This has been the case for years. I develop fingerprinting services so AMA but it’s basically a long lost battle and browser are beyond the point of saving without a major resolution taking place.
The only way to resist effective fingerprint is to disable Javascript in its entirity and use a shared connection pool like wireguard VPN or TOR. Period. Nothing else works.
Wouldn’t selective disabling of JavaScript make fingerprinting easier? Your block and white list are likely to be unique.
Disabling JavaScript entirely is another data point for fingerprinting. Only a tiny fraction of users do it.
Besides, without JavaScript most websites are not functional anymore. Those that are are likely not tracking you much in the first place.
I disable JS with noscript.net and it really is an enormous pain. It has some security advantages, like I don’t get ambushed so easily by an unfamiliar site and pop ups. I often will just skip a site if it seems too needy
This is what I’ve been saying for months in the reddit privacy sub and to people IRL. Some people seem perfectly happy to just block ads so they don’t see the tracking. Literal ignorance is bliss. Most simply don’t have time or wherewithal to do the minimal work it takes to enjoy relative “privacy” online.
FWIW, any VPN where you can switch locations should do the job since the exit node IPs ought to get re-used. My practice is to give BigG a vanilla treat because my spouse hasn’t DeGoogled, and leave anything attached to our real names with location A. Then a whole second non-IRL-name set of accounts usually with location B with NoScript and Chameleon. Then anything else locations C, D, E, etc.
Ugh… This all sucks.
So… how effective is it? The fingerprinting. I’m guessing there are studies? Also don’t know whether there’s been legal precedent, ie whether fingerprinting has been recognized as valid means of user identification in a court case.
It’s super effective but there are very few real use cases for it outside of security and ad tracking. For example you can’t replace cookies with it because while good fingerprint is unique it can still be fragile (browser update etc.) which would cause data loss and require reauth.
Usually fingerprint plays a supporting role for example when you do those “click here” captchas that’s actually just giving the browser time to fingerprint you and evaluate your trust to decide whether to give you a full captcha or let you through. So fingerprint is always there in tbe background these days tho mostly for security and ad tracking.
As for court cases and things like GDPR - the officials are still sleeping on this and obviously nobody wants to talk about it because it’s super complex and really effective and effects soo many systems that are not ad tech.
Usually fingerprint plays a supporting role for example when you do those “click here” captchas that’s actually just giving the browser time to fingerprint you and evaluate your trust to decide whether to give you a full captcha or let you through. So fingerprint is always there in tbe background these days tho mostly for security and ad tracking.
I’ve been wondering about those “click here” captchas and their purpose 🤔
