Dr. Moose

I feel like better tooling is a safer bet. I know people hate on AI here but tooling that can detect flaws in C memory management would be basically as good as Rust itself.

Yes, and even before js fingerprint happens the connection is fingerprinted through HTTP and TLS protocol fingerprints as each system is slightly different like supporting different encryption ciphers, different http engine and how requests are performed etc.

So even before you see the page itself the server has a pretty good understanding of your client which determines whether you see this captcha box at all. That’s why on public wifi and rare operating systems (like linux) and web browsers you almost always get these captcha verifications.

The more complex the web becomes the easier it is to gather this data and currently the web is very complex with no sight of stopping.

It’s super effective but there are very few real use cases for it outside of security and ad tracking. For example you can’t replace cookies with it because while good fingerprint is unique it can still be fragile (browser update etc.) which would cause data loss and require reauth.

Usually fingerprint plays a supporting role for example when you do those “click here” captchas that’s actually just giving the browser time to fingerprint you and evaluate your trust to decide whether to give you a full captcha or let you through. So fingerprint is always there in tbe background these days tho mostly for security and ad tracking.

As for court cases and things like GDPR - the officials are still sleeping on this and obviously nobody wants to talk about it because it’s super complex and really effective and effects soo many systems that are not ad tech.

Yeah unfortunately disabling JS is not viable option tho onion websites are perfectly functional without JS and it just shows how unnecessarily JS had been expanded without regard for safety but theres no stopping the web.

I do it as a security measure for private institutions and everyone involved has signed contracts. It’s not on the public web.

The first point is flawed and even TOR doesn’t execute javascript because it’s impossible to catch everything when you give the server full code running capabilities.

The second point is more plausible but there’s an incredible amount of work to do to fix this. Like, needing to rework browser engines from ground up and removing all of the legacy cruft. Brave is not capable of this and never will be no matter what they advertise because it doesn’t have it’s own engine.

That being said, these tools will get you quite far against commercial fingerprint products especially ones used for Ads but that will also ruin your browser experience as now you’re just solving captchas everywhere 🫠

No. Anything that executes Javascript will be fingerprinted.

That being said it depends who are you fighting. For common commercial tools like Cloudflare fingerprinter it might work to some extent but if you want to safeguard against more sophisticated fingerprinting then TOR and no JS is the only way to combat this.

The issue is that browsers are so incredibly complex that it’s impossible to patch everything and you’ll just end up getting infinite captchas and break your browsing experience.

This has been the case for years. I develop fingerprinting services so AMA but it’s basically a long lost battle and browser are beyond the point of saving without a major resolution taking place.

The only way to resist effective fingerprint is to disable Javascript in its entirity and use a shared connection pool like wireguard VPN or TOR. Period. Nothing else works.

Let me explain my point of view - it’s not about giving money to Google but showing the business that there’s a viable monetization strategy that isn’t locking down content or fighting ad blockers.

Let’s say there is no Youtube premium and everyone has an adblocker then google has no choice but to fight ad blocking harder or lock down the content because Youtube starts to bleed money. Now some lazy people pay for Premium and we have this little golden mean where everyone can kinda use the platform kinda freely which is a pretty good compromise if you ask me.

I know all the tools but I’d rather support Youtube which has ben an incredible service for me and I think it’s a net good for the society so it should remain sustainable.

Tbh YT premium is well worth the asking price though I wish it subsidized the free experience as that’s much more important for the platform.

The TSLA crash going to be glorious, can’t wait.

Chinese infrastructure developing is truly impressive. I guess that’s one benefit of being in an imperial dictatorship.

Even if you ignore the politics it’s just a terrible car that is way too expensive. I’m honestly surprised it sold any units at all but I guess people just like vanity toys.