throwaway202302's comments

I find no current information whether this issue has been fixed or if current browsers mitigate it in private mode; as it seems to basically be a feature I assume any sort of fix can only be in context of private mode (per tab in safari or per-container in firefox) or history-clearing?

Neither I can find a "test page".

Do we have any?

Thankyou

https://niespodd.github.io/webrtc-local-ip-leak/ still? leaks local IP in mobile safari. On browserleaks local ip check fails, giving false feeling of safety.

The zoom settings in the display/brightness section of the iphone seem quite relevant for fingerprint.com algorithm.

Toggling between standard/bigger text toggles the fingerprint value.

This could be because the visible area in the screen size changes, as well as some value of the CSS-fingerprint.

.... adGuardGerman:[u("LmJhbm5lcml0ZW13ZXJidW5nX2hlYWRfMQ==") ....

I see things hat look like font fingerprinting, CSS, Apple pay detection, ... , msPointerEnabled, ..., webkitResolveLocalFileSystemURL, ... cookie settings... ... used mathematical library (sinus, cosinus, ...) serviceworkers, ...RTCPeerConnection, hardwareConcurrency,

Maybe we could dissect it and analyze the full list?

At some other place, they documented e.g. you can get the light/dark theme information out of the CSS. Doesn't even need JS to do it.

It looks like it is using heavy obfuscation.

Maybe these? https://browserleaks.com/webrtc But at least FF in private mode should randomize these IDs on restart.

Rather old one, where 25m was claimed. (Markus Kuhn).

Some like 200m were claimed by anons in random threads (https://www.mikrocontroller.net/topic/319197, in german), but that might have been related to CRT, not sure. They said they pointed antennas towards an office building.

All in all, the topic seems valid but unfortunately the discussions tend to be trolled.

One takeaway from the original link for me was to prefer displayport cable over hdmi/dvi. Yet, if the shielded connectors you have been referring to are easy to find, sounds good as well.

Absolute security is not possible, they say. Yet I wonder, can we have some sort of it at least outside a horizon of lets say 5 meters? Broadcasting the signals few meters/across the street/100m seem to be quite of a difference.

From my apartment, I can see a telecommunication tower, about 1.2 kilometers away. Wondering what it could pick up with enterprise grade antennas if it wanted to. maybe the other monitors around would disturb the signals?

https://www.usenix.org/legacy/events/sec09/tech/full_papers/...

Two questions: - How many meters do we need to expect our lcd/ips monitors to radiate? - Do we know about any monitor/cables that prevent the worst radiation and what to buy?

p.s. There are also papers that describe how to pickup keyboard strokes using the same method.

This is about precision of browser fingerprinting.

fingerprint.com generates a hash from browser/os attributes to recognize users without cookies. I tried their demo using iphone and expected (because i use private mode and returned several times with hopefully different cookie) to see some entries from other iphones like my one pop up in my history (from the fuzzy matching; https://www.apple.com/safari/docs/Safari_White_Paper_Nov_201... has some sentence about fingerprint prevention) but there were no other. I was alone and it traced me well. It was immune to private relay on/off (geodata).

They claim 99.5% accuracy for fingerprint pro. From the docs (https://dev.fingerprint.com/docs/understanding-our-995-accur...) it seems to me that 99.5% is overall accuracy for the hosted service and that number might be inflated by all the reference calls generated by devices that never clean their cookies (these count as 100%) The fraction of these is undisclosed, but its most likely very high(?).

I had, so far believed that it is more difficult to fingerprint a mobile safari than a desktop or android, because there is not so much hardware variety. Canvas/audio fingerprint should mainly depend on the phone’s model, and so are the fonts? (can apps bring new fonts to the fingerprint?)

Yet the demo of fingerprint.com performs pretty well for me. I do not know if its a problem of my safari leaking something or whether I am the only current user of the demo and therefore have no other peers to compare against. It seems a general problem also on sites like amiunique.org that almost nobody uses them. amiunique reports current iphone user agent as having a 0.4% fraction in last 15 days; but there are millions of these phones out there?

First I thought its my cookies but safari is indeed in private mode and e.g. samy.pl/evercookie test shows different digits each visit.

Anybody has some link/test tool especially crafted for iphone/ipad fingerprint or has some know-how of the “secret sauce” of fingerprint.com et al and would like to share? i would like to know how my iphone SE is different from other iphone SE. how to find out? Do you see conflicting peers on fingerprint.com demo when using it with iphone?

Thanks a lot.