a language that I can speak.
They are not tracking me between sessions. Its obvious.
What you're saying makes sense, and its why Tor does what it does. But in practice, this works too.
If you try with a Tor browser you'll get a unique ID everytime.
Feel free to try this one instead: https://www.amiunique.org/fingerprint
Or whatever website you prefer, really. Fingerprinting is not solved by a single extension or checkbox. It's really hard.
Are you passing CloudFlare captchas with that? I'm using a VPN and whenever I hit a CloudFlare captcha with a modified user agent, it doesn't let me pass.
Sometimes. It depends if the admin misconfigured their cloudflare.
I dont have issues logging into cloudflare's website itself with this setup. I have had to email many website admins to let them know that they have a broken cloudflare config.
Doesn't that fuck up logins and stuff?
Nope. Why would it?
I would imagine many services would think you're hijacking the session or something.
No, that would he a very dumb system. Because it would false positive every time someone changed their user agent, which is a common defense tactic in today's threat landscape.
You don't want to ban someone for protecting themselves. But I'm sure there are dumb execs who have thought this was a good idea until someone on the sec team slapped them and said "no"