A web page that shows you everything the browser told it
(sinceyouarrived.world)
☆ Yσɠƚԋσʂ ☆
PrivacyVibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
"We know your IP address". No kidding, that's how IPv4 works, even if the browser wasn't ~~leaking~~ offering it.
The point is not that they know your IP, but that even your IP already gives away information. That's why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
Time to start installing and uninstalling random fonts everyday.
And then you become even more identifiable cause you're part of the 10 madmen in Google's database who do it
In reality hes the only madmen but switches IPs in between
Your screen is 360 by 640 pixels, rendered at 4x density — which means it is almost certainly a recent, high-end display
GUESS AGAIN, IDIOTS!
Your finger moved 899 times.. what????
It seems to count a swipe as a series of dozens of movements. Probably to show there's a clear fingerprint even in how exactly you move your finger.
Websites don't just get a "swipe" command. They know exactly where your finger is on the screen at any given moment.
What other tabs were open? 👀
Well too bad!
🗿
the data is still there tho
Can't trust vibecoded website tbh cause they're just saying BS there, as longest the javascripts off, it wouldn't be able to obtain the obvious data of your devices
That is not true, a lot of it is sent willingly by your browser.
And they could display it if the website was well done
If you're referring to browser user agent, then yes it's trackable but other than that it is useless with no JS cause it can't access timezone, browser plugin, screen size, font or webgl rendering fingerprints.
Also I don't use "most browser" like chrome, I mostly use firefox focus or safari for my iPhone running lockdown mode; also librewolf in my personal computer.
Whoops, I dunno why it's formatted weirdly
Because it's AI-slopped.
Well then I am glad that it got most of it wrong. I don't even put thaat much emphasis on fingerprinting countermeasures. Apparently, using Firefox in a private tab is enough.
Well they tried
Yeah that was the one part they were way off on for me
Great news. My VPN is working!
I'm not even on VPN and I was located half a country away in Europe
And yet here they are showing me their webpage in darkmode 😒
all trackers hate this one trick
Unironically a solid way to block a lot of tracking. Although they can still fingerprint you I think.
Nothing makes you more unique than being one of the few people who disable java script
Only a handful of data points surfaces by this website come from JS APIs, most are either header-based or some other browser behaviour that is independent from JS
I’m honestly not impressed. Basic IP address that didn’t really provide an accurate location, plus the (no shit sherlock) state and country it was in. Told me it was ios, a browser, and that I’d turned a bunch of stuff off.
That’s it.
I'm glad it acknowledges explains the impacts of anti-fingerprinting measures. I've seen some others assume that a random canvas is unique rather than one of the many people randomising it the same way, leading to a false "unique" assessment.
Your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work. The substitution is itself distinctive.
Your browser masked your graphics processor. Firefox and Safari have started returning generic strings — "Mozilla", "Apple", "or similar" — instead of the real renderer. The fact that yours did so tells us, with reasonable confidence, which browser you are running. The mask is also a fingerprint.
I like that they covered all the possibilities for the do not track flag, as I saw it as useless from the very start, as by then I realized the honour system didn't mean shit and it would just be another piece of data.
I definitely have misleading information on there, which is great, but I probably need more.
Does it matter for fingerprinting if the information is misleading? Unless it’s changing dynamically I guess it’s still helps in identifying a user
This ones my fave: https://amiunique.org/fingerprint
It shows the percentages of people who use your same browser features (called similarity ratios), and can determine whether you're unique in their dataset. Can help for tweaking browser settings to try to make yourself not unique.
I am unique cause I set language to EN-GB :D I guess their dataset is us centric
My Mum always said I was unique.
Now I have proof!
Just being in Australia, and setting the timezone correctly gets you to below 0.6%
😒
Is there no add on, for Firefox, for example, to stop or confuse fingerprinting?
Any suggestions?
For Android.
dang, even with vanadium on graphene i am very uniquely identified. I suppose it can't be helped these days.
i used to think that firefox on linux and as plain-jane-generic as you could get besides windows; but no, i'm ultra unique:
Yes! You are unique among the 5084762 fingerprints in our entire dataset.
Somehow safari on an iPhone is also unique.
Check next week or in a new private tab now, prob be unique then too—think Apple’s fuzzing/reporting some noise/junk data for us.
Canvas:
& WebGL:
gotta be noisy, here’s hoping!
