A web page that shows you everything the browser told it without asking

Posted by mwheelz 1 day ago

A web page that shows you everything the browser told it without asking(sinceyouarrived.world)

576 points | 285 commentspage 4

ShabbyDoo 19 hours ago|

Access to the available font list might be useful for identifying devices likely issued by a particular organization. Unusual fonts that are part of an org's branding usually are installed as part of a standard device image. This allows employees to produce brand-compliant presentations, etc. I was an intern at GE in the mid-90's and we had a custom font with just one character defined - the "meatball" corporate logo.

corobo 23 hours ago||

Dunno what it is with the wording but my brain started reading it in a bit of a "Hello Clarice" Hannibal Lecter style lol

>The specific combination of fonts on your device is nearly unique — like a fingerprint made of letters

Is this one true? I've not made any changes to fonts on my phone that I know of, wouldn't it just be bog standard iPhone fonts?

Curiosity not challenge

Would be cool if you actually did track just to prove the point like "you've opened this page 6 times now, 2 of those were via VPN and one time was using the Firefox Focus browser. Have you found any flaws in the data yet?"

moritzwarhier 21 hours ago||

https://coveryourtracks.eff.org/

does the same or better, without AI regurgitation and a WordPress theme.

mikeocool 22 hours ago||

As far as this website reports, I'm undistinguishable from most other Mac users in Brooklyn, New York. Seems like it's not actually highlighting the frightening aspects of fingerprint.

ygjb 22 hours ago|

Yeah, your browser fingerprint might be a needle in a needlestack. You might not be able to distinguish one needle from another needle easily, but if you have enough needle samples you can start to identify what the needles are pointing at. Data aggregators collect enough pseudo-indistinguishable needles to be able to disambiguate and associate them with a known identity or cohort. For example, your mobile browser might be indistinguishable from most other Mac users in Brooklyn, but your mobile browser might be the only one running on a device from an IP address that regularly logs a meal in MyFitnessPal at that Starbucks wi-fi before making Apple Pay/Google Wallet purchase, hits the next 8 stops on the train before connecting to the same cell tower at the narrow window as you enter your office (telling on myself a bit, tho I am in Vancouver, not Brooklyn).

Span this across all of your movements and activities across multiple aggregators and it's a trail of movement through a fog of data that is fuzzy, but enough to identify you, or a small cohort of similar users.

1vuio0pswjnm7 22 hours ago||

Perhaps this illustrates the ridiculous level to which website operators make assumptions about website visitors

This phenonemon is much older than "browser fingerprinting"

1vuio0pswjnm7 21 hours ago|

Opening this page in text-only browser, i.e., no Javascript, CSS, auto-loading resources, etc., it appears to contain zero information about the visitor. Not even an IP address

https://web.archive.org/web/20260508131253if_/https://sincey...

Aardwolf 21 hours ago||

> You came here from news.ycombinator.com. Your browser told us the address of the page you were reading before this one. Every link you follow tells the destination where you were. The page you just left knows you left. This page knows where you came from. Neither was asked.

I thought this didn't work anymore and browsers left out the referer in the case of https, is that not so then?

CCoffie 21 hours ago|

I believe you only lose the referer header when switching between http and https.

____tom____ 20 hours ago||

I doubt the fonts on my iPhone identify me. As far as I know, they would be the fonts it came with. Or can apps install fonts?

binyu 19 hours ago||

They forgot to add timing attack on images load time which can be used to tell if you visited X website.

https://www.ieee-security.org/TC/SP2011/PAPERS/2011/paper010...

lights0123 19 hours ago|

Not since browsers started partitioning caches in 2020: https://developer.chrome.com/blog/http-cache-partitioning/

binyu 17 hours ago||

I don't think this protects from sidechannel/timing attacks applied to images load time completely.

Edit: Reading more thoroughly, probably it does to a great extent after all.

mcintyre1994 20 hours ago||

> Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique

Is this actually true? Because I don’t even know if I have any control over this on iOS, and if I do then I’d guess almost nobody diverges from the default?

mwheelz 19 hours ago|

Fair point, and you're right. On iOS the stock font set is essentially uniform across devices in the same OS version, so the "nearly unique" claim doesn't hold there. Just pushed a hedge: prose now distinguishes between desktop (where fonts accumulate via apps and OS over time, and the bundle is genuinely identifying) and iOS/Android (where it isn't, on its own). Combined with screen + GPU + language + timezone the iOS version still narrows the field, but the prose shouldn't overclaim. Thanks.

D2OQZG8l5BI1S06 15 hours ago|

AI really has a problem picking proper fonts, this is barely readable...

More comments...