As the title says. Im trying to migrate towards privacy based choices all around. A VPN has been tough, I cant access some websites and i dont think i could convince my wife to adopt using it. I still use it anyway.
- 16 days
A VPN will protect you from your ISP, your router, or any public network you connect to knowing which specific domains you go to. (HTTPS protects the rest, so without a VPN they might be able to see you visit
socialmedia.combut notsocialmedia.com/thisspecificperson/thisspecificpost, and with a VPN, all of your traffic would just look likeyour computer > VPN company)A VPN won’t protect you from the places you visit online fingerprinting you with anything other than your IP address. If a site can see your screen size, installed extensions and fonts, what graphics capabilities your computer has, the username of your account, your typing style, browser version and type, etc, it’s not gonna be hard to figure out that you’re the same person whether or not your VPN is on.
Use a VPN if you don’t trust your current network, or your internet service provider to not log what domains you go to. (or to circumvent region-blocked content by connecting to a server in that region) Don’t use a VPN if that doesn’t matter to you. Everything else about your privacy will likely remain identical otherwise.
- 16 days
There’s no way to “block” it, as it’s components that are inherent to how the web works. If you have a screen, it has a size, and if you go to a website, it can tell what size it is, for example. However, you can obfuscate or normalize some things.
Your best bet would be using something like the Tor browser (or Mullvad browser if you also use Mullvad VPN and don’t want to deal with all the baggage the Tor network has), since it can limit your screen size so EVERYONE using the Tor browser has the exact same size “screen” to any website you visit, thus eliminating that as a data point, and all the Tor browsers are also running the same browser engine, going through the same overall network, etc:
https://support.torproject.org/tor-browser/features/fingerprinting-protections/
But at the end of the day, there’s no way to reliably block all of it. The internet just relies on a lot of different things, and even a couple consistent data points can identify you. Hell, even using a VPN identifies you as “person using a VPN” vs just “person using the internet without a VPN”, which is one more data point that could be correlated with the others.
- 15 days
A “new internet” wouldn’t really fix this.
For example, if a site wants to display a page, it NEEDS to know how wide your screen is, otherwise the page will just look fucked up because everything will either be so wide it’s past your screen’s width, or so short it’s a narrow bar in the middle.
Same goes for if a site wants to display certain rendered content. It can’t do that without using some form of rendering engine like WebGL (and a “new internet” would still need some kind of engine to have that kind of rendered elements, even if it wasn’t WebGL specifically). Your exact, specific hardware, current program utilization, and minute differences in power usage will ALWAYS produce some form of unique fingerprint. You can use extensions like CanvasBlocker to help with this, but it’s not a guarantee and will break some rendering functionality. Then, the fact your browser blocks these functions is another data point that could track you. The lack of something is just as identifiable as having something as a data point.
Essentially, you can’t have the features of the web without also making it known to a site that your browser supports (or actively doesn’t support) those features. Even a “new internet” or entirely different set of browser and web frameworks wouldn’t remove fingerprinting, it would just mean fingerprinting is done by whatever new methods now exist.
Even if you as a person simply type a given way, you can be identified by your typing styles. For example, I tend to use both “simply” and “for example” a lot more than other people, as you literally just saw. If you tend to use the internet around a given time, your time zone can be inferred. Unless you want technology that fully rewrites everything you say in a standard, robotic tone 100% of the time, and also delays some of your web requests by 12 hours to throw off time fingerprinting, you can’t avoid that.
Try https://coveryourtracks.eff.org/ and it’ll give you a good sense of how many different things could fingerprint you. If you want to block ads, a site can know you block them. If you want to stay logged into ANY website after you close a tab, it’ll know you save cookies, etc.
As someone else mentioned, legal protections are best here, as the largest actors that use these fingerprinting techniques are usually corporate, legally registered entities that run ad networks, and if fingerprinting as a concept can’t be “blocked”, then people’s legal right to do so is your next best option.
- minorkeys@sh.itjust.worksEnglish14 days
Make the site send everything and the device determine what to use.
- 14 days
It’s a little more complicated than that.
Should every request you make to a site require EVERY single language the site is translated in to be sent? That’s many times more bandwidth, and would make your page load speeds tens of times slower by default. If that’s not possible, then they know your language and likely general region.
Want to stay signed in to a website, or have a site remember your settings? You can’t do that without some form of persistent authentication mechanism like a cookie, which can also be used to fingerprint you. If you don’t want that, you’ll have to sign back in to every single website every single time you open a tab for that site.
A site might send all its contents and let your browser format it without revealing its screen size… but what about if the content necessarily has to be different for different screens? A desktop layout for a site won’t work well on mobile, after all.
What about the times you browse? Unless you want some of your page loads to randomly take extra hours to happen just to obscure your time zone, that’s a data point too.
Oh, also no interactive code that sends data back to a server can run because it could be used to fingerprint your device’s general model, OS, and GPU/CPU hardware. Say goodbye to basically all web-based games, file converters, image editors, video players, etc.
Now add in your mouse and keyboard movements, topics of interest, and any data you voluntarily reveal about yourself on any website.
This is why I say this is more a legal problem for prevention than a technical one. Preventing most of this fingerprinting also necessarily means destroying the functionality of the web.
- minorkeys@sh.itjust.worksEnglish14 days
Of course they will be problems if you expect the exact same experience as now. Why can’t a website send everything? Bandwidth really isn’t so much of an issue and neither is latency these days. If that means a website needs to be built leaner and with less stuff, so be it. I don’t see anything you mention as a real blocker.
amniotic druid@lemmy.worldEnglish
17 daysA VPN prevents your ISP from seeing exactly what websites you’re visiting. Depending on your local laws and censorships, this can be either the difference in a jail sentence or a letter saying “don’t download Green Day America Idiot again >:(”
A VPN doesn’t prevent digital fingerprinting, user accounts/profiles from being created, or dark tracking. It’s entirely possible to be identified even with a VPN; you can’t eat your cake and have it too.
Tl;dr you should really consider your VPN as just a shield from your ISP seeing where you go. It’s not a one-click solution to anonymity, it’s just one layer of many in a good opsec solution
- 17 days
A VPN is kind of like sending a letter through the post office using someone else’s address. Like if you put the grocery store’s address on it and then stuck it in with their outgoing mail.
It gets your letter there and the post office doesn’t know your actual address, they think it came from the grocery store. Likewise, the person receiving your letter thinks it came from the grocery store too.
And the VPN handles it in reverse by taking a letter from that person and even though it gets to the grocery store, it gets delivered directly to you and no one else except you and the grocery store know that’s not actually your real address.
For privacy, this is great at protecting you from websites you don’t want knowing your real IP address which can reveal things like your exact location in the world, say Facebook. You want to use Facebook to talk to granny but you don’t want Facebook knowing your real public IP.
Some people also use them for tricking websites into thinking they are elsewhere. When you subscribe to a VPN service, they often show you different servers around the world and you can choose to appear like you’re in the UK even though you’re in the US. A site like Netflix may show Rick and Morty only to UK residents so you use a VPN to trick them into showing you shows like that.


