It's not just your browser: Your machine can be fingerprinted easily

[Cobaltius]

It's not just your browser: Your machine can be fingerprinted easily

 

Quote

The group – Yinzhi Cao and Song Li of from Lehigh University in Pennsylvania, and Erik Wijmans from Washington University in St. Louis – have worked out how to access various operating system and hardware-level features that can fingerprint an individual machine, regardless of browser.

 

Unless I am mistaken your browser is still the conduit thus they still need to access your machines information through your browser  so sandboxing your browsers should stop this.

[straycat19]

3 hours ago, Cobaltius said:

It's not just your browser: Your machine can be fingerprinted easily

 

 

Unless I am mistaken your browser is still the conduit thus they still need to access your machines information through your browser  so sandboxing your browsers should stop this.

 

I could say you are showing your ignorance about computers but instead I will just say you are mistaken.  If what you said was true then sandboxing your browser would stop all the telemetry being sent from Windows to Microsoft.  Oh, wait a minute, publicly people have identified 198 connections, while my group has identified 253 connections, none of which are going thru the browser.  If you want to block anyone from getting any information on your system, including identifiable HWID and other fingerprints, then just don't connect it to the internet, in essence you would be sandboxing Windows.  These items can also be obtained even if you connect thru a VPN, which only blocks your true IP Address.  The NSA has had this ability for many years and in reality Windows 10 just made it easier for them to identify systems and track them because there are so many open data streams.  This information has been made available at DEFCON over the years and discussed among security professionals but not very much has been published publicly.  Their are tidbits in some of Snowden's releases if you take the time to read and know what you are looking for.

[D1v1n3D]

which is why the os tails is to be used in conjuctions with wifi only and vpn through public wifi acces not at home with a refurbed system from local pc shops good luck tracking you then.

 

[Atasas]

Since officially permitted intrusion by the most of the governments to be spying on everyone browser developers simply can not guarantee third party cookies to be safe and confidential. Thor is rather cumbersome to use.

"news" are inn- we are all vulnerable

[Skunk1966]

On 23-1-2017 at 6:24 PM, straycat19 said:

publicly people have identified 198 connections, while my group has identified 253 connections, none of which are going thru the browser

are you willing to release the list of connections identified by your group here for us so we can check which we can block without losing useability of our systems?

[steven36]

2 hours ago, Skunk1966 said:

are you willing to release the list of connections identified by your group here for us so we can check which we can block without losing useability of our systems?

Quote

 

ijijjjjijjjijijjjiii

The link links to a paper that references http://www.uniquemachine.org/ as a demo of this and the article states that only Tor Browser is immune to this.

Nobody ever remembers NoScript, do they? UniqueMachine does absolutely nothing here on Firefox because all its machine fingerprint detection is done via JS.

 I tested it and his demo dont work at all on my machine i use NoScript globaliy  enabled  and policeman  my firefox browser is  immune  just like @ijijjjjijjjijijjjiii said.

 also i tested it in chrome just using umatrix  the test will not work here because hes checking trough java script .

Slimjet

 

 

 

Firefox

 

only reason it errors out is because i allow some scripts   if i  dont allow any 3rd party scripts  it dont even do anything at all  This is a noob problem (normal user) it would not be a issue to most people concerned  about privacy  that use protection in there browser.

 

[dcs18]

The naked truth about fingerprinting at this particular site, http://www.uniquemachine.org/

 

 

ATM, all the following elements can be safely allowed at http://www.uniquemachine.org/ without getting fingerprinted:—

 

JavaScripts
Cookies
CSS
Images
Frames
Objects
Object-Subrequests
Websockets
SubDocuments

 

 

ATM, the following elements at http://www.uniquemachine.org/ are responsible for getting fingerprinted:—

 

