Browser Plugs is the solution for Browser Leaks
Test your browser settings and find out what uniquely identifying information you may be exposing. Plus learn what the real device fingerprinting companies are doing that not one single free public fingerprinting test will ever show you!
Browser Resolution and Window Size differences: Browser Leaks uses width, height, availwidth, availheight, pixeldepth, colorDepth — which none of the major companies are using when it comes to modern active fingerprinting scripts. These companies are using alternative sneakier methods that many spoofing and privacy extensions would forget to fake. Common properties device trackers are using but that aren’t shown on fingerprint testing websites include: screen.deviceXDPI, screen.deviceYDPI, screen.logicalYDPI, screen.fontSmoothingEnabled, screen.bufferDepth, document.documentElement.clientWidth, document.body.clientWidth, window.outerHeight, SomeRandomCreatedElement.offsetWidth, document.body.scrollLeft,
Some of the other important differences (click to open examples):
What’s good about BrowserLeaks.com/fonts? This combines 3 different font fingerprinting methods on one page. They have the Glyph fingerprinting, which was harder to protect against until our recent Chrome extensions, which have had a lot of research, time, and experimenting to develop in a way that protects against Glyph fingerprinting as well as font white lists of any size. Previously, it was limited to FireFox white list settings and only a maximum of 10 fonts or so could be on that list. That doesn’t create realistic lists like our Windows 10 Default Installation standard font lists that only allow normal included fonts to be detected for a fingerprint that isn’t so unique. Plus, our extensions don’t even change the look of the page or mess with actual page fonts used. You won’t even know it is running, but it will be protecting you the entire time. Fonts are something that all of these fingerprinting companies are using, and I would like to publish an actual real font list [Real Font List For Fingerprinting] of what a major commercial device fingerprinting service uses, because that is the only bad thing about BrowserLeaks is that they are using a public generic font list and not a real advanced one that real companies use.
Note that these tests offer virtually no insight into what real websites are capable of with their commercial fingerprinting services.
I have spent months (or years) researching what real techniques are being used online, by collecting suspicious and obvious fingerprinting scripts from all industries including:
- Ecommerce for online shopping and services
- Ad-powered free services like search and e-mail
- Advertisers and big personal data sellers
- Operating systems including extreme levels of tracking built-in to Windows 10,
- News content from online newspapers and blogs
- Entertainment, gossip, videos, and stories
- Services such as restaurant delivery and groceries
- Hospitality and travel including hotel websites, travel agencies, and airlines
- Social networks, especially the most popular (Facebook, Instagram, Twitter)
- Internet Services including web hosting, build your own websites, and shopping cart software
- Mobile games, apps, and smart phone targeted content
Some interesting finds to share and research:
Project that is being implemented into Browser Plugs Privacy Firewall Extension:
Ability to overwrite functions and variables to force fingerprinting scripts to treat you better, give you a new unique ID, or remove personally identifiable information before it is saved. That extension has implemented this technique on Browser Leaks and Panopticlick as a way to see what is possible and to have the engine and framework built-in to start implementing real-world uses.
Examples of possible functions to override:
- self.dom_data.collection_status = DomDataCollection.Fail; or self.dom_data.collection_status = DomDataCollection.Partial; forced to overwrite as self.dom_data.collection_status = DomDataCollection.Success;
- all_collection_failure || any_collection_failure || true; forced to overwrite as any_collection_failure = false;
- var isFirst = true; to var isFirst = false; (or visa versa depending on benefits)