The only thing i use google for is lens and couldnt find a good replacement for it,Tineye is subpar.
this post was submitted on 19 Feb 2025
185 points (98.4% liked)
Privacy
33992 readers
742 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Google:
They've been asking us not to track them with cookies, so we're tracking them with fingerprints
Surely the gdpr has something to say about this. Or did the US forget the rest of the wold exists again?
Thats why their ToS is different in the EU.
Could I use a VPN to some place in the EU in order to have the different ToS
That might be possible, but Im not 100℅.
If they already have your fingerprint in the browser or device, they might not care. Idk.
Perhaps Qubes.
Exactly, Google even advocated against the use of more intrusive tracking technology like fingerprinting stating it was too intrusive, I'll be the first to say I'm pro capitalist (if you can work hard and get rich, power to you), but when you are willing to invade the literal physical privacy of people who do not even want your products, it calls into question the legitimacy of your company.
I appreciate that you are standing for moral dignities like personal privacy. But understand, Google's entire business model IS surveillance capitalism.
Profits aren't infinite if the resource is finite. Eventually, they would have to dig the mineshaft deeper, take more material to sell more product. This is what happens when capital is left laissez-faire, it grows more tentacles.
Lmao this guy thinks hard work is what makes people rich instead of massive amounts of exploitation in an inherently exploitative economic system....
load more comments
(6 replies)
Being pro-capitalist on this website is gonna make you stick out like a sore thumb
load more comments
(1 replies)
I love capitalists stepping on me
Uhh, okay?
What a bunch of BS.
I personally like Mullvad's approach to something like this.
First, use their browser and VPN together (browser was co-developed with the Tor Project folks),
In the VPN, you want to turn on DAITA. It's an interesting concept and I hope more legit projects like Mullvad start doing these things.
They're essentially adding bunk data to your VPN traffic to hide you from any AI analysis that might use only your throughput to identify you and your habits.
try creepjs with mullvad browser, 100% traceable. it will always know it was you even if you clean the identity and restart the browser. and I bet googles tracking is even more advanced.
Can you elaborate? When I'm using Mullvad Browser+VPN, have DAITA and Multi-hop on, it doesn't know who I am at all.
Since this is a VPN, there are a ton of visits with this FP ID, and the FP ends up calculating differently (and I get different visits results, trust scores) whenever I refresh my session in the browser, or even just reconnect the VPN.
The other data on the page are all completely generic guesses at my system, monitor size, etc. and maybe 10% of that info is accurate to my system. Even that info is not very useful. For instance it says I'm running "Linux x86_64"... they certainly nailed that information down...
When I do this with only the VPN and Firefox, then the data is a lot more consistent between refreshes, incognito mode, etc. and the FP ID is pretty much the same every time in Firefox.
The other data taking guesses at my system are also more accurate when using regular ol' Firefox. For instance, it actually adds to the "Linux x86_64" that I am using an AMD GPU (no additional info than brand). Still not all that damning if it wasn't for the FP ID in this scenario.
I've read through the docs, and several other articles, that explain more about creepjs, but I culd be misunderstanding something somewhere I guess.
ETA: I'm also noticing that in regular Firefox, the timezone data is all fairly accurate to the current servers my VPN is hopping through. In Mullvad Browser, though, the timezone data is all over the place and not at all accurate to what my VPN is set to, let alone where I actually am.
ETA2: maybe my settings are more specific than you expect? Maybe your data about being 100% traceable is with 0 configuration of the browser or VPN?
My setup:
- Mullvad Browser + Mullvad VPN
- DAITA turned on
- Multi-hop turned on
- Lockdown mode on
- All DNS content blockers enabled
- Extra steps to unify VPN+Browser DNS compatibility
I could see if maybe you just installed Mullvad VPN and didn't use their browser (or didn't configure the browser for the VPN) that you'd be way more traceable.