Look at my epic WebGL render:
TIL LibreWolf randomizes some fingerprinting targets.
Yes and it will appear unique every time because every visit is using a different combination.
You'll be unique be less trackable.
that's pretty comprehensive, and similarity ratios show how easy it is to create a unique fingerprint for somebody if you hash a few of these metrics together for example.
Yay, I'm completely unique! I won!
Wait a minute
Attribute number 1 already says 0%. We're done here.
They basically asked for your name, birth date, and mother's maiden name, and your browser just gave it to them and offered even more.
The percentage of, normally, privacy-aware people
I found it interesting that it knows my battery level and current orientation of the phone.
It got my phone's orientation wrong
Same tbh
I can understand the latter since it might want to render differently, but why does it need to know the battery level?
So that Uber will charge you a higher rate when the battery is low
I don't even know it it's /s anymore
Potentially to activate battery-saving features? Like AMOLED-black mode if your battery is <15 % or something (and your screen is AMOLED)
Shouldn't that be the provenance of the device itself though. My phone already allows me to set a threshold when it should go to night mode for example. The system can tell the browser to switch rendering to night mode. There's no real reason for the browser then to report to the site.
On Firefox android both the battery level and graphics card information were not available. But it was described as another data point regardless.
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
So uh... By using fennec and sometimes a VPN. Am I making myself more unique and fingerprint able?
Should I be using something that sends randomised bogus data instead?
Here I thought I was private but some of these 1% figures makes it look like I'm very unique and easily tracked.
Should I be using something that sends randomised bogus data instead?
Mine is sending that my primary language is English, but that I know other languages (I don't), but it'd be nice to have a tool messes with them more.
Welp, my user agent switcher is successfully purporting to be a different operating system.
Funny how websites can read the gyroscope. It can also be used as a microphone. https://crypto.stanford.edu/gyrophone/
Madness! This entire shit show should incur a stalking charge. It’s disgusting this is even allowed.
It sounds like an Android/Google issue. The website told me that it could not read my gyroscope because I’m on iOS and Apple has not allowed websites to read it since 2019.
Opend it in Tor Browser inside a Whonix dispVM inside Qubes OS it got nothing on me
I tried it with Tor browser on a standard OS, hoping I'd get a similar result to what you got using Tor on Whonix, etc. It fed me a line about how my information was still shared but because javascript is turned off, it can't tell me what that information is. More like it won't tell me, because amiunique.org and other sites like this do so just fine. I know I can turn js on and reload, but part of the point would be to see the difference in info shared with it on vs off but this place can't test that.
Your device carries these typefaces, of the seventeen commonly probed by fingerprinting checks. The specific combination of fonts on your device is nearly unique — like a fingerprint made of letters
What the fuck why is my browser telling random websites what fonts I have installed? Shouldn't that be completely irrelevant to everyone except me and my particular device?
It should be, yes. But browsers like Chrome are literally made by the company that stands to profit from fingerprinting you, so they're always going to be made to make it easy to do just that. Firefox at least has “resist fingerprinting” option which apparently can limit font visibility to only base system fonts rather than fonts you installed and language-pack fonts. LibreWolf has this on out of the box.
Thats part of how you’re fingerprinted.
So it can know which fonts it can use and your device would be able to display them?
Why doesn't it just let the site display whatever it wants and let me worry about the issue of whether they display properly
The site could also be set to display whatever font it wants but also set to list standard fonts that also work which the browser can then choose from on the user's end if the user doesn't have the first choice font. That way you the user don't have to worry about it and there is no way to fingerprint by the browser just handing out an entire list of fonts installed on the user's system. There are plenty of ways to make things like this work, but the incentive is to keep them as they are or to increase uniqueness so people can be more easily fingerprinted.
Really interesting and slightly scary, thanks for sharing!
Well. That's horrifying. Thanks, I guess.
I prefer https://www.deviceinfo.me/
I get a blank page?
Interesting that this one doesn't detect my battery (says it's blocked) but the one OP posted can see it
It seems to be based on how the website is interpreting the browser. I got mine correct but with the battery mentions Firefox and a removed API. I wasn’t using Firefox.
iOS and the browser I use block a lot of stuff from being visible, interesting!
which means it is almost certainly a recent, high-end display
lolno
Both recent and high end are rather flexable terms, open wide to interpretation.
So it doesn't mean anything and only sounds scawwy, cool.
