Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sorry, I don't actually see in there why randomizing something like a canvas or webaudio fingerprint is a bad idea. I believe they know what they're talking about, but I'd still like to know why.

Notably, to me this isn't necessarily about beating the resistFingerprints setting, because I can't use that setting. For good or for ill, it breaks too much of the web.



>Sorry, I don't actually see in there why randomizing something like a canvas or webaudio fingerprint is a bad idea

Literally the first bullet

>It is trivial to detect RFP and when you change a RFP metric, you lose your "herd immunity"


But that's referring to privacy.resistFingerprinting (RFP), not adding randomness. RFP isn't really an option, at least for me, because it breaks too many sites.


>But that's referring to privacy.resistFingerprinting (RFP), not adding randomness

having a randomized fingerprint is a fingerprint value in and of itself. That may leak more entropy bits if you have a fairly common hardware configuration

Also, regarding webaudio fingerprinting, afaik it's not a real threat.

https://github.com/WebAudio/web-audio-api/pull/2224#discussi...

https://github.com/w3cping/tracking-issues/issues/53#issueco...

>As I said, I can't use RFP, it breaks too many sites.

Weird. I only know a few sites that break with RFP on, and I don't use them frequently.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: