Posted by mwheelz 1 day ago
https://news.ycombinator.com/threads?id=mwheelz
Mods, is there something we should know? Is there maybe a reason to stay away from the linked website?
Where are you was sent to another location due to the VPN, this was all it really impacted. When you arrived was wrong because of the Mullvad browser, even without the VPN enabled it reports that I'm in Reykjavik, which I'm not. What you brought with you, it got the resolution wrong, as the browser locks itself to various resolutions to prevent this kind of fingerprinting. GPU and Battery both say "kept back", I assume this means it couldn't get anything, because when I run in Safari it says Apple GPU.
Harder problem is getting the economic system that relies on this information swapped out. Have fun when 99% of web doesn't 'work'.
1. GPU "or similar" stranded prose. Firefox returns "Mozilla, or similar" as the masked renderer string and my parser was grabbing the second half. Masked-GPU case now gets its own observation.
2. Desktop battery showing NaN/100%. Chromium reports a phantom 100%-charging battery on machines without one; my filter was too narrow. Stricter check, falls through to "kept back."
3. Storage quota of 39+ GB reading as implausible. Now expressed in GB, and the prose was reworded ("would let this page write up to" rather than "allocated to").
4. Screen size matching window size (Firefox letterboxing / Brave farbling). Page now names it: "your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work."
5. "Recent, high-end display" being claimed on old retina devices (iPhone 5-class). Tightened the heuristic.
6. No-JS hangs at "reading." <noscript> block added.
Worth saying directly since it came up. The prose is hand-written. Each observation has a small set of templated registers and the code selects among them based on what the data returns. There is no LLM in the runtime path. AI helped me iterate on the spec like it does for most projects now. The sentences on the page are mine. If that's not the kind of work you're in the mood for, fair, but the slop charge is wrong.
It's almost like web devs don't know the concept of traveling outside ones county.
- Reverse IP/geocode (while be cute about "we won't show your IP", oh no, not my IP!)
- Timezone - Ok, yeah, lots of websites need/make use of that for completely legit tasks
- Browser/OS/Screen size - boring, again mostly needed or historical
- GPU - Again, not super interesting IMHO
- Battery - Ok, this is the first one I think should be behind a permission dialog
- Language - Come off it, that's just table stakes
- Fonts - Again, not sure how else this should work in a "perfect" world
- Cookies/dark mode/DnT/etc - Ehh, again aside from fingerprinting (which ruins everything) these are all QoL improvements IMHO
- Referrer - Again, this is just how the web works
I think the websites that take all of that and show you a fingerprint or show the data in a more data-oriented way are way more compelling.
This, almost certainly vibe-coded, website doesn't do anything novel and hits on a huge pet peeve of mine: using low-quality arguments for a legit issue (fingerprinting). By mixing in stuff like your IP/Language on the same level as Battery/GPU/other-fingerprinty-things it makes the whole argument less compelling.
The server tells your browser to display a line of text in a specific font. If that font is available, your browser does so, and if not, it displays the text in your default font, or a backup font if the developer specified one. There's no need for the server to know if it's there or not.
1. Make an HTML <span> element that contains "The quick brown fox jumps over the lazy dog" written in the default font.
2. You can't query what font that was, but you can use the getComputedStyle() DOM function of that element to work out the width (for example) of the resulting element. Note this down.
3. Do the same for all the different fonts that you want to test.
4. If any element's width differs from the default's noted in step 2, then the corresponding font is guaranteed to be installed on your system.
As written, this won't detect the font that the user has selected to be the default font (because it won't detect the width as being different). However, you can work around this (and remove most false negatives to boot) by a simple addition:
5. Pick one of the fonts that you detected as being installed.
6. Create more elements (as in step 1) that correspond to all the fonts that were detected as being the same width as the default, but have the font you selected in step 5 as a fallback. (eg. 'font-family: Testing, Fallback;')
7. Any element with a width that differs from the font you selected in step 5 is installed on the system.
What you get will be a relatively complete list of what fonts are on the system out of the ones you tested. If you want more accuracy, you can do a similar thing with individual letters instead.