So a prettier and minimal version of https://coveryourtracks.eff.org/ ?
Kinda like they feed Cover Your Tracks to an LLM’s template so you can experience the data in narrative form
(No LLM used when you visit the site, just when they built it, is what I’m guessing here)
why would my browser share a list of fonts?
so the site knows what it can render
I don't anything about web development, so I assumed websites told browsers: 'Hey type this text in X font.' If the machine didn't have that font the browser would fall back to another font.
Further, why are the fonts unique? Why doesn’t every phone of the same model with the same languages have the same fonts enabled?
Interesting, I wonder how unique the fingerprinting is though, they don't give you any specific stats.
Is it really possible to identify me with like 1/100 precision for example, if you don't have my real IP, real country, no trackers, and all you have is a list of fonts, my graphics card, and the browser info?
That's the magic of fingerprinting. They don't need what we would consider are the "real" signals like IP address anymore.
They can create a composite value based on boring stuff like the things you mentioned, plus a few others. They can pull fun stuff like the details of your TLS handshake OS, browser, versions of various plugins/addons, etc. Given 20+ signals they can fingerprint you pretty well. They store it and just profile you, follow you around.
VPNs, privacy addons are just more signals to use to fingerprint you. You stand out even more when you try to hide. It's been this way for a while now.
Is there any way to browse the web without being fingerprinted, short of literally using a separate computer
Really?
No.
It's been this way for a while. At best, you can use some techniques to provide plausible deniability from a legal perspective.
Not that laws matter anymore.
The best you can do is try to blend in.
I don't understand why this should be inherently impossible. If you buy a separate device, and use that exclusively for one thing and do not cross-contaminate, that should work to avoid fingerprinting right? And this is all information that your computer is voluntarily providing, and is I assume possible to change independently from the hardware. So why not?
The way and what you type, how you move your mouse, when you browse…
Think we can make things more difficult, but just assume tracked everywhere. Won’t know about browser privacy 0days either for who knows how long.
Some stuff has to be reported accurately for stuff to work well, like screen size. Other stuff can be and is faked, even by Apple out of the box I’m pretty sure.
Not my area of expertise :)
Some stuff has to be reported accurately for stuff to work well, like screen size
Ah yes, CSS, the famously serverside technology
CDNs serve different sizes accordingly I thought? Sometimes. Deliver pages faster without noticeable image compression. Don’t some large sites do this all the time? Based on viewport size
Yeah, I kinda wish the site generated a hash or something because I've got an extension that fakes the canvas results, but the site says those identifiers are unique for me... But are they the same unique (which indicates the extension isn't doing anything) or different each time (which might even make the others less useful if it aggregates everything?
I did notice earlier today that the YouTube recommendations were all actually related to the video I was currently watching instead of it trying to get me to go down a rabbit hole I've already been down even logged out, like it does on my desktop where I haven't installed that extension.
it didnt catch much stuff and a lot was wrong lol
Yeah it had 21 data points on me, and all of them except for "Browser Language: English" were incorrect. Which I guess means my setup is doing okay lol.
Doesn't matter if it is incorrect if it is always incorrect in the same way.
switch timezone to same as yours but different country, use vpn, obfuscate fonts in browser,obfuscate language used, only gpu is exposed unavoidably
Mine said gpu was hidden, Firefox mobile
It got my GPU completely wrong tho, it showed it was many generations older than it really is.
~~Quite fear mongering and not very educative. Throws around a lot of terms whose meanings are not explained, nor are there links to further descriptions. This doesn't help people who need to know about this stuff. If you already know about this stuff, it doesn't really add any value.~~
There are links and more info when you get to the bottom, you can click on sources. It gives you info and what to do about it, with links to sites like EFF.
Well, don't I have egg on my face.
Scary
The browser knows and shares way more than this... One of the worst offenders is the list of installed fonts. Pretty sure I stick out so hard just on that.
List of fonts is in there.
The only thing in there I find surprising is the battery info. I'm not sure what legitimate use a website would have for that one. And perhaps that the gyro isn't behind a permission. There's pages that use it for 360 video for example, but you should have to allow that one.
Your IP address is a fundamental part of communication over the Internet, obviously the servers you speak to are going to need to know where to send their replies. There are ways to mask that ofc; proxies, vpns, etc.
Timezone+Language are needed for localization.
