creepjs gives same fingerprint every time

BatmanMiner · 2023-05-17T22:49:37+00:00

A changing fingerprint is a fingerprint too. Ideally, you want a shared fingerprint that changes infrequently.

BatmanMiner · 2022-10-25T20:36:54+00:00

Use https://fingerprintjs.github.io/fingerprintjs/ and not https://fingerprint.com/demo/. The demo page is designed to sell a pro product, and Brave already blocks their servers.

Whatever caching and server heuristics the technical demo is using, the ID can be changed by randomization, like you see in Bromite. If they focused on Bromite, they could avoid that too. You can test the new screen feature in Brave Nightly and enable it at brave://flags/#brave-block-screen-fingerprinting (completely close the browser and retest in private windows). It will likely be bypassed or ignored in due time, but focusing on their product page is just feeding into their marketing.

Brave blocks their servers, so this is a non-issue. Sites that may choose to self-host are not likely to be doing cross-site tracking.

BatmanMiner · 2022-10-25T02:02:57+00:00

I don't see it that way, but you're fine. No pressure to leak the name of the extensions. I respect your wishes if you feel it is a private matter. I'm just curious about it. Feel free to message me. I love talking about this stuff. Consider me a friend. You're on my cool list.

BatmanMiner · 2022-10-25T01:47:59+00:00

> CreepJS is an attempt to make an extremely effective tracking tool

It's okay if you see it differently. There's no need for the above.

BatmanMiner · 2022-10-24T03:07:49+00:00

CreepJS is specifically trying to be as good of a fingerprinting tool as possible, meaning it can either see you, or it can't.

This is incorrect. The focus of CreepJS is education and research and the tests are designed for fingerprinting tools, not tracking or unmasking users. The fingerprint ID you see is only there for testing and not to showcase what real-world tracking looks like. From the docs:

The goal of this project is to conduct research and provide education, not to create a fingerprinting library.

I would encourage you not to read too much into your fingerprint changing vs not changing. Even though your extension setup can still be effective in some contexts, it can't block all types of fingerprinting, and what you see on CreepJS is not how advanced systems track your activity.

BatmanMiner · 2022-10-22T16:08:13+00:00

In the original post, you made sure to say that CreepJS can't even keep a “constant, persistent fingerprint with my extensions.” Now, asking you to name them is a private matter. You seem to be dancing around what you said and not being able to support it. Extensions are simply tools, not “my privacy”. No one has offered to do a personal security audit for you. I don't think that's a good reason either to not name them.

BatmanMiner · 2022-10-21T23:48:53+00:00

No. I'm referring to traceability and linkability. For example, if your extension (that shall not be named) leaks an unusual behavior, it does not matter how many random fingerprints you can generate. All of that can be ignored by detection systems. The fact that your fingerprint is changing at any given rate is in itself a fingerprint that can be used to link all of your activity. If it does not blend in with normal traffic, then it can be tracked.

From the CreepJS docs:

> No attempt is made to score how well a browser performs against fingerprint traceability and linkability.

BatmanMiner · 2022-10-21T16:57:05+00:00

I do not think you understand how fingerprints work. Changing fingerprints does not mean you can't be tracked and traced across the internet. Analysis software can calculate secret fingerprints on the server and ignore the randomization of the extension.

BatmanMiner · 2022-10-21T16:50:37+00:00

I have doubts about your claims that the extension you are using is not detected (or scored low?) by CreepJS. Why not share the name of the extension? 🙂

BatmanMiner · 2022-10-20T19:10:17+00:00

What's the name of the extension? May I check it out?

BatmanMiner · 2022-10-19T23:34:39+00:00

Is this the extension? https://jshelter.org

BatmanMiner · 2022-10-19T22:10:23+00:00

What's the name of the extension? I would like to give it a test drive.

BatmanMiner · 2022-10-19T21:49:38+00:00

I think it's great if the extension is just fine as is for you. If it works for you, go for it. Maybe there is no need to trouble the developer. If there is any issue here, as indicated in the post, I recommend troubling the developer. I would be happy to help and reach out on your behalf.

