2019-12-09 - Browser fingerprinting
-------------------------------------------------------------------
So after my last post i've been reading a bit more on browser
fingerprinting. And currently the conclusion is; Woah, the tracking
possibilies are even worse than i imagined them to be.

I've enjoyed playing around with the sites browserleaks.com and
amiunique.org.

Over here, i learn that with Javascript enabled, it is possible to
read battery status information through the battery api. I mean...
COME ON!! Why on earth???

https://www.w3.org/TR/battery-status/

The reason appears to be that it is handy for mobile uses and "app"
developers whose apps are simply wrappers around webpages. And yes,
for that use-case it is probably handy.... But it also messes up
peoples privacy majorly.  As written earlier, i don't want to
provide this type of information when browsing on the www.

Besides battery life, with Font fingerprinting, specifics on my
installed fonts and the way they are rendered locally can be
measured in detail. Giving a very device specific fingerprint.

Using the Canvas fingerprinting allows for the creation of a unique
hash based on how your specific device's graphic card and driver
plots pixels.

With JS a whole bunch of browser features can be polled. For
example to see if my browser supports a certain css feature (for
example box-shadow or flexbox). The browserleaks site shows a nice
example how a unique hash can be built based on this information.

In addition, with JS, my browser leaks information about my
installed plug-ins, and through WebRTC information on my media
devices (camera, microphone). It spills information on supported
webGL specifics (again giving more information on my video card)


So all in all, the conclusion is; You WILL leave unique
fingerprints when browsing the worldwide web with a modern browser.
(Even when disabling Javascript altogether, because you will become
a fairly unique little snowflake if you do that)

In addition to this: You WILL be tracked. And honestly that sucks.

I do not understand why browser builders are the frontrunners to
add all these nonsense features (like the battery life api, or
geolocation, usb-access, or file-system api's), while at the same
time they stumble over eachother to brag how their browsers are the
best for maintaining privacy....

For the www, i'd like to see a no-frills browser which renders
modern html, where all this poll-back telemetry nonsense is
removed completely. So where the browser simply sends a very
minimal http request, and the server returns a reply...

Anyway, digging through all this nonsense, makes me appreciate
Gopher more and more :)