I use mullvad vpn, and I tested with mullvad browser, and it always detects me. doesn't even matter if I use daita etc...something gives me away. unique fp and it sticks between refreshes and restarts. I recall my gpu being one giveaway but I'll have to check that again tomorrow.
Interesting. I'm very curious at what could be causing the discrepancy between our results!
so out of the box it blends in, but it still knows me even after cleaning the identity. in prediction section almost everything is red 0%, and it seems to know the browser is lying. if I use dark reader, I am unique.
Interesting, thanks for coming back with some info. It brings up more questions, but I understand if you don't want to dive deeper. No worries!
-
Just to make sure we aren't testing two separate systems, I am using the site hosted on GitHub from the maintainer: https://abrahamjuliot.github.io/creepjs/
-
What operating system are you running? I see some discourse online about even Tor being identified as long as it's run on Windows 11, but in Linux it is not identified.
https://old.reddit.com/r/TOR/comments/113ukg9/is_creepjs_able_to_break_tor_antifingerprinting/
-
Under prediction, what is the crowd-blending score you see? In mullvad, I see 75% (C), in my other browsers I see 60% or less (D/F). Admittedly, I don't fully understand this section too much. I was under the impression that 0% here was a good thing, but the way you described it is the opposite. Trying to locate clarification on this and will edit when/if I find it. Edit: from the README it says failing = unique, but also goes on to say that a lower trust score is not necessarily bad. I'm still a bit confused at exactly what this is telling me, especially when I'm being clearly lumped in with a lot of other users in Mullvad, and very clearly being unique in Firefox. Yet, both datasets are almost entirely 0% under Predicitions.
-
And just to round it out, I'm curious what you see for the visits count at the top, and when the first visit was. When I'm in Mullvad, the visits count is almost touching 1000, and the first visit was at the beginning of January. These are definitely not me, as I have only run the test a handful of times, and yesterday was the first time I had ever used or heard of creepjs.
I still think there is potentially something I am misunderstanding about creepjs, so I may be wrong here. From what I understand, if the FP ID changes, visits is at 1, and first visit is timestamped right now, then you likely have been identified. The FP ID changing or remaining the same doesn't really indicate anything without the context of the rest of the data, especially the visits counter. It's clear that I am being lumped in with many, many other users.
Lastly, I think that you are making yourself standout from the crowd by manually installing the dark reader plugin (I assume that's what you meant). That defeats the purpose and is likely why you are being identified so quickly. There's a reason why Mullvad and Tor don't make it easy to install plugins, and also why they recommend not maximizing the browser window. They actually specifically force the viewport to be a specific resolution, even if you maximize. This makes you look even more like everyone else, because out-of-the-box you are configured the same as everyone else. As soon as you add anything unique, you become unique.
-
yup that's the same thing I was using.
-
I use linux mint, haven't tried it on any windows system. tried on my phone and no browser can beat it, I'm totally 100% unique.
-
score is 75% for me too. on any other browser it's 27%, even without any extensions so this is still a lot better. oh and I just assumed 0% was bad because it's shown in red, but if it's the opposite then js engine and mimetypes are the big giveaways as they have 50 and 20%.
-
it started at 55 and has been alive for a month. before I changed something in the settings it was 300. it still counts up when I refresh, open in a new tab, restart or even clean identity. can't fool it. I suppose it wouldn't matter as long as it confuses me with a few others too, I'm just not convinced it can fool google and meta.
I'm just not convinced it can fool google and meta
Yea, this is a great and healthy skepticism to have. It's why I went deep on this little research tangent.
Besides browser fingerprinting, there are many other ways to tie you to online behavior. For instance, the DAITA thing has nothing to do with browser fingerprints, but specifically the size of your inbound and outbound traffic. The NSA uses that to figure out your behavior and link on-VPN and off-VPN traffic together with great success, regardless of how many hops you go through. It's the behavior that gives you away.
I'm always on my VPN, reconnect at random times, and have all the extras turned on. Something else that may be a factor is that I have Mullvad Browser installed via Flatpak and is sandboxed to hell. Maybe you installed via .deb or something in Mint?
