Can you get fingerprint tracked across Safari profiles ios macos?

Hello, got a new macbook air and on my iphone, if I use different profiles, like one for Discord, one for Google, one for Amazon, would they still be able to link together the accounts through fingerprinting? My alternatuve is runnning vm’s for everything but that’s annoying and would not really use my new macbook, and yes I have the best fingerprinting settings with ublock and private relay

Who is they?

I suspect that it’s anyone and everyone that really shouldn’t.

Yes, I was primarily thinking about the companies/tracking companies, for example Amazon knowing my Google/discord account etc through fingerprint

guess nobody knows :frowning:

Try it out with https://fingerprint.com. Definitely need to change IP at the minimum.

Using the same device and the same browser even with the profile isolation probably could probably lead to some linkage of these accounts. At the end of the day there is enough similar characteristics in play that yes you could draw that it is all related to you. But that also assumes there is enough care from these companies to do so and I would say there probably isnt for the most part (though as @Expert4870 linked above fingerprint.com’s entire business model is doing that thing so mileage may vary).

To your point if you want a higher degree of certainty that they cant be linked then using VMs or separate devices are likely the only sure way to keep these accounts entirely separated from each other for these companies.

I dont know your threat model, but if the goal is just keeping surveillance capitalism at bay then using this plus a daily browser like mullvad browser or tor plus a VPN is probably enough. :man_shrugging:

Your description is too hand-wavy and vague to give any suggestions.

100% agree with this

Also keep in mind that, in my experience, Safari is really good at anti-fingerprinting (as long as you have the prevent cross-site tracking and a ad/tracker blocker ((uBlock Origin Lite or Adguard))), it should beat even fingerprint dot com whenever the IP changes, and Private Relay changes your IP adress occasionally

Still, I’d say isolating those accounts you really don’t want associated with your others in a VM is a really good idea, keep in mind that your browser fingerprint in the VM will technically also be the same across identical VM’s unless you use Mullvad and different browsers, but this is probably insanely overkill in any scenario where you aren’t hunted by someone lol

I had the same question so I just looked with fingerprint.com and yes, I have the same fingerprint on my personal profile as my shopping one. It does make you wonder if there’s much point in using the profiles. As noted though, upon a change of IP (and after clearing cookies) the shopping profile did get a new fingerprint. It then stuck with it, and the personal profile also stuck with the fingerprint it had. So maybe one should just try to establish a fingerprint on each profile by switching VPN servers each time and going to fingerprint.com? Beats me.

Edit: I set up a few different profiles and established unique fingerprints on each that seemed to stick even when using the same IP. Then after a little while checked a profile and it’d changed to match my main. I guess it just latches onto whatever it can and maybe sometimes IP and “similar timestamp” is enough for it to go “ohhh right these are Safari Profiles” and match them. No idea. It all feels futile to be honest and that you might as well just have everything as one profile, but strictly a different browser and different VPN IP for anything more private (legal NSFW and such)

It does a lot better if you’re using Private Relay, that way you’re blending in with a pool of other Safari users. Also it will give you a different IP address per-session so you don’t have to manually change IPs.

Exactly this, I also did some tests with Librewolf and a VPN and I’m pretty sure fingerprint dot com is mostly based on the IP address, picked a random country and had never visited the website there, but it said it was my 2nd time visiting lol

oh also, just so you know, I think this probably doesn’t do anything, I would think that you just get fingerprinted whenever you visit a website with the integration :slight_smile:

also also, in general, think about how many people are visiting websites, it may look really scary that the website detection is pretty good (as long as you don’t change the IP), but their website is meant for like CEO’s etc to go on there and get sold on their product, and likely not very many people are actually going to their website in general, so my theory is that the website is much more aggressive than the actual product (if it was that aggressive in a normal website with millions of visitors it would probably think wayyyy too many people are the same, which would ruin their data) :slight_smile: I could absolutely be wrong about this though!

Is Private Relay actually decent and even worth using in addition to VPN?

I always just assumed it was either useless, a heavily logged honeypot, or both. To be fair on the honeypot risk, LE isn’t really one of my threats (I have no intention of doing anything that would trigger them) but paranoia makes me wonder about all sorts of hypothetical situations where you don’t actually do anything wrong but stumble against something bad, or an AI slopcop that is already suspicious of you for caring about privacy is triggered by you sharing an image of a grid or something.

I could be wrong but I think Private Relay is very good and uses multiple servers which don’t know anything about the previous (multi hop), and for the detection stuff I wouldn’t think Apple would benefit from that in any way, and it would probably have to be disclosed in some privacy policy.

That being said, Private Relay can randomly lose connection and expose your real IP (happened to me once in like half a year, so not often), my solution to this is to have a VPN on my router that routes my devices I use Private Relay on through a Wireguard VPN, no idea how it functions with a VPN app on device however as I don’t want to keep one running in the background all the time :slight_smile: