i just used this exact extension with random option and even on browser quit i still get the same signature, so it doesn't seem to work anymore i have ublock origin, localcdn, i also used canvas blocker, jshelter and user agent randomizer, but i just CANNOT get a new ID on https://fingerprint.com/demo/ , even after restarting the browser. On firefox i get a new one, but on ungoogled chromium which is the most private version of chromium and chrome, i get the same id each time. Is anyone able to get a new ID on https://fingerprint.com/demo/ with a chromium-based browser? Not firefox-based There must be something in firefox that makes fingerprintingjs think it's a new browser, but i am not sure what
On Firefox I get new IDs even in different tabs=containers (created by Tempory Containers) with CanvasBlocker and JShelter. Restarting Firefox isn't necessary.
It seems like you can be tracked with the cached images and files thing in chromium, because unless i clear those i get recognized, i imagine brave clears them on exit, for which chromium has no in-built option. But i also had to use the "fingerprint spoofing" extension to get a new id. Funnily enough i didn't have to change ip address. I guess this is because in the US, ISPs are cheap scum and give everyone dynamic IP cuz they're too cheap to give them a static one, so because of that the fingerprinting scripts cannot assume you're the same person just from your ip being the same because in the us many people can share the same ip. However maybe they should make a list of countries where operators are likely go give out static or dynamic ips, altho i guess each country has operators that give out both, but personally for me i've almost always had a static one, only on one isp i had a dynamic ip.
Now the next challenge is to get a new Fingerprinting ID (FP ID on the top) on https://abrahamjuliot.github.io/creepjs/ So far, no success:
With Edge + JShelter I got 3 different FP IDs. The first two images are with the settings at default in UBO: With Firefox FP ID always the same.
Why not create various browser with different configurations and maybe put each one om a USB or in a Veracrypt volume? Better yet, create various virtual machines for each personality?
This study focuses on the effectiveness of anti-fingerprint solutions which I assume people here would be interested in. https://dl.acm.org/doi/10.1145/3308558.3313703
On the other hand it should be noted what Brave privacy engineer Peter Snyder wrote here: You'll also see a trust score of 0% with Firefox and JShelter. I think creepjs is probably the most rigorous fingerprinting site available. If even this site designates a trust score of 0% to Brave and FF + JShelter, other websites which don't expend such an extraordinary effort in fingerprinting their visitors certainly won't do a "better" job. And since most sites are using 3rd party fingerprinting this can rather easily be blocked with, e.g., uBlock Origin (and Dynamic Filtering in medium or hard mode). Now, Google services, e.g., might extensively fingerprint their visitors, indeed. The solution is simple: don't use them! There are excellent alternatives for Gmail, for Google Search (like SearxNG - https://searx.tiekoetter.com is one of the best instances I've found so far) and Youtube (Piped - a good instance is https://piped.kavin.rocks ).
In Chromium-based browsers this will not be feasible,unfortunately. Even my request for CSP blocking in UBO Lite seems,according to what Mr.Hill writes,unfeasible.
After a long time there is an update of JShelter 0.11.2: https://chrome.google.com/webstore/detail/jshelter/ammoloihpcbognfddfjcljgembpibcmb
https://www.ghacks.net/2023/03/21/w...ly-good-sees-through-vpns-and-incognito-mode/ I installed JShelter in Edge again. The test at the link above passed successfully in Edge if you open/close the browser on each visit. JShelter is not detected at BrowserLeaks specific test.
Interesting new test available on BrowserLeaks: https://browserleaks.com/http2 More information: https://www.blackhat.com/docs/eu-17...assive-Fingerprinting-Of-HTTP2-Clients-wp.pdf
I've just updated one of my VPN apps and visited the browserleaks site. Here is what I got. I'm using Brave with only uBlock Origin Lite extension.
Code: *##+js(aopw,navigator.clipboard) *proxy.js *##+js(noeval) *$csp=script-src 'unsafe-inline' I just added those few rules in uBo that I think are the ones that make it get those results. By the way, if you don't whitelist sites or domains, it breaks most sites.
@nicolaasjan I would be curious to know if TOR browser gets an Akamai Hash and Fingerprint Hash on this test. Obviously variable in 2 consecutive openings of the browser. Thank you very much: https://www.browserscan.net/tls P.S. I with Edge get an Akamai Hash that is always identical. And a JA3 Hash + Fingerprint Hash that is variable and therefore always different.
It does and it is the same each time after restarting the browser. Even the JA3 Hash + Fingerprint Hash stay the same. Maybe it will be the same for each Tor user?
I don't know. But it's definitely better if it's variable. The myth that every browser at default is less prone to fingerprinting,in my opinion is wrong. Except that it is a fact that can only be demonstrated theoretically. And then those who keep the browser at default,give up better security certainly. I also believe to better privacy. P.S. Obviously I'm excluding TOR (in this intervention of mine) because I don't know much about this browser other than that it's best to leave the settings at default.
1° Test: 2° test: I retested with the Browserleak test: https://browserleaks.com/http2 the result to the Akamai test is identical: So in my browser it is subject to an HTTP/2 fingerprint with 100% accuracy. P.S. In Chromium-based browsers via the following command line: Code: --disable-http2 you can disable HTTP/2. https://css-tricks.com/http2-real-world-performance-test-analysis/ Now,I applied the command-line and it works. But it doesn't seem very convenient to block HTTP/2. Removed the command-line.
Code: 52d84b11737d980aef856699f885ca86 I get that same Akamai hash in Ungoogled Chromium 122.0.6261.57 The other 2 are different though.
Interesting,so you hypothesize that all Chromium-based browsers have the same result,making HTTP/2 fingerprint unworkable?
Not all Chromium browsers are equal. E.g. in Chromium-dev 124.0.6328.0 I get: Code: 1f8d034a8cddf37ce421b5f8c4dc9a51
Btw, I get that same Akamai hash as yours in Edge 122.0.2365.59 No... [Edit] But after turning on 'security.tls.enable_kyber' in 'about:config', it is now enabled.