http://sec.uniquemachine.org/uniquemachine/details
http://sec.uniquemachine.org/uniquemachine//features
http://sec.uniquemachine.org/uniquemachine//features
http://www.uniquemachine.org/fingerprint/transparent/shader.fs.glsl?please-dont-cache=0.38079686112153033
http://www.uniquemachine.org/fingerprint/transparent/shader.vs.glsl?please-dont-cache=0.02714854228851515
http://www.uniquemachine.org/fingerprint/twoTexturesMoreLight/shader.fs.glsl?please-dont-cache=0.9363574840449824
http://www.uniquemachine.org/fingerprint/twoTexturesMoreLight/shader.vs.glsl?please-dont-cache=0.4295843570296979
http://www.uniquemachine.org/fingerprint/moreLight/shader.fs.glsl?please-dont-cache=0.07897375611723803
http://www.uniquemachine.org/fingerprint/moreLight/shader.vs.glsl?please-dont-cache=0.510688593901164
http://www.uniquemachine.org/fingerprint/simpleLight/shader.fs.glsl?please-dont-cache=0.19392493497154956
http://www.uniquemachine.org/fingerprint/simpleLight/shader.vs.glsl?please-dont-cache=0.44428586185213265
http://www.uniquemachine.org/fingerprint/simpleLight/shader.fs.glsl?please-dont-cache=0.7673207959276888
http://www.uniquemachine.org/fingerprint/simpleLight/shader.vs.glsl?please-dont-cache=0.663933174454864
http://www.uniquemachine.org/fingerprint/texture/shader.fs.glsl?please-dont-cache=0.6819007384236085
http://www.uniquemachine.org/fingerprint/texture/shader.vs.glsl?please-dont-cache=0.6394057521003186
http://www.uniquemachine.org/fingerprint/texture/shader.fs.glsl?please-dont-cache=0.5019250826726595
http://www.uniquemachine.org/fingerprint/texture/shader.vs.glsl?please-dont-cache=0.6497180532057275
http://www.uniquemachine.org/fingerprint/three/textures/compressed/park3_cube_mip_2bpp_rgb_v3.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/park3_cube_nomip_4bpp_rgb.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/flare_2bpp_rgba.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/flare_4bpp_rgba.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_2bpp_rgb.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_4bpp_rgb_mips.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_4bpp_rgb_v3.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_4bpp_rgb.pvr
http://www.uniquemachine.org/fingerprint/three/textures/compressed/Mountains_argb_nomip.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/Mountains_argb_mip.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/Mountains.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_argb_mip.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_argb_nomip.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/explosion_dxt5_mip.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/hepatica_dxt3_mip.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_dxt1_mip.dds
http://www.uniquemachine.org/fingerprint/three/textures/compressed/disturb_dxt1_nomip.dds
http://www.uniquemachine.org/fingerprint/three/textures/cube/Park2/negz.jpg
http://www.uniquemachine.org/fingerprint/three/textures/cube/Park2/posz.jpg
http://www.uniquemachine.org/fingerprint/three/textures/cube/Park2/negy.jpg
http://www.uniquemachine.org/fingerprint/three/textures/cube/Park2/posy.jpg
http://www.uniquemachine.org/fingerprint/three/textures/cube/Park2/negx.jpg
http://www.uniquemachine.org/fingerprint/three/textures/cube/Park2/posx.jpg
http://www.uniquemachine.org/fingerprint/three/textures/color.png
http://www.uniquemachine.org/fingerprint/assets/simple.json?please-dont-cache=0.6650778944987088
http://www.uniquemachine.org/fingerprint/assets/Susan.json?please-dont-cache=0.295282638005684

 

 

ATM, the following single filter will ensure protecting against fingerprinting at http://www.uniquemachine.org/:—

 

*$xmlhttprequest,domain=uniquemachine.org

 

 

ps:—

The above points are released at bare minimum just for the purpose of protection against fingerprinting — they do not purport to optimize the site, WRT to my usual protection against Malvertising.

 

pps:—

One does not need a battery of add-ons — just one simple ad. blocker is all that is required (knowledge and wisdom is all that matters.)

[steven36]

Yes that  rule works  on that one site even if  i disable  umatrix  and just use my adblocker 

 

Hes checking  trough webgl witch i keep disabled in Firefox if you see the Firefox screen shot ..it tells me my graphics card dont even support it.  so hes wrong  it does support it its just disabled in my browser  lol.

 

Webgl for fingerprint instead of canvas (or with canvas)

https://github.com/Valve/fingerprintjs2/issues/7

Quote

 

Didn`t have time to test if stuff like this
https://github.com/kmowery/canvas-fingerprinting.git
(https://github.com/kmowery/canvas-fingerprinting/tree/master/static/experiments/webgl-teapot)
correlates with canvas fingerprint.

Both fingerprints (canvas/webgl) produce hash for [graphic_card, current_driver_version, browser_wrapper_code] vector. So there should be some sort of correlation, so maybe a separate option for "webgl" fingerprint should exist.

 

 

 

The problem with site adblock rules it only helps if checking at that site it dont help at it all if the government was checking somewhere else ..Truing off Web GL , using canvas  fake fingerprint  using script block etc.  is global protection  It's better too be sate than sorry . many many sites are using canvas 

 

 

here is what all they check

• Quote

   

  • the User agent header
  • the Accept header
  • the Connection header
  • the Encoding header
  • the Language header
  • the list of plugins
  • the platform
  • the cookies preferences (allowed or not)
  • the Do Not Track preferences (yes, no or not communicated)
  • the timezone
  • the screen resolution and its color depth
  • the use of local storage
  • the use of session storage
  • a picture rendered with the HTML Canvas element
  • a picture rendered with WebGL
  • the presence of AdBlock
  • the list of fonts

   

   

its not site specific someone could be checking at any site at any time .

 

https://amiunique.org/faq

[dcs18]

Just a little heads-up for folks who are on the latest Nightly 55.0a1 — there's a new anti-fingerprinting preference that's been introduced (it needs to be switched to true):—

 

• ("privacy.resistFingerprinting")