Sorry but I feel obliged to post this GIF 
1 Like
Oh, yes - but the Cult of Brave often doesn’t distinguish to that level. Or sometimes even accept that other browsers exist.
3 Likes
And how would this provide anything of value? There isn’t really value in getting data only from people who are aware of what fingerprinting is and want to test it. You just end up with tainted data.
When CreepJS was using whatever API it was, it was hugely valuable to validate a detailed fingerprint against the “blend in” strategy and then see what data could be spoofed to create temporary fingerprints. AmIUnique always given me “you’re unique in our database!” results - every time. Same browser, same IP, 3 minutes apart, I’m still “unique” in their database? lol, ok.
EFF is better, but CreepJS would clearly show “I’ve seen you 4 times since first visit….5 times….6 times” if you change IP address, extensions, etc. it would track you. It was a real-time test of defeating fingerprinting.
For example, first time I checked TOR on it, it said I had visited the site 80 times in the last 90 days, confirming TOR’s blend in masking as working. So it made it very easy to test settings on browsers like LibreWolf or Brave and see how easily you really are tracked.
I tried to fork it myself and looked through GitHub for any other forks that worked, but they were all using the original API that was broken. So the whole project died that day. Really quite sad.
Edit: Found a similar one, but you just have to keep track of your own fringerprint hash.
1 Like
fingerprintjs is actually one of the less reliable than actual fingerprint test sites
I thought https://browserleaks.com/ was the standard in checking fingerprinting?
Right, but what I’m talking about is a way to identify the overall fingerprint to see if changes can still be tracked. Browserleaks only has that for fonts and canvas.
FingerprintJS gives you an overall hash at least.
The whole point of browser leaks is manually gathering that data and analyzing if it changes somewhat or another
Of course you cannot check among other devices, unfortunately when it comes to fingerprint tests like those they could only simply be taken with a grain of salt (Maybe except amIunique that one may be the most reliable we have to check among devices but yeah)
Does this not make it not very useful though? Like, maybe if the sample size was 10 times higher, there would be matches, but this way I assume that I am unique and think “oh well, might as well not do anything to counter this”. What @SwampTrainer mentions is even worse though:
@sp_rtings : Yes, I agree with this and in reality for me even more browsers are in use (like, less aggressive ad blocking, excluded from VPN etc.):
And true, the following is also a good point:
And do not get me wrong, my intent is not to discourage from such studies and research but to encourage to get more clarity into this. It just feels like despite so many privacy-related info is found online, they are hard to quantify or even close to useless. One example for this is turning off javascript. I mean.. yes.. but then you can just stay offline as well, as SO many pages depend on it (even this forum, and rtings page as you have shown) that this becomes useless advice. One can also reset the identity often in the Tor Browser. Does it help? Nobody clearly knows..
Beyond the “use different browsers for different things” and “do not change anything if you want to blend in” - but then again, we do not know HOW MUCH you really blend in - there are no real advices to give. Maybe I am just a bit frustrated, that I also can not give clear advice to other privacy-interested friends though, lol.
1 Like
The modern b2c web standard is to use hybrid rendering where the initial request is SSR’ed so that the user doesn’t have to download all that JS crap that you’ve outlined to render a page. After the initial SSR, each subsequent navigation should be pre-loaded and client-side rendered. This type of architecture will feel super snappy for the user - an experience that you won’t achieve with just HTML + CSS alone. It’ll also seamlessly handle no-JS users and will give a good SEO boost. There’s no getting away from JS in the modern web world if you want a snappy, highly functional site. It just needs to be implemented better, which I believe is at the very core of your criticism here. Also they’re probably using recaptcha to fight bots from scraping their content, which is very reasonable.
rtings.com probably have a mountain of tech dept. If I was them I’d be looking into nuxt now.
I would not really look into adding complexity with Nuxt, quite the opposite: better to aim for less.
And yes, I am well aware of that JS bloatware situation, I’m a full-time Nuxt developer myself delivering a wonderful 2MB payload upon arrival. 
Still, me and my team are trying out best to slim the app down a little bit more everyday.
Hydration can be avoided (and should) but it’s just easier to embrace the whole JS meta-framework wagon unfortunately… 
This type of architecture will feel super snappy for the user - an experience that you won’t achieve with just HTML + CSS alone
Progressive enhancement is a thing, works very well given the latest improvements of the Web platform. But…I won’t get further on that topic. It’s very off topic and my feedback to the team was already forwarded so I’ll refrain from transforming this thread into a JS-bloatware rant. 
1 Like
Yeah, but I can get buckets of the data anywhere. What’s useful to a normal person is 1) getting a single tracking point I can check on a binary yes/no basis to see if I’ve changed anything that breaks tracking, 2) getting something that mirrors tracking effects by Google or Meta and tells me if I’m having an effect or not.
What’s the point of raw data when I don’t know how Google interprets that? It’s fingerprint data for the sake of just seeing the data. We need analysis, or to know how to do our own analysis, for any sort of real value.
I agree with @carbonated - I certainly don’t want to discourage research in this, but we need greater insight as to what really does help. Fingerprint data without context of how it’s used isn’t super helpful for the most part.
Even with our own fingerprints - We shout “We can be ID’d by our fingerprints!” Now we’re all arguing about whether or our hands should go IN a pair of gloves, or under the gloves, or use them like potholders, or paint gloves on my hands, or maybe just buy gloves and the act of owning them is enough to prevent you leaving fingerprints anywhere even if you leave them in a drawer at home.