[PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Ben Koenig
techkoenig at protonmail.com
Mon Feb 27 01:00:20 UTC 2023
Discussions regarding the technical implementation of device fingerprinting are perfectly on topic IMO.
The ethical nature of such technology is another subject of debate and is probably better on plug-talk. Conversations like this can split both ways ;)
My somewhat toxic rant largely revolves around the articles blatant misunderstanding of how anonymity works. He made a perfectly sane statement about data collection/aggregatioon and then proceeded to make a completely contradictory claim.
-Ben
------- Original Message -------
On Sunday, February 26th, 2023 at 4:08 PM, Russell Senior <russell at personaltelco.net> wrote:
> Although the idea of browser fingerprinting was not new to me, I did find
> the link to https://panopticlick.eff.org/ interesting and somewhat
> illuminating.
>
> Followups should (?) probably go to plug-talk.
>
> --
> Russell Senior
> russell at personaltelco.net
>
> On Sun, Feb 26, 2023 at 3:42 PM Ted Mittelstaedt tedm at portlandia-it.com
>
> wrote:
>
> > Unfortunately my experience in "technical blog posts" is that most of them
> > are crap, they are put together by people who run scraping software that
> > rips off content from other people's sites then assembles it to try to make
> > money off advertising on their sites.
> >
> > Unless the technical post is part of a forum that has a lot of
> > participation on it to where people with more knowledge/experience can
> > either add to it or refute it, usually it's just not that good.
> >
> > Ted
> >
> > -----Original Message-----
> > From: PLUG [mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of Ben
> > Koenig
> > Sent: Sunday, February 26, 2023 1:19 PM
> > To: Portland Linux/Unix Group plug at lists.pdxlinux.org
> > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor
> > devices?
> >
> > None of this is news. That entire blog post looks like it written to
> > appeal to someone who spent the last 30 years not asking how the internet
> > works then freaking out after realizing what is possible. No joke, I read
> > the following quote from that article and nearly fell out of my chair.
> >
> > "What’s ironic about device fingerprinting is that the more
> > privacy-centered add-ons you install on your browser (e.g. Privacy Badger,
> > Do Not Track Me, Ghostery to name a few) in a bid to protect the remnants
> > of your privacy, the easier it becomes to identify you because of the
> > uniqueness of your browser’s configuration."
> >
> > ROFLMAO. It's so brilliantly stupid that it cannot be refuted by logical
> > means. That whole article is an accurate example of human intelligence
> > after decades of inadvertent lead exposure. Nice.
> >
> > -Ben
> >
> > ------- Original Message -------
> > On Sunday, February 26th, 2023 at 10:21 AM, Ted Mittelstaedt <
> > tedm at portlandia-it.com> wrote:
> >
> > > Why is this even necessary to look at nonsense like the plugins, both
> > > HP, Dell, and Lenovo computers make their motherboard serial numbers
> > > available via BIOS calls and those serial numbers are unique. Hard disks
> > > also have unique serial numbers and of course the LAN MAC addresses and
> > > Bluetooth BD_ADDR are unique. The machine's ARP cache is not protected
> > > either so if they really want to fingerprint they can look at the netmask
> > > in use, setup a loop and ping every IP in the network then pull all the MAC
> > > addresses out of the ARP cache and then if they really want to get clever
> > > they can match the MACs and see if any other machines on the local network
> > > that they have fingerprints for are online.
> > >
> > > The entire hoo-ha over Intel putting serial numbers in it's CPUs a few
> > > years back was complete baloney, a red herring to distract the masses.
> > >
> > > The clearcode article is just barely scraping the surface and what they
> > > say is being collected sounds like amateur hour.
> > >
> > > Ted
> > >
> > > -----Original Message-----
> > > From: PLUG [mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of
> > > Michael Rasmussen
> > > Sent: Saturday, February 25, 2023 10:46 AM
> > > To: Portland Linux/Unix Group plug at pdxlinux.org
> > >
> > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor
> > > devices?
> > >
> > > Fingerprint computes avail themselfs to a variety of items that, taken
> > > together, come close to uniquely identifing your computer.
> > >
> > > From:
> >
> > https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint
> >
> > > They list:
> > >
> > > * IP address
> > > * HTTP request headers
> > > * User agent string
> > > * Installed plugins
> > > * Client time zone
> > > * Information about the client device: screen resolution, touch support,
> > > operating system and language
> > > * Flash data provided by a Flash plugin
> > > * List of installed fonts
> > > * Silverlight data
> > > * List of mime-types
> > >
> > > For more information you can check out the description of it on
> > > Wikipedia:
> > >
> > > https://en.wikipedia.org/wiki/Device_fingerprint
> > >
> > > * Timestamp
> > > *
> > >
> > > --
> > >
> > > Michael Rasmussen
> > > Be Appropriate && Follow Your Curiosity
More information about the PLUG
mailing list