undefined | Better HN

0 pointskuschku3y ago0 comments

Not if you disable JS, cause the website then can't see any of these customizations.

0 comments

Except that disabling JavaScript is an anomaly all on its own. The dozens of users running without JavaScript might not be individually fingerprint able but it's still a small enough cohort that I don't know how much I'd lean on that. Figure in the user agent string and it's probably unique enough a subgroup to sell ads to.

zagrebian3y ago

> it's probably unique enough a subgroup to sell ads to

I have been browsing with JavaScript disabled by default for the past 6 months. Based on my experience, no-JavaScript ads are rarer than four-leaf clover.

Throwaway628843y ago

More common than you think

https://amiunique.org/fpnojs

nerdponx3y ago

Probably not a representative sample though.

bawolff3y ago

Also that cuts down the group so much, i imagine other things that are usually too coarse grained to be useful suddenly become much more useful. E.g. geoip location or accept-language headers.

giancarlostoro3y ago

> Figure in the user agent string and it's probably unique enough a subgroup to sell ads to.

But if you never see ads how do you sell ads to them and how do you meaningfully discover enough about the person to feed them valuable ads?

GoblinSlayer3y ago

But ads don't work without javascript.

sour-taste3y ago

Having JS off probably puts you in the < .1% of users bucket. Unless you additionally are: * Routinely moving between IPs * Modifying your headers to avoid giving away info (user agent, etc) * Defeating all the other non-JS things that fingerprinters probably look for

then you are not safe by just turning off JS.

account423y ago

Being in a 0.1% bucket is only ~10 bits of information - much less than what can be gathered with JS on.

And of course its not enough, but the situation is even more hopeless with JS on.

reaperducer3y ago

Not if you disable JS, cause the website then can't see any of these customizations.

That's adorable. I guess you're not old enough to remember when we used to track people with things like invisible pixels. Or todays equivalent: testing CSS parameters.

Neither require JavaScript, and there are a hundred other non-JavaScript methods.

kuschkuOP3y ago

With that method, you won't be able to distinguish between the many different devices using the same browser at same resolution behind one IP.

In the era of CGNAT that means you now only know which city I'm from and whether I use Chrome or Firefox. People mostly use browsers in maximized and resolutions are relatively standardized nowadays.

Compared to the data you get from canvas and webgl, that's much less unique.

psychlops3y ago

Hah! I used to embed invisible pixels for our marketing department decades ago.

dylan6043y ago

This should automatically qualify one to lose their internet privileges. Not just the fact that you did it, but your cavalier attitude towards it with the lack of regret for having done it

1 more reply

withinboredom3y ago

It’s fun to put Easter eggs for people like you. https://once.getswytch.com

chrismorgan3y ago

I have no idea what you’re talking about. That URL only tries to load one piece of JavaScript, htmx, and all it does is unbreak the mobile navigation.

(Aside: this mobile navigation is, incidentally, the worst implementation I have ever encountered: instead of twiddling some classes or such, which would happen instantly, it makes an HTTP request that responds with the new navbar. For me, this means at least half a second’s latency on clicking the button, more if time has passed so that the HTTP connection is no longer open (1.5–2 seconds). It also fails the no-JS test, as the unintercepted form-submit just serves the page with the closed mobile navbar again, not switching out the navbar as I expected it might, and which would have been enough to avoid an unconditional “worst implementation” award. Sorry if you made this and it hurts your feelings, but… ugh, this is just a baffling misapplication of hx-post and naive Tailwind use, and just unconditionally a bad approach.)

Edit: better link which shows what I suppose you probably meant: https://once.getswytch.com/app

withinboredom3y ago

Haha. Yeah, it is pretty terrible and I made it.

It’s mostly a tech demo, so the things it does are intentionally weird/strange.

Dah00n3y ago

You are easily tracked without JS. It is much easier than tracking a default settings browser.

d-z-m3y ago

> It is much easier than tracking a default settings browser.

Not true. Especially if you mean a default browser with Canvas/WebRTC APIs enabled.

It is much more difficult for fingerprinting companies to get a high entropy fingerprint from a no-JS user.

anthk3y ago

Good luck with Lynx/Dillo with a fake UA.

j / k navigate · click thread line to collapse

0 comments

zamnos3y ago

zagrebian3y ago

> it's probably unique enough a subgroup to sell ads to

I have been browsing with JavaScript disabled by default for the past 6 months. Based on my experience, no-JavaScript ads are rarer than four-leaf clover.

Throwaway628843y ago

More common than you think

https://amiunique.org/fpnojs

nerdponx3y ago

Probably not a representative sample though.

bawolff3y ago

Also that cuts down the group so much, i imagine other things that are usually too coarse grained to be useful suddenly become much more useful. E.g. geoip location or accept-language headers.

giancarlostoro3y ago

> Figure in the user agent string and it's probably unique enough a subgroup to sell ads to.

But if you never see ads how do you sell ads to them and how do you meaningfully discover enough about the person to feed them valuable ads?

GoblinSlayer3y ago

But ads don't work without javascript.

sour-taste3y ago

then you are not safe by just turning off JS.

account423y ago

Being in a 0.1% bucket is only ~10 bits of information - much less than what can be gathered with JS on.

And of course its not enough, but the situation is even more hopeless with JS on.

reaperducer3y ago

Not if you disable JS, cause the website then can't see any of these customizations.

That's adorable. I guess you're not old enough to remember when we used to track people with things like invisible pixels. Or todays equivalent: testing CSS parameters.

Neither require JavaScript, and there are a hundred other non-JavaScript methods.

kuschkuOP3y ago

With that method, you won't be able to distinguish between the many different devices using the same browser at same resolution behind one IP.

In the era of CGNAT that means you now only know which city I'm from and whether I use Chrome or Firefox. People mostly use browsers in maximized and resolutions are relatively standardized nowadays.

Compared to the data you get from canvas and webgl, that's much less unique.

psychlops3y ago

Hah! I used to embed invisible pixels for our marketing department decades ago.

dylan6043y ago

This should automatically qualify one to lose their internet privileges. Not just the fact that you did it, but your cavalier attitude towards it with the lack of regret for having done it

1 more reply

withinboredom3y ago

It’s fun to put Easter eggs for people like you. https://once.getswytch.com

chrismorgan3y ago

I have no idea what you’re talking about. That URL only tries to load one piece of JavaScript, htmx, and all it does is unbreak the mobile navigation.

Edit: better link which shows what I suppose you probably meant: https://once.getswytch.com/app

withinboredom3y ago

Haha. Yeah, it is pretty terrible and I made it.

It’s mostly a tech demo, so the things it does are intentionally weird/strange.

Dah00n3y ago

You are easily tracked without JS. It is much easier than tracking a default settings browser.

d-z-m3y ago

> It is much easier than tracking a default settings browser.

Not true. Especially if you mean a default browser with Canvas/WebRTC APIs enabled.

It is much more difficult for fingerprinting companies to get a high entropy fingerprint from a no-JS user.

anthk3y ago

Good luck with Lynx/Dillo with a fake UA.

j / k navigate · click thread line to collapse