this post was submitted on 17 Aug 2023
180 points (90.2% liked)

Privacy

31609 readers
367 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

A facebook employee explained me how tracking works. Its not the email address Meta is concerned about. Its the IP, device identifiers and location. Meta doesnt care about the email at all apart from sending you emails for notification. Even with a fake email they exactly know who you are. Let's say you visit CNN.com which has facebook tracker. Facebook has the IP and the device identifiers. Now you login with fake email account on Instagram, facebook knows that's the IP ans the same device hence it "must" be the same person That's how facebook creates shadow profiles.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 152 points 1 year ago (9 children)

Its not the email address Meta is concerned about. Its the IP, device identifiers and location.

This actually applies to the entire internet, look into fingerprinting. This website checks how susceptible you are to it: https://coveryourtracks.eff.org/

[–] [email protected] 32 points 1 year ago* (last edited 1 year ago) (1 children)

I like the EFF, but I don't agree with the report this generates. There are two counters to fingerprinting: have the same fingerprint as everyone else (Mullvad Browser is based on this idea) and to have a unique fingerprint that changes regularly (The CanvasBlocker extension supports this approach).

Since most of the time I'm in Firefox with CanvasBlocker, I want to see unique fingerprints, but also that they keep changing.

[–] [email protected] 7 points 1 year ago

There's a decent bit in their site as to how fighting fingerprinting by trying to be more common can make you still stand out, so mullvad may not work out depending on how it implements this concept. Randomizing fingerprinting sounds like it could work (I haven't researched it so I don't have enough info to agree or disagree, but sounds legit at the very least) and expecting their report to understand that is beyond the scope of the tool. I mean, you couldn't actually test that method is effective without recording it over multiple sessions/days/etc. Sure you want a unique fingerprint, but seeing a unique fingerprint once doesn't mean it's working.

[–] BallShapedMan 12 points 1 year ago (1 children)

Fantastic link, I need to do better than I am. I appreciate you sharing this.

[–] [email protected] 17 points 1 year ago (2 children)

For what it's worth protecting against fingerprinting is pretty hard, so don't feel bad if it tells you your browser has a unique fingerprint. For most people (if you're using Firefox) going to the settings and turning on strict tracking protection and "Do Not Track" set to always send is good enough and will probably stop most attempts by blocking domains that will try fingerprinting. And use Ublock Origin, people.

[–] BallShapedMan 9 points 1 year ago

I use Firefox and Ublock, I'll do the do not track now!

[–] [email protected] 5 points 1 year ago

use Ublock Origin,

Yep. I have a blanket "block all Facebook" rule. A lot harder to gather info if your browser refuses to load data and scripts coming from their domains.

[–] [email protected] 8 points 1 year ago

Mullvad's website has this nice widget that checks if your ip address can be found by dns too. Good for busting competitors

[–] [email protected] 6 points 1 year ago

OMG this scared me. I thought I was "enough" protected

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (3 children)

That site says "Your browser has a unique fingerprint" even though I run Firefox, uBlock, Privacy Badger, and have privacy.resistFingerprinting set to true. My main problem may be plugins, once you have more than a few your set can be pretty unique.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

Iirc unique != identifiable necessarily, because your fingerprint might be different while still unique the next time around.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

Try going down the page and looking for the categories with more than a few bits of identifying information. I'm running LibreWolf with just uBlock Origin and Dark Reader (which I don't think influences results) and I'm able to get nearly-unique, instead of unique (but I do get unique on default settings). TBB gets non-unique, which is a good set of results to compare to.

In my case I noticed that my fonts were really unique so I set browser.display.use_document_fonts = 0. Also I use my WM to set my page resolution to 1920x1080, which seems to have a better fingerprint than the default LibreWolf floating resolution of 1600x900 (and even the letterboxing resolutions, from what I can tell).

I just spent some time testing again and checking for anything else. RFP does force a generic user agent, but unfortunately it keeps the version information and I can't figure out how to change it with RFP on. Would be nice to set it to the ESR version used by TBB (which has lower bits), but I'm not sure if that would lead to a more unique fingerprint (if, say, a feature was detected that is available in later versions but not ESR).

Edit: just tried Mullvad browser, and it's non-unique! Might be the best option.

load more comments (1 replies)
[–] [email protected] 3 points 1 year ago (1 children)

what is the best way to regularly change your fingerprint? (I'm using firefox)

load more comments (1 replies)
load more comments (3 replies)
[–] [email protected] 31 points 1 year ago (1 children)

Firefox has containers that allows you to seperate all websites in categories where they can't reach anything outside of it.

There's a special one for Facebook

[–] [email protected] 8 points 1 year ago

There are still...I dunno...probably DNS hops, IP, time's of day, browser window size, browser user agent...