Display information and preferences, to render things correctly/as desired. Desktop web pages look like crap on a mobile display (and what type of mobile? Tablet, or phone?), plus they can't (well, shouldn't) show things in darkMode unless you tell them that's what you want...
Cookies: it does say 0mb stored by others for me, but that's not entirely true. Sites are typically given independent storage so they can't read eachothers cookies, but they can work together to have one site read its own cookies and pass that on to the site you're currently visiting, on request, all embedded in the original page you were viewing. Just because they can't read eachothers storage directly doesn't necessarily mean thay can't get the data. 10gb per site seems like an absurdly high limit for this though. You could store whole movies in that space.
Visibility is one I've known but never really liked. The only 'legitimate' use for that I've seen is pausing media when it leaves your screen (or waiting to start media until its entered view), but half the time that's undesirable anyway. Why should a site know if, when, and how long I've looked at a particular portion of the page?
re: visibility Some sites have heavy visual effects that are paused when you tab out, which is a good use of the feature.
Ty for sharing
Wildly inaccurate for me.
Very well done site!
Site feels very LLM generated - in particular the writing just feels off
I scrolled “103% of the way down”
I had scrolled 32% when I reached the end.
Could you explain why it would be in any way relevant if that was the case?
I'm interested in the people that make the stuff I consume. When I read something or enjoy a piece of art, much of the enjoyment is imagining why the artist made the decisions they did. If it was made by AI, the answer is much less interesting.
This is not a piece of art, it's a piece of educational material showing people what information websites collect about them. But it's also fascinating how you could enjoy something if you didn't know how it was produced, and then the act of knowing would remove the enjoyment you were deriving from it.
it's also fascinating how you could enjoy something if you didn't know how it was produced, and then the act of knowing would remove the enjoyment you were deriving from it.
Would you feel differently about, say a book you read and somewhat enjoyed if you later learned it was written by a fascist? It sure would make a difference to me. Have you never consumed any sort of media that you later felt was tainted by who created it, or used a product that you later decided not to use again after learning how it was produced? There's even a colloquialism referring to this very thing, about "knowing how the sausage is made."
knowing how the sausage is made."
I'll still eat that slop
Sure, because it would be tainted by another individual with goals and intentions different from my own. Being upset that something was made using a particular tool is quite different from that. Also, do you get upset looking at a beautiful sunset just because no human designed it intentionally?
I was taking the statement about what you found "fascinating" in isolation because it was phrased as such. You were surprised that the other commenter could find enjoyment in "something" not knowing how it was produced then feel less enjoyment after learning more. That is a silly thing to be "fascinated" by because it is something that the vast majority of us are keenly familiar with. But because that commenter has qualms about AI which you don't, you suddenly can't understand how later information about something can alter one's enjoyment of it? It's an absurd thing to say. As is your sunset question. I don't get upset looking at most AI slop either, but I absolutely do place it in a different category than either a natural phenomenon or something I know was made by human expression and if you can't understand or recognize that difference, I don't know that anything I could say could help you with that.
Last I checked, LLMs have no will or agency of their own. Literally everything they produce is an artifact of a human expressing themselves. The argument is regarding how much effort a human is expected to put in and what tools they use to express themselves. Apparently, when a certain arbitrary threshold is reached, then it's no longer human responsible for producing something.
If intelligently designed sunsets were an option, I'd probably like those more. You raise a good point, we might just like all these "natural beauties" because we haven't anything else.
Or perhaps the beauty is in the eye of the beholder. We are able to appreciate things that look interesting without them having been designed, and they can trigger emotions and ideas within our own minds that are meaningful to us. Even with human created artifacts, we do not know what the artist was thinking vast majority of the time, or what they were actually trying to convey. We interpret the work using our own thoughts and experience. So, even with the most meticulously human generated art, it is the viewer projecting their own meaning onto it.
The enjoyment includes the feeling of reaching out to another person's mind. Finding out there is no mind is like expecting stairs where there are none and stepping into emptiness.
That's just complete misunderstanding of how people use these tools. The intention still comes from somebody's mind. Somebody had an idea and they used the tool to execute it.
They're the client, not the artist. There is no artist and no artist's mind to connect to.
In the same way a photographer is a client of the camera.
AI generated is just a stand in for hollow & over-dramatized here. Probably I could enjoy AI generated content if it wasn't shit. The claims on the site reminiscent of 14y/o skids trying to scare each other: "uhhh I got your IP I will hack you now!1!1", except now you have access to some chatbot subscription to make it sound like it's a big deal.