Any way, thanks again for humoring me in this! I think you're right that at least you are sorta getting lumped in with others, but it's never going to be 100% foolproof and we should all plan for that.
Check out EFF cover your tracks: https://coveryourtracks.eff.org/
The results are very interesting. For me, the most unique thing about my browser was that I had two system languages, and so the accept-language header was very unique.
I now use vanadium (graphene OS), which simply sends made up values for a lot of headers, and so makes fingerprinting harder.
In general, you should try to be as "normal" as possible, use standard settings for everything, just accept English, etc..
Vanadium on Graphene is actually what I use as well haha, its just hard to convince people who already have enough on their plate with their actual jobs to make the lifestyle switch without it being viewed as very burdensome.
That's a very interesting site, thank you!
It looks like the screen size is the most identifying info for me, followed by the webGL hash. Not much can be done about those on mobile right?
Meanwhile the linked website is full of intrusive ads and hundreds of "legitimate interest" tracking cookies. Oh the irony...
uBO exists.
You don’t get the point, do you? I know I can block those, yet it’s hypocritical to complain about privacy and tracking in an article while doing the same. It’s not even the fact they use cookies at all, I get they might need them for analytics and such. But this site is out of control
Exactly. Just using an adblocker is like tying on a blindfold and claiming that the minefield has no landmines.
Digital self-defense isn't about ignoring trackers, it's about evading and disabling them.
Ah, ok, I see.
i use uMatrix (by the same author as uBlock Origin), which essentially allows very granular control over what dynamic to allow:
per domain and subdomain you can allow script, xhr, media, frames, cookies, images, css, and other things
so you can say, for example, on lemm.ee deny any scripts from google.com from loading and deny any xhr (so analytics can’t work even if the script is hosted elsewhere)
this stops a lot of fingerprinting in its tracks (except when you need to allow eg reCAPTCHA), but it does break pretty much every website until you go and allow only known good things (like scripts and xhr to the sites own domain)
This looks to be an excellent tool, thanks for sharing and have a good one.
you’re welcome! you too!
it should be noted though that it hasn’t been updated since 2021, and its repo has been archived (i’m not sure of the reasons). it still works great, but it’s not going to get any updates
Its functionality is pretty much built into uBlock Origin now, see https://github.com/gorhill/uBlock/wiki/Dynamic-filtering.
i’ve tried using dynamic filtering before, but honestly the UI for it is horrible… their example they give for allowing youtube embeds shows my issue with it pretty well:
their solution is either to allow everything from google.com and youtube.com, or to allow all 3rd party frames
uMatrix allows me to, for example, allow 3rd party frames only from youtube.com, and block cookies for those same frames (heck you could even allow frames and block CSS originating from google if that worked!)
this is particularly useful for analytics services… sometimes the whole page won’t load if an analytics script doesn’t load, so you can allow only scripts and block xhr so it can’t send pings back home
Yeah it's definitely more "logical" and easier to use the way uMatrix does it.
gimme an advanced advanced mode that mimicks the uMatrix UI and i’d donate monthly for sure - uMatrix is one of my most used tools! i’d switch to uBO if the UI were as powerful
I wouldn't have known, it's very granular and not for the faint of heart (or technically limited.) Just what OP asked for!
It's lying to get out of something.
targeted ads are stupid anyway, i dont want to hear about stuff i could look up myself if i need something. Constant ads are even more stupid because its just stuffing their stupid corporate shit down our throats.
There should be one opt in ad service that collects all the possible ads and you then just browse it like a catalog or something if you want to find ideas what to buy.
I will keep my adblocker until contextual ads are the norm again.
Wouldn’t tails be just as trackable as say a browser that clears all its cookies?
Firefox (with good settings, or Librewolf) + uBlock Origin + Decentraleyes + NoScript (with default permissions removed) is probably > 80%.
DecentralEyes is deprecated, LocalCDN is actively maintained.
NoScript is superfluous with uBo
view more: next ›