I recently wrote about the limits of these kinds of fingerprinting tests. They tend to overly focus on uniqueness without taking into account stability. Moreover sample size is often really small which tends to artificially make a lot of users unique
> [...]
JavaScript Errors: When any of the 24+ fingerprint collection methods throws an error
[...]
So when any of the browser APIs it exploits aren't available, it just fails instead of using that as a datapoint in itself. I'm unimpressed.
AbraKdabra · 7m ago
So, what's the solution to all of this? Are there any settings I need to modify to Chrome to not allow certain info to be queried?
maelito · 1h ago
This is why privacy must be enforced by states, their laws and a powerful public enforcement agency.
You cannot expect people to technically protect themselves from tracking.
(you can invite them to not use abusing services though)
dylan604 · 39m ago
> (you can invite them to not use abusing services though)
First, you'd have to define how one can determine what an abusive service is. Is Facebook and abusive service? Is some random website that happens to used FB's SDK an abusive service? How does a normie internet user find out the site they are using has abusive code? Some plugin/extension that has a moderated list that prevents a page from loading and instead loads a page dedicated to explain how that specific site is abusive?
NoboruWataya · 1h ago
Perhaps I'm missing it but does it explain what aspects of your setup contribute the most to your score or suggest remedial actions? I wasn't that surprised to find that my standard setup is highly fingerprintable (for one, I use Firefox which alone is enough to single me out in a crowd) but I also tried using a vanilla Chromium install via a popular commercial VPN and still got a rating of 100%.
zargon · 4m ago
Running Chrome will make you highly fingerprint-able since it has so many APIs that can identify your hardware and software configurations directly or indirectly. It doesn’t help you “blend in” at all.
That said, even if this tool isn’t hard-coded at 100%, it probably can’t report anything else. Because if your browser blocks any of its data collection, it just says it "failed".
seanw444 · 20m ago
I'm curious as well. Ran a stock Vanadium config with Mullvad enabled, and got 100%. Maybe Vanadium isn't as focused on fingerprinting as I'd thought.
Why does this have a domain of .ai, what exactly it is doing AI related?
kergonath · 56m ago
.ai is a ccTLD. Being AI related is not a factor to get one.
latexr · 47m ago
But they are considerably more expensive than more common TLDs, so if you’re getting one you presumably want it specifically and understand the association users will make.
dylan604 · 37m ago
Or it could be that the .com domain was already registered and unavailable, so they started browsing the other TLDs to see where they could find something and felt like .ai is new/hip/trendy
kergonath · 37m ago
Maybe, but there are still many reasons to get one and it does not make anybody less legitimate than AI startups (which was the parent’s point).
https://blog.castle.io/what-browser-fingerprinting-tests-lik...
> This can happen due to several reasons:
> [...] JavaScript Errors: When any of the 24+ fingerprint collection methods throws an error [...]
So when any of the browser APIs it exploits aren't available, it just fails instead of using that as a datapoint in itself. I'm unimpressed.
You cannot expect people to technically protect themselves from tracking.
(you can invite them to not use abusing services though)
First, you'd have to define how one can determine what an abusive service is. Is Facebook and abusive service? Is some random website that happens to used FB's SDK an abusive service? How does a normie internet user find out the site they are using has abusive code? Some plugin/extension that has a moderated list that prevents a page from loading and instead loads a page dedicated to explain how that specific site is abusive?
That said, even if this tool isn’t hard-coded at 100%, it probably can’t report anything else. Because if your browser blocks any of its data collection, it just says it "failed".
Doesn't even detect common browser extensions.
https://github.com/abrahamjuliot/creepjs
https://github.com/thumbmarkjs/thumbmarkjs
Besides, they do sell AI-related services.