And if you access any page with any similar parameters on your phone or another household device on any site with FB tracking, it's over.

It looks like in the last 7 days my phone has cutoff over 150,000 different tracking attempts and that's just catchable ones and on my phone.

[–] [email protected] 28 points 1 year ago (2 children)

I don't use Facebook but I'm 100% sure they have my data.

A lot of apps that uses Facebook login, debugger, React Native, etc. allows it to collect as much user data as it can and send it to FB servers because that's the default.

[–] [email protected] 9 points 1 year ago (1 children)

I dont have facebook, and I explicitly tell family not to put my pictures on their facebook pages or mention me at all.

I'm still 100% convinced facebook has my biometric data, my home address, and what I ate for dinner last week.

The amount of data they collect is insane, and intrusive.

Every time it comes up, i'm reminded of a sex worker who was doxed by facebook because she in a parking lot that a former client was in, and it had used proximity data and shit to link her Sex Work Phone/Facebook Account, to her real Phone/Facebook account, which was then given to the client as a suggested contact.

[–] [email protected] 5 points 1 year ago

Facebook takes biometric data from pictures that aren't uploaded to the platform. All it takes is for them to have access to the filesystem of the user's mobile OS.

This is why I fullstop do not let people take photos of me where I can help it. I'm fucking tired of being made a datapoint.

load more comments (1 replies)
[–] [email protected] 22 points 1 year ago* (last edited 1 year ago)

Preaching to the choir but good to remind some people. Thats why you avoid or limit use of those services. Use tor or a VPN and use multiple layers of blocking such as DNS and in browser blocking. Also foss only applications where possible.

[–] [email protected] 18 points 1 year ago (3 children)

Dont use facebook and have a dns filter that kills trackers and adverts such as Control D or pihole

[–] [email protected] 4 points 1 year ago (1 children)

I tried using control d and their dns location changer. Its crap

[–] [email protected] 2 points 1 year ago

Really, i have been using the free one that blocks malware, ads, trackers, and social media (spybook, etc) and its been great.

load more comments (1 replies)
[–] Jimmycakes 16 points 1 year ago (2 children)

Google knows who you are based on your browser window size. You can't escape shit from these guys.

[–] [email protected] 9 points 1 year ago (1 children)

Is that why Tor Browser has those edges?

[–] Dougas 5 points 1 year ago (1 children)

Exactly. Makes fingerprinting more difficult. If everyone has the same windows size you can't make out who's who based just on that

[–] [email protected] 5 points 1 year ago

Fullscreen 1080p

Whos this john? He has a billion pcs!

load more comments (1 replies)
[–] [email protected] 15 points 1 year ago

Strange game. The only way to win is not to play...

How about a nice game of chess?

[–] sturmblast 9 points 1 year ago (1 children)

just don't use the bullshit in the first place

[–] [email protected] 2 points 1 year ago (1 children)

Its not that simple. They are literally everywhere

load more comments (1 replies)
[–] [email protected] 5 points 1 year ago

I think Firefox cookie isolation (not containers) should block that. Also, always use Noscript and block that shit entirely. You will have no Tracking anymore basically

[–] [email protected] 5 points 1 year ago (1 children)

While browser containers won’t work since you’re using the same IP anyway, blocking the trackers themselves would be more effective. DNS blocking, uBlock, and Privacy Badger can help block fb trackers on websites. So fb knows your ip, but at least they can’t track you across other sites.

[–] EricHill78 2 points 1 year ago (1 children)

People say that it’s redundant using Ublock and Privacy Badger together but I’ve tested Ublock without PB and with PB on the cover your tracks site. Without it it states that I’m partially protected and with both on it says I’m covered. I used ungoogled chromium for the test.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I don't know if it is the case here, but uBlock Origin lets some trackers through and redirects them to empty addresses, so they are effectively useless, good as blocked. This is done so the website doesn't detect that you blocked the tracker, in order to avoid breaking website functionality.

load more comments (1 replies)
[–] [email protected] 5 points 1 year ago

There's a lo of information that sites, not only Facebook, use to track you. Email address can be one this. Anyway, I consider that using anonymous email address is a good idea not only to avoid tracking, also for security reasons I case of filtering, for instance.

[–] [email protected] 4 points 1 year ago (1 children)

And people dont share devices?

I have a family pc in the living room. We all use it.

Im not on facebook though.

[–] [email protected] 4 points 1 year ago

There's got to be more metadata involved in fingerprinting. The type of content you're looking at. Maybe even deriving some sort of signature from your mouse movements.

[–] [email protected] 2 points 1 year ago
load more comments
view more: next ›