Lobsters: taken

creesch

I might be old and jaded, but nothing that is presented here is new in any meaningful way. The "hot singles in your area" meme probably is almost two decades old by this point.

Some of these things you can question if browsers should expose them. With others they are used for fingerprinting sure, but they also are used for basic functionality. I prefer websites knowing that I prefer dark mode as a simple example. Being shown time and dates correctly (timezone) is also nice.

Besides all that, this website doesn't meaningfully give you any information and is mostly an edgy way to present fingerprinting.

If you care about fingerprinting the EFF website is a much better resource: https://coveryourtracks.eff.org

Having said that, I care about privacy and do take steps to limit tracking somewhat. But I don't really believe that trying to limit fingerprinting helps with that. The only way that I know, to have no fingerprint also means having a browser experience that is extremely unpleasant to use. Anything in between actually gives me a more unique fingerprint.

benjajaja

The sad part is that the timezone is inferred from the IP and not always right.

enpo

You can get the configured timezone in javascript.

// Best approach, gives you Europe/London
Intl.DateTimeFormat().resolvedOptions().timeZone

// Only tz (in minutes) offset not the name of it, gives you 60 (if tz has offset UTC+01:00
new Date().getTimezoneOffset()

addison

Sometimes a new way of telling people something helps, even when many people already know it. Some people just need another representation of the kinds of information their browsers are sending. My family, who is not technically oriented, value when I send them stuff like this, because it helps them understand what their computer is sending, and in a way that is artistically engaging (e.g. vs. coveryourtracks).
- vrypan
  
  100% agree. Actually, this is a perfect educational demo for my teenage daughter.
jmillikin

Back in the very early days of the internet there were banner ads with text like "Your computer is broadcasting an IP address!!!". This site reminds me a lot of that era, the idea that it's dangerous (in some amorphous ineffable way) for a website you connect to to know anything about the device or connection you're using.

If you go outside then people can see your face. If you go into a shop the other customers can see which section of the shelf you're looking at. When you buy a carton of eggs the store will keep a record of that sale, with a timestamp -- if anyone is standing outside the store noting down who enters and exits then they could dig through the trash bin outside the store, find your receipt, and know you bought eggs.

You can either panic at the terrible invasion of privacy that occurs at all times and without recourse, choosing to stay inside with the blinds closed and interact with the world via Monero purchased by Tor ... or you can accept that this is what life is like, has been like for as long as people have existed, and no great harm will come to you from a site knowing what your local timezone is or which CPU your computer has.
- mccd
  
  I think it becomes creepy when device fingerprints are being used to build profiles on individuals. The fact that a website knows what fonts I have installed doesn't bother me. The fact that it is being shared with a third-party and then used as a way to cross-reference my browsing patterns and build a profile on me, is creepy.
  
  I also don't think just saying "that's life, accept it or live in the woods" is a good approach to solving any issue in this world.
  - creesch
    
    I agree that just accepting things like these as true isn't a good approach. At the same time, these things aren't an absolute. To stick the with irl analogies, I put any paper mail with personal information on it through a shredder before throwing it away. If someone really wants to they might be able to piece things back together but that means they really have to target me.
    
    In a similar sense I try to look at online privacy and see where I reasonably can protect myself somewhat. I likely can't stop fingerprinting entirely, see my comment here. What I can do is limit how they reach me by blocking ads and being selective about where I create accounts.
  - jmillikin
    
    I think it becomes creepy when device fingerprints are being used to build profiles on individuals.
    
    Sure. There's lots of things people can consider creepy when overthinking the details reveals uncomfortable truths about the world, such as the conflict between "I want websites to load with minimal latency" and "the lowest-latency option for connecting to a website allows the website's server to know which ISP I use".
    
    You have the option to choose a different tradeoff via a less-common user agent. If I open the site in Tor it says I'm in Amsterdam connecting via an ISP in Reykjavík using a desktop, none of which is accurate. I don't really care whether a site can make accurate inferences about my general demographics so I'd prefer the fast connection, but you can choose otherwise if you want.
    
    Questions to ponder:
    
    What concrete information is this site trying to communicate? Look past the vague innuendo, what is it saying?
    
    What would the network architecture and browser capability set look like in a world where a site can't tell where you're located or what your local timezone is?
    
    Given that both chocolate- and denim-flavored ice cream exist, and 99% of people prefer chocolate, what is the end goal of advocacy against allowing ice cream parlors to serve chocolate?
    
    I also don't think just saying "that's life, accept it or live in the woods" is a good approach to solving any issue in this world.
    
    It's a good high-pass filter for deciding whether something is an issue, though. If it's raining you can stay inside and dry or go outside and get wet, but you shouldn't waste time arguing that the rain shouldn't be made of water.
- gspr
  
  If you go outside then people can see your face.
  
