[PLUG] [PLUG-TALK] How do web servers identify visitor devices?

Mon Feb 27 01:16:50 UTC 2023

My intent in trying to redirect to plug-talk was to merge with the somewhat
larger conversation there, rather than bifurcating.

-- 
Russell Senior
russell at personaltelco.net

On Sun, Feb 26, 2023 at 5:00 PM Ben Koenig <techkoenig at protonmail.com>
wrote:

> Discussions regarding the technical implementation of device
> fingerprinting are perfectly on topic IMO.
>
> The ethical nature of such technology is another subject of debate and is
> probably better on plug-talk. Conversations like this can split both ways ;)
>
> My somewhat toxic rant largely revolves around the articles blatant
> misunderstanding of how anonymity works. He made a perfectly sane statement
> about data collection/aggregatioon and then proceeded to make a completely
> contradictory claim.
> -Ben
>
>
> ------- Original Message -------
> On Sunday, February 26th, 2023 at 4:08 PM, Russell Senior <
> russell at personaltelco.net> wrote:
>
>
> > Although the idea of browser fingerprinting was not new to me, I did find
> > the link to https://panopticlick.eff.org/ interesting and somewhat
> > illuminating.
> >
> > Followups should (?) probably go to plug-talk.
> >
> > --
> > Russell Senior
> > russell at personaltelco.net
> >
> > On Sun, Feb 26, 2023 at 3:42 PM Ted Mittelstaedt tedm at portlandia-it.com
> >
> > wrote:
> >
> > > Unfortunately my experience in "technical blog posts" is that most of
> them
> > > are crap, they are put together by people who run scraping software
> that
> > > rips off content from other people's sites then assembles it to try to
> make
> > > money off advertising on their sites.
> > >
> > > Unless the technical post is part of a forum that has a lot of
> > > participation on it to where people with more knowledge/experience can
> > > either add to it or refute it, usually it's just not that good.
> > >
> > > Ted
> > >
> > > -----Original Message-----
> > > From: PLUG [mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of Ben
> > > Koenig
> > > Sent: Sunday, February 26, 2023 1:19 PM
> > > To: Portland Linux/Unix Group plug at lists.pdxlinux.org
> > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor
> > > devices?
> > >
> > > None of this is news. That entire blog post looks like it written to
> > > appeal to someone who spent the last 30 years not asking how the
> internet
> > > works then freaking out after realizing what is possible. No joke, I
> read
> > > the following quote from that article and nearly fell out of my chair.
> > >
> > > "What’s ironic about device fingerprinting is that the more
> > > privacy-centered add-ons you install on your browser (e.g. Privacy
> Badger,
> > > Do Not Track Me, Ghostery to name a few) in a bid to protect the
> remnants
> > > of your privacy, the easier it becomes to identify you because of the
> > > uniqueness of your browser’s configuration."
> > >
> > > ROFLMAO. It's so brilliantly stupid that it cannot be refuted by
> logical
> > > means. That whole article is an accurate example of human intelligence
> > > after decades of inadvertent lead exposure. Nice.
> > >
> > > -Ben
> > >
> > > ------- Original Message -------
> > > On Sunday, February 26th, 2023 at 10:21 AM, Ted Mittelstaedt <
> > > tedm at portlandia-it.com> wrote:
> > >
> > > > Why is this even necessary to look at nonsense like the plugins, both
> > > > HP, Dell, and Lenovo computers make their motherboard serial numbers
> > > > available via BIOS calls and those serial numbers are unique. Hard
> disks
> > > > also have unique serial numbers and of course the LAN MAC addresses
> and
> > > > Bluetooth BD_ADDR are unique. The machine's ARP cache is not
> protected
> > > > either so if they really want to fingerprint they can look at the
> netmask
> > > > in use, setup a loop and ping every IP in the network then pull all
> the MAC
> > > > addresses out of the ARP cache and then if they really want to get
> clever
> > > > they can match the MACs and see if any other machines on the local
> network
> > > > that they have fingerprints for are online.
> > > >
> > > > The entire hoo-ha over Intel putting serial numbers in it's CPUs a
> few
> > > > years back was complete baloney, a red herring to distract the
> masses.
> > > >
> > > > The clearcode article is just barely scraping the surface and what
> they
> > > > say is being collected sounds like amateur hour.
> > > >
> > > > Ted
> > > >
> > > > -----Original Message-----
> > > > From: PLUG [mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of
> > > > Michael Rasmussen
> > > > Sent: Saturday, February 25, 2023 10:46 AM
> > > > To: Portland Linux/Unix Group plug at pdxlinux.org
> > > >
> > > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor
> > > > devices?
> > > >
> > > > Fingerprint computes avail themselfs to a variety of items that,
> taken
> > > > together, come close to uniquely identifing your computer.
> > > >
> > > > From:
> > >
> > >
> https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint
> > >
> > > > They list:
> > > >
> > > > * IP address
> > > > * HTTP request headers
> > > > * User agent string
> > > > * Installed plugins
> > > > * Client time zone
> > > > * Information about the client device: screen resolution, touch
> support,
> > > > operating system and language
> > > > * Flash data provided by a Flash plugin
> > > > * List of installed fonts
> > > > * Silverlight data
> > > > * List of mime-types
> > > >
> > > > For more information you can check out the description of it on
> > > > Wikipedia:
> > > >
> > > > https://en.wikipedia.org/wiki/Device_fingerprint
> > > >
> > > > * Timestamp
> > > > *
> > > >
> > > > --
> > > >
> > > > Michael Rasmussen
> > > > Be Appropriate && Follow Your Curiosity
>