18 votes

Think you’re anonymous online? A third of popular websites are ‘fingerprinting’ you.

18 comments

  1. [3]
    HanakoIsBestGirl
    Link
    Interestingly, having lots of privacy extensions can make your browser more unqiue and therefore easier to fingerprint. Check out this site to see how fingerprintable you are https://amiunique.org/

    Interestingly, having lots of privacy extensions can make your browser more unqiue and therefore easier to fingerprint.

    Check out this site to see how fingerprintable you are https://amiunique.org/

    10 votes
    1. cwagner
      Link Parent
      Ever since I started checking these sites, I essentially gave up. My fonts always make me super unique.

      Ever since I started checking these sites, I essentially gave up. My fonts always make me super unique.

      6 votes
  2. [2]
    Keegan
    Link
    This is golden. Also, xfinity said they would stop fingerprinting. That is.. unlikely, given their poor track record with respecting user choice (enabling their stupid hotspot after it is turned...

    The Best Buy website used this invisible ink to write “F1n63r,Pr1n71n6!” — stand back and you might see it spells out “fingerprinting!”

    This is golden.

    Also, xfinity said they would stop fingerprinting. That is.. unlikely, given their poor track record with respecting user choice (enabling their stupid hotspot after it is turned off)(forcing users to use their modem to get unlimited bandwidth on their internet-only service).

    I'm fine with my bank fingerprinting me though, so long as it is the bank and not some third party. I'd rather lose some privacy than lose my money.

    4 votes
    1. skybrian
      Link Parent
      Well, it's a programmer joke. Someone had to write the code. Usually stuff like this is only gets seen by other curious programmers. I guess the lesson is that if it's part of the release, it...

      Well, it's a programmer joke. Someone had to write the code.

      Usually stuff like this is only gets seen by other curious programmers. I guess the lesson is that if it's part of the release, it could end up in the Washington Post.

      3 votes
  3. [11]
    skybrian
    Link
    From the article: [...] [...] [...]

    From the article:

    I asked Patrick Jackson, chief technology officer of privacy software company Disconnect, to test for signs of fingerprinting on the 500 most popular websites used by Americans. He revealed what these sites hide in their code and do on our computers that we don’t get to see on our screens.

    [...]

    Chase, Wells Fargo, Airbnb, Best Buy, eBay and Marriott told me fingerprinting lets them bolster security, such as fighting attempts to use stolen credit cards or passwords.

    [...]

    The New York Times and Fox News said fingerprinting was helping identify automated bots that might interfere with site operation.

    [...]

    Washington Post spokeswoman Molly Gannon said, “The Post is using industry-standard advertising systems to support our ad business and serve our users relevant ads."

    3 votes
    1. [10]
      9000
      Link Parent
      At least the Washington Post is being honest. However, I still hate the "relevant ads" defense. It seems so flimsy.

      At least the Washington Post is being honest. However, I still hate the "relevant ads" defense. It seems so flimsy.

      7 votes
      1. [9]
        Diff
        Link Parent
        They're inaccurate and not necessary. Look at DDG. Their ads are based purely on whatever it is you are searching for right in that instant, no tracking of any kind and they still perform as well...

        They're inaccurate and not necessary. Look at DDG. Their ads are based purely on whatever it is you are searching for right in that instant, no tracking of any kind and they still perform as well as 1984-style ads.

        6 votes
        1. [8]
          skybrian
          Link Parent
          Search queries are often excellent for determining what the user is interested in and running relevant ads. Most websites aren't search engines, though, so they can't really follow this example.

          Search queries are often excellent for determining what the user is interested in and running relevant ads. Most websites aren't search engines, though, so they can't really follow this example.

          5 votes
          1. [2]
            sandaltree
            Link Parent
            But most websites still center around some theme, unless of course they are news sites. Maybe in that case they could relate it to the topic of the news.

            But most websites still center around some theme, unless of course they are news sites. Maybe in that case they could relate it to the topic of the news.

