graposaymaname

> Canvas Fingerprinting. They draw an image in the background using vector graphic commands. Afterwards they save the image to a rasterized PNG. This data is quite unique among different devices depending on settings and hardware.

> They also use audio fingerprinting to identify visitors. This doesn’t mean they actually use your microphone or speaker. Instead they generate a sound internally and record the bitstream, which also differs from device to device.

This really blew my mind. Correct me if almost all of them are doing this. If it is so, the congress hearing last year, all those privacy suits, all went into vain didn't they. (PS. bad english)

:/

hombre_fatal

99% of websites we visit do not need canvas or sound. And the few websites that do can explain why you should click "Allow" when they prompt you for access.

What's a charitable reason that stops even a supposedly privacy-concerned niche browser like Brave from implementing opt-ins for these things?

I suppose one reason is that you would immediately unleash opt-in spam on your users that don't know what these pop-ups mean since so many major websites use these hacks, so the average user is just going to be conditioned to mindlessly click "Allow All" every time they pop up like UAC on Windows Vista, punishing the average person while doing nothing to enhance their security.

Doesn't help that legislators are absolutely clueless here. For example, demonizing cookies when cookies are the most fair and transparent way to implement tracking, and leading to the first wave of pointless opt-in spam that plagues the internet. I'd rather they leave the internet alone and for browser vendors to step up for us.

Of course, the problem also includes native apps like in TFA. I'm just more optimistic about clients that run in web browsers.

stiray
Ok, how to fix fingerprinting:

- for web, stop using chrome, install firefox (or firefox mobile) and in about:config set privacy.resistFingerprinting on true then add following addons:

https://addons.mozilla.org/en-US/android/addon/canvas-finger...

https://addons.mozilla.org/en-US/android/addon/audioctx-fing...

https://addons.mozilla.org/en-US/android/addon/webgl-fingerp...

https://addons.mozilla.org/en-US/android/addon/font-fingerpr...

They will not only prevent fingerprints but also screw with the data (add random noise to audio/webgl sample, return random fonts,...).

- the most important rule, don't use applications like tiktok, fb,.. if your phone is not rooted, with xprivacylua (https://github.com/M66B/XPrivacyLua, for added kicks https://github.com/M66B/NetGuard) installed and you have basic understanding what you allow there (disallow everything for new apps and work permissions one by one). The sole purpose of those apps and their bussiness model is to steal your data. This is most sane advice I can give, sorry :(

Voila. Solved.

Those methods of fingerprinting are few years old and well known.