So there are lots of ways to figure out who people are, and I am sure I dont know all of them, but I bet I know some you dont.
Lets put together a list of known ones. Ill start.
(If we dont get a big list, which we may not, for bonus points add techniques to ease drop/intercept information)
fingerprinting techniques
- browser (duh)
- encrypted network traffic analysis, see mullvad link here https://mullvad.net/en/vpn/daita
- stylometry, https://en.wikipedia.org/wiki/Stylometry
This is a pretty interesting video that shows how using leaked personal data like emails and passwords can be used to track down a specific person even when they’re trying to hide themselves online.
this was great! I hadnt considered leaked passwords. I already use uniques, but damn if this isnt a great reason to. Thanks
I use this website to check my fingerprint. https://browserleaks.com/
It has a bunch - Canvas fingerprinting, font fingerprinting, HTTP/2 fingerprinting and ClientRects fingerprinting
https://developer.mozilla.org/en-US/docs/Glossary/Fingerprinting
https://coveryourtracks.eff.org/
There are plenty of resources for this already.
https://github.com/abrahamjuliot/creepjs
This illustrates lots of techniques and how to implement them.
The most interesting to me is “lie” detection. If your browser attempts to give some false data, like when using the chameleon plugin, there are ways to verify a lot of it with javascript.
But check out the readme for detailed info and try it yourself on the webpage to see what it can gather from your setup. https://abrahamjuliot.github.io/creepjs/
Fonts are a big one and can be a very descriptive fingerprint.
There are applications out there that muddle your installed fonts by making it look like you have a ton of fonts you don’t actually have.
But yes, they can see what fonts you have and can tell your OS and other computers you may have used if you’ve downloaded the same third party fonts for all of them.
If one of those computers was known to be yours at one time, then even if you lock away your identity later on another PC your fonts can give you away.
The CPUID which is hardcoded in to cpu itself
Remember that fingerprinting can be your friend… because it’s much easier to fake an online fingerprint than a real one.
You can generate a unique fingerprint with each online interaction; this means that you will always have a unique identity.
Or, you can ensure you always have the same fingerprint as a large number of other people.
Think of it as the difference between using a different valid loyalty card each time you shop vs using one of the famous numbers that millions of other people are also using.
Of course, in both circumstances, you do give up the benefits of being uniquely identifiable.