  Consider the hundreds of people you'll encounter in a few minutes in a normal urban center. Sure, they can all see your face. Now, instead of just striking a glance at you, assume that they all walk up to you, and make a sketch of your face. They look at their watches, note down the time, note down what you where wearing, note down where you are. They might ask where you're going. (In the world we seem to be rushing towards: they also make a copy of your government-issued ID).
  
  You'll move on. These hundreds of people then take their notes to a big building where millions of employees of giant corporations – and governments – meticulously sort through the sketches and notes taken on you and everyone else in the city. They hang them on giant boards and tie red string between them like detectives in some kind of crime story.
  
  They do this every day, in order to know you.
  
  Is this really so "amorphous and ineffable"?
  - jmillikin
    
    Yeah. Welcome to life.
    
    Why do you think people are so willing to post photos of themselves on Twitter? It's not because they think the internet is more anonymous than real life, it's because they're comfortable with the idea that they can't stop other people from perceiving them so there's no point in caring.
    
    gspr
    
    Yeah. Welcome to life.
    
    You're the one who invited the analogy to the real world. For the real world, accepting what I describe as "life" is definitely not the norm. Do you really think that it should be?
    
    Why do you think people are so willing to post photos of themselves on Twitter? It's not because they think the internet is more anonymous than real life, it's because they're comfortable with the idea that they can't stop other people from perceiving them so there's no point in caring.
    
    I agree with this analysis. The fact that "people" are so willing to do this, does not mean that the rest of us have to accept it.
  - freddyb
    
    It's a beautiful demo, I like how it reveals things over time with the animation effect. However, the analysis (and the written) is - for my taste - just too vibe-based.
    
    For example, lots of the things it claims to "understand" about your browser is stuff that Firefox would just present as a hard coded value - despite of what your actual devices could be doing. A fingerprinter won't notice it though, because Firefox goes for conformity when it comes to device-specific information (CPU count, screen resolution, etc).
    
    In Firefox, the page tells me that my GPU information was "kept back" by the browser and that my browser gave GPU information away at the same time. Vibes?
    
    As an aside, if you were to use a different web page to see if you could be tracked, they try to measure "entropy" or figuring out how unique you are. That approach is, sadly, also flawed. This is because some browsers will also add randomness into APIs that need to be finer grained than "how many CPUs do you have". As an example, Firefox would always look unique to a canvas fingerprinter, which might be scary. That is until you realize that you will always have a different, unique fingerprint. Try it yourself by opening a fingerprinting test page in normal browsing mode vs. private browsing mode or in different containers.
    
    (I wrote this comment internally at work, earlier this week, so excuse me for repurposing some text here).
  - jmtd
    
    This post could use a much more descriptive title
  - doctor_eval
    
    It must suck to use Chrome.
    
    creesch
    
    It is silly to assume that fingerprinting doesn't happen with other browsers. In fact, only makes you more unique in some instances.
  - sdhand
    
    We know this because your IP address was the first thing your device sent us. We know the rest of it. We chose not to display it. Most pages would not have made that choice.
    
    The opening paragraph is a bit off putting - very much feels like fear mongering aimed at the less technically literate. Of course a web server knows my IP…. The line about “ We chose not to display it. Most pages would not have made that choice.” strikes me as odd. Why would it be a problem to show me my own IP address? Also I don’t think “most pages” are choosing to do so. Maybe I missed the point they were trying to make.
  - pyfisch
    
    You prefer light interfaces — your operating system told us.
    
    And yet the website ignores my preference, illustrating that websites most often don't use these data points to improve the user experience.
    
    gerikson
    
    Does the website have a light mode though? It's supposed to convey a creepy vibe so I guess it doesn't.
    
    riki
    
    I think anyone dabbling with design who thinks creatively for a little bit would be able to come up with a light theme that fits the vibe, though,
    
    like perhaps set the site against a concrete gray background? That would certainly be interesting as a starting point.
    
    stig
    
    Your screen is 375 by 812 pixels, rendered at 3x density — which means it is almost certainly a recent, high-end display.
    
    Eh, this iPhone 13 mini was released nearly 5 years ago in 2021, which I don’t think of as all that recent. Interesting page nonetheless!
    
    confusedcyborg
    
    I'm currently on a 5g connection in Munich, but the site thinks I'm in London.
    
    pscanf
    
    We know this because your IP address — 88.xxx.xxx.231 — was the first thing your device sent us. We know the rest of it. We chose not to display it. Most pages would not have made that choice.
    
    Bold choice to start with this sloppy, InfoWars-esque copy. For me, it immediately discredits the rest of the page, though I should probably just say "it sets the tone", because the rest is comparably bad.
    
    Riolku
    
    super, super cool. And scary, as usual. Thank you for making this