Is DNS based ad blocking fingerprintable?

Hello everyone, if I use let’s say Mullvad’s DNS for blocking ads, can websites or apps know that I’m blocking ads? Can they deduce that I’m using Mullvad because of what gets blocked?

The tests on this blog post (How ad blockers can be used for browser fingerprinting - Fingerprint) can’t tell I’m blocking ads via DNS but these tests are rarely representative of all ways to fingerprint you so they could be meaningless.

Yes, websites can tell whether or not you are using an adblocker but from my understanding it would be very complicated to tell what kind of DNS blocker you are using.

1 Like

Websites can directly know your DNS server without needing to test what’s blocked and what’s not, eg https://dnsleaktest.com/

Interesting, I also tried this test with my VPN on and as long as I don’t change servers the results are the same even if I enable or disable DNS ad blocking, hopefully this means websites know my DNS but they don’t know my exact configuration (maybe I’m blocking malware and not trackers or ads) which would be more unique.

@Valynor If they can’t see my exact configuration that’s great, it would be very unique since most DNS have many different blocking settings so their users could be divided in many smaller, easier to identify groups

Please remember to not rely on these fingerprinting sites for testing your fingerprint. They are not reliable at all.

Technically the act of generic adblocking itself already made us unique since the majority doesn’t do that, disregard how we did the adblock whether via dns or local ublock, adguard, adblock+ extension or whatever.

Its pro and cons, threat modelling. For me personally, i try not to be too tinfoil nowadays so i don’t actively inspecting every bits and bytes, i don’t actively trying to be fully anon since i realised its basically impossible to be fully anon in this day and age without resorting to being a reclusive hermit in a cave away from the society and from the open internet. My thin line between privacy and/or security with convenience is at that. The pro of added safety and security of me not auto loading annoying crap ads, malware and viruses url outweight the cons of me might be more identifiable by ad and tracker blocking.

Same concept with vpn and tor, with non mainstream browsers, non mainstream os etc. In fact theres actually people deliberately using generic chrome and windows to blend in.

There are two basic sources that fingerprint information comes from.

The first is information exchanged between the server and your browser in the HELO handshaking along with the IP address you are coming from. A VPN can deal with the IP address and a browser could provide just generic information, for example “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0” This happens to be what my current version of Mulvad running on an ARM based Mac is reporting to one of my websites, so Mulvad is providing some generic and not quite correct information which might make it blend more into a crowd. Not perfect as it gives the generic OS version and the fact that it is a Mac, but not exact as I am actually using OS X 15.1.1 with an ARM processor.

The second is by running some Javascript on your browser that abuses various APIs to determine details about your window size, what rendering engine is being used, etc. and then report that back to the site.

Most discussions I see about fingerprinting seem to focus on what the abusive scripts can and can’t determine. The key thing is that those abusive scripts are basically the same as any other script from the site. DNS based tracker and ad blocking can also block the fingerprint gathering script too.

That depends, of course, on whether the DNS based blocker knows the domain the fingerprinting script is served from and that the script is served from a different domain than the main body of the website is served from. These are the same two conditions that affect the DNS based blocking of ads and trackers.

I suppose that if the fingerprint gathering script is blocked the site could detect that it did not get a fingerprint, much the same as it can detect that an ad did not get served. And the lack of a script based fingerprint could, I guess, be a fingerprint too. Or maybe make the site think you are a bot. :slight_smile:

1 Like