            1 vote
            1. skybrian
              Link Parent
              Yes, sites will do that but it's not as effective and so the rates they charge will be much lower. For example, reading about the impeachment doesn't imply you are shopping for impeachment-related...

              Yes, sites will do that but it's not as effective and so the rates they charge will be much lower. For example, reading about the impeachment doesn't imply you are shopping for impeachment-related stuff. Reading a product review would imply something (affiliate links are probably working well for Wirecutter), but a lot of news stories aren't as commercial and where tragedy is involved, advertising based on the content can come off as pretty tacky.

              1 vote
          2. cwagner
            Link Parent
            While we run Google Ads to fill unfilled slots, the ads that we run are highly targeted, but not on the user (besides some coarse geo-ip checking to not show events in one part of the country to...

            While we run Google Ads to fill unfilled slots, the ads that we run are highly targeted, but not on the user (besides some coarse geo-ip checking to not show events in one part of the country to users on the other side) but on the content we have. It’s a news site and the ads we show depend on what the article is about.

            1 vote
          3. [4]
            Diff
            Link Parent
            Maybe it's silly but can't you think of any given web page as the destination of some search query? If someone's on a page odds are they're interested in whatever's on it.

            Maybe it's silly but can't you think of any given web page as the destination of some search query? If someone's on a page odds are they're interested in whatever's on it.

            1. [3]
              skybrian
              Link Parent
              Yes, but it doesn't work as well. It used to be you'd even know what the search query was due to the "Referer" header, but I don't think that's true anymore. But for a link from Tildes (for...

              Yes, but it doesn't work as well.

              It used to be you'd even know what the search query was due to the "Referer" header, but I don't think that's true anymore.

              But for a link from Tildes (for example) it only implies you found the headline interesting. And we're not here to go shopping, so the advertising isn't going to be very effective or sell for much.

              1. [2]
                Diff
                Link Parent
                I'm not seeing a whole lotta difference between that and a search page still. With tildes, we have a bunch of tags that could be used to target interests. And somebody searching the web for "Neato...

                I'm not seeing a whole lotta difference between that and a search page still. With tildes, we have a bunch of tags that could be used to target interests. And somebody searching the web for "Neato phone wallpapers 2019" isn't really in the market for much of anything, either, at least based on that one snapshot of their interests.

                1. skybrian
                  Link Parent
                  Yes, that's not a commercial query and they probably wouldn't make much from ads for it. But in a way that proves the point. A search box asks "what are you looking for" in a way that's very...

                  Yes, that's not a commercial query and they probably wouldn't make much from ads for it. But in a way that proves the point. A search box asks "what are you looking for" in a way that's very direct, so it's hard to beat.

                  Following a link is more like multiple-choice and so you only know that it looks somewhat relevant to them, rather than what they're really looking for.

  4. [2]
    on_a_trollercoaster
    Link
    In a post social-revolution world i see the anonymous nature of the internet a naive assumption of a past long-gone. There are many unique ways to identify a single individual surfing the web...

    In a post social-revolution world i see the anonymous nature of the internet a naive assumption of a past long-gone.

    There are many unique ways to identify a single individual surfing the web today. Staying anonymous feels more like fighting to control damage, than achieving a 100% privacy protected status. Everything we do outside of simple surfing is a privacy nightmare, and fingerprinting takes simple surfing into the nightmare too.

    1 vote
    1. skybrian
      (edited )
      Link Parent
      Well, it's a contested area and both sides are shifting tactics. I think the next phase after adblockers is to browse web pages using proxies, so the you're never connected to the website at all...

      Well, it's a contested area and both sides are shifting tactics. I think the next phase after adblockers is to browse web pages using proxies, so the you're never connected to the website at all and there's nothing to fingerprint. But to do that you need a trusted intermediary.

      Outline.com and VPN's sort of do this, in different ways. Firefox using Cloudflare for DNS is a small step in this direction. In some ways Google would like to be a trusted intermediary too, with their web page caching.

      And in some ways it seems that both sides want to do a deal? The New York Times wants readers and people do want to read their articles. They can't agree on terms though, so we get some rather baroque negotiating via technical means.

      3 votes