> I wouldn't rely on it because it's committing to an ongoing arms race against the browsers. One that I expect them to win.
Don't be so sure about this. The world's most popular browser is developed by the world's largest advertising company. I'm not saying Google is intentionally sabotaging Chrome, but I doubt they're putting significant resources into anti-ad technologies.
> Browser fingerprinting is a hack, and exploits clear loopholes in browser privacy models.
> I wouldn't rely on it because it's committing to an ongoing arms race against the browsers.
It doesn't seem to me that browsers are trying to win at all. For example, one of the greatest discriminators - font list - has been known about since people were talking about browser fingerprinting.
The fix would be pretty easy too: in incognito mode (or when toggled by the user), only support 2 fonts: 1 serif and 1 san-serif that ship with the browser on all platforms.
I don't think any of the browsers want to do that.
There are a number of other longstanding fingerprinting issues that are similarly easy to fix.
Sure, the basic things like "which fonts do you have installed" are easy to make consistent, but there are thousands of other ways to fingerprint a browser, many of which would have serious performance impacts if fixed. For example, Macbook Air's can only run at full CPU speed for about a second before slowing down. Just make a 2 second javascript busy loop and watch for the slowdown. Are you going to slow all users down all the time just so these macbook users can't be identified?
simonw|6 years ago
I wouldn't rely on it because it's committing to an ongoing arms race against the browsers. One that I expect them to win.
thenewnewguy|6 years ago
Don't be so sure about this. The world's most popular browser is developed by the world's largest advertising company. I'm not saying Google is intentionally sabotaging Chrome, but I doubt they're putting significant resources into anti-ad technologies.
nordsieck|6 years ago
> I wouldn't rely on it because it's committing to an ongoing arms race against the browsers.
It doesn't seem to me that browsers are trying to win at all. For example, one of the greatest discriminators - font list - has been known about since people were talking about browser fingerprinting.
The fix would be pretty easy too: in incognito mode (or when toggled by the user), only support 2 fonts: 1 serif and 1 san-serif that ship with the browser on all platforms.
I don't think any of the browsers want to do that.
There are a number of other longstanding fingerprinting issues that are similarly easy to fix.
londons_explore|6 years ago
Sure, the basic things like "which fonts do you have installed" are easy to make consistent, but there are thousands of other ways to fingerprint a browser, many of which would have serious performance impacts if fixed. For example, Macbook Air's can only run at full CPU speed for about a second before slowing down. Just make a 2 second javascript busy loop and watch for the slowdown. Are you going to slow all users down all the time just so these macbook users can't be identified?
tyingq|6 years ago
littlestymaar|6 years ago
jakelazaroff|6 years ago