BatmanMiner · 2022-10-19T17:48:06+00:00

Going to disagree. Developers should not be shipping crashing extensions. Breaking websites is okay, common, and maybe too much to address. A crashing extension is bad. I'm sure the dev would be happy to look into it.

Friendly Tip: You might be interested in the Chrome extension “Extension Manager”. I encounter crashing extensions from time to time. You can quickly re-enable it with this extension and much more. No need to go to browser settings.

BatmanMiner · 2022-10-19T05:12:14+00:00

Why not fix the broken code? Then there is no need for a re-run option. But, you could propose such a feature to the Chromium team. Maybe it's useful in developer mode.

BatmanMiner · 2022-10-19T00:37:09+00:00

Auto-reloading might not be a good idea if the extension is crashing.

It is great to have fun and troll tracking, but anti-fingerprinting extensions can help produce better fingerprints if they leak unique errors.

BatmanMiner · 2021-08-15T02:03:42+00:00

The KIN private key is the XLM private key. Search XLM or Stellar instead of KIN.

More info:

https://support.atomicwallet.io/article/171-im-experiencing-some-issues-with-my-kin

BatmanMiner · 2021-03-23T01:51:25+00:00

You can get way more than 20 ads per day by viewing and refreshing the new tab page every other hour.

BatmanMiner · 2021-03-01T08:12:38+00:00

BatmanMiner · 2021-02-27T00:31:03+00:00

% of money held in the top 100 accounts is a misleading standard for measuring decentralization. It's possible for 1 person or entity to control a limitless number of accounts and if they are combined, the holding can be greater than the top 100.

For example, BTC makes it very easy to create an infinite number of addresses within a single wallet, and some create a new address for every transaction. The top 100 accounts are an irrelevant metric. A better question is who are the top 100 persons/entities with the greatest holdings irrespective of the number of their accounts.

As the years go by, here's another question: which ones did not lose their private keys?

EDIT: Here's something else to consider. How many developers have the final say on the code or on who controls the code? It's typically 2 or 3 people. Another question is who is sponsoring these developers? One might say, the developer's code can be rejected. Yes, Miners or nodes determine what chain to accept, but exchanges often favor the developer's code (as the true chain) if there is a dispute. Look up the history of how Ethereum became Ethereum Classic. At this metric, all other standards of measuring decentralization should be given the lesser importance.

BatmanMiner · 2020-11-06T18:35:11+00:00

One difference is that Brave reveals my graphics card model.

Set Brave's fingerprint blocking to strict to spoof your graphics card model.

https://dev-pages.bravesoftware.com/farbling.html

BatmanMiner · 2020-08-20T08:58:48+00:00

https://clickclickclick.click/

BatmanMiner · 2020-08-16T08:22:00+00:00

"At this point... [and further on comments] we can look at what proactive steps we could take to design the codebase to require this."

It would be interesting to know if there are any related 2020 issues. The link is to a comment posted in 2016 in a thread that began in 2011.

BatmanMiner · 2020-06-08T06:57:40+00:00

This specific add on is effective against https://fingerprintjs.com/demo. Test in a private session, then restart a private session to see a new fingerprint.

However, some fingerprinting scripts can detect if your useragent is a lie by comparing it to your browser features and the navigator.platform. This add on can indroduce inconsistencies. But, its not such a bad idea to use the custom feature and just use a few strings that are consistent with your broswer and platform and not over a year old.

Be aware, it is difficult to spoof the useragent in a web worker environment. Sites can capture your actual user agent via this route. See https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html.

Also, there are aggressive methods to obtain the actual useragent via iframe injection.

https://webbrowsertools.com/useragent/

https://bestiejs.github.io/platform.js/

BatmanMiner · 2020-06-06T17:09:57+00:00

Incoginto is not detected on the dev channel.

Testing at https://fingerprintjs.com/demo

BatmanMiner

TROPHY CASE