A web page that shows you everything the browser told it without asking

Posted by mwheelz 1 day ago

A web page that shows you everything the browser told it without asking(sinceyouarrived.world)

573 points | 284 commentspage 3

freedomben 23 hours ago|

I guess I shouldn't be surprised that it gives my exact GPU, but that was surprising to me. Just so everyone knows, its an AMD Radeon RX 6900 XT and I paid way too much for it during the covid/crypto price explosion when they were sold out everywhere. Still a bit raw about that, but it is an excellent card on Linux (fedora)

dylan604 22 hours ago||

"Your graphics processor identified itself as or similar"

guess mine isn't such a specific model as yours. so I don't have a real GPU, i have something similar to a GPU??? did I get a knock off Alibaba version?

mwheelz 22 hours ago|||

Real bug. Firefox returns "Mozilla, or similar" for the renderer string and my parser was grabbing the second half. Fixed; pushing in a minute. Your GPU is fine. Your browser is doing the right thing.

stusmall 22 hours ago|||

I got "or similar" from Firefox and exact make and model from chrome. Probably a browser issue and not a hardware issue.

mwheelz 22 hours ago|||

Confirmed. Firefox's privacy hardening returns "Mozilla, or similar" or just "Mozilla" as the renderer string. Chrome doesn't (yet). My parser was treating the Firefox string as if it were ANGLE format and grabbing the wrong half. Fixed.

dylan604 22 hours ago|||

not regretting choice of browser at all

mwheelz 22 hours ago|||

The GPU string really is the spicy one combined with screen + fonts it's enough to single you out across most of the open web. The card itself is a tank.

2ndorderthought 22 hours ago||

Yea that is a strong fingerprint. Especially if any of the other things were correct or someone has a way to model your behaviors. How long you scroll vs how often you type etc. and somehow that's still not enough for big tech and they need biometrics, photo IDs, etc.

mwheelz 22 hours ago||

Yeah, the bottom counter on the page is meant to make exactly that point. Mouse movements, scroll velocity, tab switches, reading pauses are all features in modern fraud / "trust" scoring systems alongside the static fingerprint. Biometrics is the next layer, and it's already happening on the back of "passive" liveness detection most people never see.

ape4 22 hours ago|||

Yeah the exact kind shouldn't matter - just the WebGL capabilities.

tgv 22 hours ago|||

It got mine quite wrong (Firefox).

The thing that bothered me is that browser are still sending the Referer info. I thought that was not supposed to work under https?

scragz 22 hours ago||

you are using a Radeon RX 6900 XT on Fedora Linux. we know this because you admitted it in the previous comment.

wincy 23 hours ago||

My battery is at NaN%, the site is cool but it should probably change the text if I’m not actually exposing that information.

It got the city wrong but close to where I live. This stuff would be wildly wrong if I fired up my VPN. Although its annoying when I connected to a VPN to Steam it’ll often show my prices in Canadian dollars instead of USD.

freedomben 23 hours ago|

Heh, my battery (which I don't have cause this is a desktop) is at 100% apparently

dylan604 22 hours ago||

Battery: kept back Your browser kept your battery level back. Firefox removed this API entirely in 2016, after researchers proved it could be used to track a visitor across websites without cookies, without consent. The API still exists in the specification. It was simply hidden — from you, and from any page that might ask after it.

Well, at least something positive from the shit I take for not sheepling my way through life using Chrome

llbbdd 18 hours ago||

I got this message and I'm on Chrome, on a laptop. I tested in the console on that site and was able to get the battery level though, so I'm pretty sure their check is just broken.

efreak 14 hours ago|||

Might be bugged or you might have some setting that doesn't allow websites to use it. Try https://googlechrome.github.io/samples/battery-status/

mwheelz 18 hours ago|||

[dead]

simonbw 20 hours ago||

It seems like they know I have an iPhone with dark mode enabled, that I speak English, and that I'm in the USA (but wrong city wrong state). I am kinda unimpressed, I'm pretty sure they can get a lot more info than that.

aziaziazi 22 hours ago||

> Your screen is 320 by 568 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display.

It’s been a long time my 2016’ iPhone as been called recent or high-end but I’ll take the compliment, thank-you.

chainingsolid 19 hours ago|

Ya, I'm not running my Pinephone's display at x2 cause its a high end display on a $200 phone.....

Gualdrapo 23 hours ago||

Text is so dim is really hard to read.

O1111OOO 22 hours ago|

If you're on FF, this could be helpful for these kinds of sites (I use it all the time):

https://addons.mozilla.org/en-US/firefox/addon/site-color-ch...

looneysquash 18 hours ago||

Would be nice if more people were focus on fixing these issues instead of just a bunch of "we already know", and making fun up the tone of the site.

Thanks op for reminding us of the privacy issues with our browsers. The EFF and others already told us, but the issues remain. Lets hope you're hear to stay and fight for our privacy alongside us.

mwheelz 18 hours ago|

Thanks for that. The page isn't trying to tell anyone something they don't already know, it's trying to put it in front of the people who haven't been told. The bug reports today have been gold and the volume is meaningfully better for them.

Multicomp 23 hours ago||

Mine told me my graphics card was "or similar" so my stock Firefox is doing at least okay.

While I still follow the general privacy first tenets, I have ended up backing off on some tools (noscript and librewolf) at the extremes of privacy because if every site is going to track everything by my IP or by my ASN or browser fingerprint, I do have a happy medium of being private enough while not being utterly broken in my browsing.

Roughly that looks like email aliases on demand via sieve rules, ublock origin with liberal use of filter lists, different handles and a password manager, frozen credit ratings, and Tailscale exit nodes or Mozilla(Mullvad) VPN for uncontrolled WiFi access points for my jnrootabke android device and mostly signal for comms.

I'm getting to old to be a privacy extreme enthusiast when all of my family side channels everything straight to Facebook, so this is the impure level of privacy I can sustain.

Milpotel 23 hours ago|

Same for me, also the "screen" size is off (just shows window size), the location is off by hundreds of kilometres and other information is quite generic (battery level "kept back", small set of standard fonts available...).

jameshart 20 hours ago||

> Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique

The set of fonts available in stock iOS is hardly going to be unique now is it?

That it is even possible to install fonts onto iOS would be news to most users.

aidanbeck 23 hours ago||

Aside from the fingerprinting methods, the graphics processor string seems to be the most immediately personal data given up (other than location, which was incorrect for me). I could see sites tailoring ads around an assumed class, income, and level of digital literacy based on this data point alone.

nick49488171 17 hours ago|

The gyroscope and battery should not be getting exposed without permission. That seems unexpectedly invasive, and I'm in tech.

Also we should disable referrer field.

More comments...