It is a big deal how much the browser shares about you without people realizing. No one thinks about these things.
If you use a VPN on Spain you might think you're safe but then your timezone is saying you're in Ireland. You thought you were fooling them buy you really aren't. You can't outsmart fingerprint and I wish people made a bigger deal about this so actual solutions get implemented.
Sites like these raise awareness which is quite important.
So, just say that. You think site is hollow and over dramaticized.
because if you lack the ability to discern whether or not something is actual useful feedback or hallucinated AI garbage then it's worthless
"knowing" something wrong is arguably worse than not knowing anything at all
Oh boy, if you think humans are never wrong and trust human generated content implicitly, prepare to be surprised.
https://piefed.social/c/fuck_ai/p/2042849/i-ve-finally-understood-what-my-beef-with-ai-is
I came across this post the other day, and this person has put into words what I have simply failed to.
In short; AI makes the world feel empty and hollow. Many people enjoy the process behind the things we create or encounter, even if it wasn't us to go through that process. Replacing it with AI removes the human touch/connection that made that thing interesting. I don't want to know about the faceless algorithm that spat out what I'm seeing; I want to know about the person that created this and their experiences that brought them here.
I mean that's fine, but plenty of things in our modern life are mass produced, and utilitarian. Everything doesn't need to be art. For example, I don't need my toothbrush to be crafted by an artisan, nor do I care if a website that shows stats collected by the browser was artisanally coded or not.
I'm actually going to make a separate point from my other comment:
Art is a matter of perspective.
Maybe you don't care about how your toothbrush was designed; but someone somewhere sat down and made decisions about how to best shape it, what materials to use, what kind/how many/what thickness of bristles, how to color it, etc. Those were decisions made from experiences that person had which they chose to factor into their designs.
Someone else out there is interested in what led to those design choices, perhaps to design their own with improvements or changes, perhaps just out of curiosity. They can't ask an algorithm why it made the choices it did and have a discussion about the details; but they could with a person.
What some find disinteresting, others immerse themselves in. AI destroys those opportunities for human connection. Human connection we already struggle to find as a species.
You might not care how this site was created, but some do. The use of an LLM has made it impossible to discuss the choices made, because there weren't any decisions, just an algorithm spitting out letters one after another...
That's just a complete straw man that stems from having utter lack of understanding how people actually use LLMs. Here's one example for you from Terence Tao https://mathstodon.xyz/@tao/115855840223258103
True; however many of the current use cases for AI aren't utilitarian, but are instead forcibly replacing artists while stealing their work to do so. Ontop of this, the infrastructure behind/supporting these tools is destructive and measurably making a significant amount of peoples lives worse.
These factors have jaded people against AI as a whole; as support for AI is seen as support for the destruction and instability it's brought with it.
And the rest of us are just tired of people braying about AI in every single thread. People just have to learn how to deal with their personal issues without spamming about their feelings everywhere. I see far more people screeching about AI than actual AI generated content at this point. These tantrums add absolutely nothing to any discussion, and they're just noise.
"I'm tired of listening to people complain about their or their friends lives being uprooted and my indifference to those problems"
I see far more people screeching about AI than actual AI generated content at this point.
Good, it's working. People are shying away from creating/posting AI content, knowing it's very vocally unwanted.
Not really, people are just tired of your spam.
The website says it uses templates, but they were written by "Matt". Not sure if that's an LLM, but it's at least not using LLMs each time a user visits
Got me to disable sendrefererheader. We'll see if that breaks anything....
Looks like it doesn’t know shit about me. Just that I am on an iPhone and my general location from the IP. Not surprising at all.
Maybe this is more thrilling for android users?
Nothing exceptional here, except it did know I was on an android. Guess its time to change all my passwords lol.
This specific website only shows information that the browser is freely offering. Basically you open the page, and without the website even asking for anything, that's the information it's getting. It's not querying any data points, or trying to tie any of them together. This is just your browser saying "Hi, we just met, so here's a bunch of stuff you may want to know about me."
If they want to know more, they can just ask and the browser will give more information. If there's information the browser doesn't want to share, the website can infer a bunch more information.
Well, it got my internet provider and where I lived wrong and everything else was technical stuff that would make sense for a website to know to serve me a website.
