Comments (14)
I used chrome with Jshelter https://jshelter.org/ which is an anti-fingerprinting extension
I used Recommended preset but set Web Worker API to "Remove" (normally it is set to "Strict")
Looks like the anti-fingerprinting extension has defeated the fingerprinting, sucesss for jshelter
from creepjs.
sometimes more unique and traceable
@abrahamjuliot Can you elaborate on this? If the test can't run in the first place (or even if it were modified to work without WebWorker for example, but leaving JShelter on), would there really be enough bits to uniquely identify most people across the world that way?
More like it identifies it as an unusual JS environment indicating it's likely a modified environment. This usually indicates a bot or an antidetect browser (e.g. you're likely to just get blocked right off the bat by security services like Cloudflare).
from creepjs.
Are you encountering the error on a clean installation of the latest Chrome or Firefox?
from creepjs.
Worker
is a standard API and required to run.
from creepjs.
Ah, yes. It's a nice extension. It defeats the test, but a blocked fingerprint is also a fingerprint, and it is sometimes more unique and traceable than had the browser provided all hardware specifications if that were possible.
from creepjs.
Closing for now, but please have no hesitation to re-open if you encounter any issues preventing the test from running.
from creepjs.
sometimes more unique and traceable
@abrahamjuliot Can you elaborate on this? If the test can't run in the first place (or even if it were modified to work without WebWorker for example, but leaving JShelter on), would there really be enough bits to uniquely identify most people across the world that way?
from creepjs.
Yeah, take hardware for example and say blocked hardware is hardware X. How and in what way it is blocked will determine its class A-Z. Given all the different ways of blocking and how uncommon it is to block hardware, hardware XA is a better fingerprint than a valid or unique hardware shared by normal browsers.
from creepjs.
But how is it a better fingerprint if you're not able to gather as much information with things being blocked in JavaScript? Wouldn't that reduce the number of available bits of info down to where it's not unique enough? I get that you say it's uncommon, but if the fingerprinting isn't based on knowing anything about other users' data (unlike say panopticlick maybe), I'm skeptical as to just how unique it can really be. Is there any more evidence on this available?
from creepjs.
But how is it a better fingerprint if you're not able to gather as much information with things being blocked in JavaScript? Wouldn't that reduce the number of available bits of info down to where it's not unique enough? I get that you say it's uncommon, but if the fingerprinting isn't based on knowing anything about other users' data (unlike say panopticlick maybe), I'm skeptical as to just how unique it can really be. Is there any more evidence on this available?
Not supporting a widely supported feature that every modern browser has is inherently weird and therefor makes you stand out. You don't need to quantify bits of information just as you don't need to quantify bits of information to know a flying pig is unique because pigs don't fly.
from creepjs.
You don't need to quantify bits of information
Why not? More than one person uses JShelter, so I think there is more than one flying pig in that sense. I thought that was the whole point of needing at least as many bits that can add up to as many people/devices there are in the world to really be able to call it "unique" when you don't know how many of such users there might be.
from creepjs.
I'm skeptical as to just how unique it can really be. Is there any more evidence on this available?
How unique depends on the site and volume. Below is a visual snapshot of the resistance/engine hash stats on CreepJS. I can't find all variations of JShelter visually, but I can put all the unknowns into one bucket. That is already incredibly unique. If we wanted to, we can map out all possible configurations of JShelter and label them. This helps and simplifies tracing a specific browser/machine.
from creepjs.
How unique depends on the site and volume
Ok, I was under the impression that "unique" meant there is quantifiably no other browser/device on the planet with this same fingerprint (or least you would be 1 in however many bits of info are available), regardless of the site that was visited. Perhaps I should ask for clarification on what your definition of unique is.
And if WebWorker isn't available (as with the default settings for JShelter), or for example if JS was disabled entirely, wouldn't that significantly reduce the number of bits available to where it's not possible to globally and uniquely identify a single browser instance?
from creepjs.
...quantifiably no other browser/device on the planet with this same fingerprint
Web tracing is more confined to limited contexts or a specific set of domains. Quantifying at the planet level is unnecessary.
definition of unique
Rare for a given context. It can be shared with others and still be unique. Identifying individual actors is a different matter, not focused on here.
WebWorker/JS disabled
Blocked entropy is still entropy, but if a significant amount of normal traffic is blocking similarly, it becomes less unique. How unique will vary from domain to domain.
from creepjs.
Related Issues (20)
- Doubts about the erro infos
- Doubts about the erro infos HOT 9
- MIT or ISC license? HOT 1
- Doubst about the WorkerNavigator HOT 3
- Idea: Detect frame rate HOT 1
- How to use? HOT 6
- what is ```- failed prototype test execution``` HOT 9
- lazy loading iframes HOT 3
- Firefox trash after update HOT 2
- what does session mean? HOT 1
- Novice webdev here - How do I install this? HOT 1
- Workers test throwing unsupported on Safari 17.3 HOT 10
- Where is the server source code itself? HOT 2
- How is the FP ID calculation being made? HOT 3
- fonts.lied is undefined HOT 3
- Workers testing is easily defeatable. HOT 6
- Documentation on how to run this HOT 3
- CSP blocking worker HOT 2
- Fake deviceMemory not detected on Firefox HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from creepjs.