Ofc, there is another technique but the only one most websites will use is the css one. If my intuitiom is correct then, shouldnt we recommend everyone to do that?
The site can see what browser you are using and what extensions are included. What stands out more and is easier to fingerprint? Looking like everyone else that uses uBo that “appears” to have ad blocking or being one of the few that use uBo that don’t “appear” to have an ad blocker?
Hiding the fact that you use an ad blocker doesnt stop fingerprinting (and even then I’m not convinced that disabling that setting hides that you are ad blocking). Looking unique in a group of people is how tracking via fingerprinting works. Everything you change that makes you look different than others with the same browser and extensions makes you easier identify via fingerprinting.
Websites use both network and CSS baits for adblock detection. There are no papers researching which methods are used as “the only one most websites will use”.
For network baits, they simply can fetch/XHR ads/trackers connections and see if you are blocking them or not, or even a simple <script> tag for ads scripts with onerror attribute.
If you’re this concerned about fingerprinting, I think it might be a good idea to use a browser like Mullvad or Tor that actually does a good job protecting against it.
The article from fingerprint.com said only CSS detection was practical both from a network load perspective and from a perspective of not doing shady things if someone looks at the console.
I assumed they had expertise in what they are doing. But nowadays sites can fetch dozens of pages, so maybe their assumption is wrong.
Don’t we have studies on what are the techniques for fingerprint ? I mean in detailed terms, not just saying cookies, canvas, etc.
In reality, a lot of sites use network baits to detect adblock because CSS baits are easier to defuse (for example, even you know what to do with it, but with network baits I doubt you would know how to defuse them asides from allowing the connections). Those network detections are actually what uBO team deals with daily.
Bait networks can be really small in size. https://static.doubleclick.net/instream/ad_status.js only contains 1 line window.google_ad_status = 1;. Also many network filters are just the paths of the URLs, for example /baynote.js in EasyPrivacy can be used as 1st-party connection baits (no need to load 3rd-party to raise concerns) and with those generic names, you won’t know which ones are more suspicious among other 1st-party connections until investigating the codes more deeply than just opening the console anyways.
Don’t we have studies on what are the techniques for fingerprint ? I mean in detailed terms, not just saying cookies, canvas, etc.
I mean yes. But most of them focus on the techniques that generate higher entropy for fingerprints, rather than this one, which actually has pretty low entropy since there are only few blockers that most people use (AdblockPlus, uBO, Adguard…), assuming you are using default setings. Similar to why Tor Browser doesn’t bother to mask the OS in the user-agent since there are just a few OSes most people use.
It’s just once you are not using default settings, you become more different to many others, regardless of network or CSS or user-agent.