It'd be nicer if a very large amount of people used the exact same anti-tracking techniques. If you're the only person with X Y and Z settings turned on for privacy, you're gonna stand out a lot and ironically hurt your privacy, but if browsers come with X Y and Z turned on by default, there's going to be far too many people doing the same thing and websites will have a harder time telling which computer is which. Everyone would benefit from proper default settings.

Yeah, you could significantly narrow down one individual based on just a few small factors, based on the data here enabling "Do Not Track" puts you in a group of around 30% of users or only 12% of users have completely disabled cookies or you can detect the use of adblockers to around 7-20% of users and other such details. If you look on that site, they offer another test which apparently can even detect and make someone standout just by identifying out what filters your adblocker is using, interestingly however, it seemingly cannot detect filters that are blocked via DNS such as a pi-hole, nor automatic filtering via privacy badger, so that's a neat workaround.

It's like if you say Google doesn't know your SSN because you never gave them it: they know everyone else's, yours is just the gap.

If you use brave it has most of the security features out of the box, hard to track somebody with stock settings

@@robertpaulson8790 Have you tried that tool? Brave actually makes it easier to uniquely identify your browser, the good thing about brave though is that it changes its finger print often and sends random information for a lot of meta data for example the plugins you use will return something highly unique like "SJECBgw" or "PDF viewer" which would be a bit of a problem if it never changed.

The chips differ

@@jt_hopp only one of them is cheap (this year to be specific)

Alternatively, if you do not have access to GPU voltage controls (laptops or phones usually have overclocking locked down) or do not want to (like for stability reasons), Then it may be more feasible to make a little script that taxes a tiny, random, and variable amount of GPU and CPU load in the background.

LibreWolf gang

Just made a comment about the same thing and then found this comment this sounds like a good idea but could be taxing on the load times of sites?

@@TadR1 in my experience no, because it only spoofs the reported gpu, not performance. but if a site employs a render benchmark, using this to spoof a gpu but having a hugely different resulted score might expose your real gpu. so I guess the workaround would be making a custom list of gpus with very similar performance in webGL as yours. all in all, the more people who use spoofing will help create a larger pool of obfuscated data for people to be able to be reasonably protected from any real fingerprinting though.

@@rxblackpill Thank you for the response, enlightened me on how the bypass actually works and some issues with it.

@@rxblackpill what about unvolting or overclocking to limit/increase the performance though? Tbh I'm still having difficulty grasping the concept in the video so I'm not sure what I said is relevant

@@SuperSohaizai so as said in the video, one method of potentially thwarting a gpu fingerprinting attempt could be to overclock, underclock, or increase or decrease voltage to your gpu. I haven't personally tried this but think of how that would affect a normal PC benchmark. obviously it would affect your gpu score and although in something like 3DMark, the program would know what gpu you have, the overclock or underclock would affect your score, and depending on how drastic said modification is, the reported score could be wildly different from the majority of other user reported scores. so if a host decided to implement a webGL benchmark in their site to track you along with a webGL vendor request, they could identify you based on the reported GPU and its score. all chips in the same gpu or cpu family will not perform exactly equivalently (silicon lottery) meaning that a host could potentially pick your gpu out from a 100 or even 1000 of the exact same model with good accuracy based on the reported score of the benchmark that you unwittingly ran in the browser. underclocking or overclocking might make you score out of the percentile of your reported gpu, meaning that web hosts fingerprinting using ONLY a benchmark might not be able to identify your gpu. however, 99% of hosts fingerprinting this way would also send a webGL vendor request as well, meaning that doing an OC alone might not mitigate this entirely, same with a webGL vendor request spoofer being used alone as well. combining an overclock or underclock, and a spoofer might be the way to go though, as both data points would be inaccurate for a definitive identification. to be honest, i'm not a cybersec. expert or an overclocking expert, but this is kinda what i'm getting from the entire thing. to be sure, i would definitely research the topic a lot more. but if you want something surface level to check your fingerprints, use something like browserleaks or panopticlick.

What if we have a 3090?

@@TotesCray 3080 TI 😖

You'll do better to harden your browser. You don't need HTML5 canvases to transact daily business. There's still better ways to fingerprint someone.

@@destroyonload3444 I prefer to use multiple distinct "device + connectivity chain" combos for differing activities. HTML5 is fine when I'm just doing entertainment or official business on my Mr Normal smartphone; the setup is different when I'm doing OSINT research, or IG phases of a penetration test, which is my day job. No cross-pollination permitted. Never had Facebook/Instagram/whatever so I don't need to worry about profiling correlated to an entrenched identity of that type.

Out of curiosity, how many times have you mentioned it?

@@DaPanda19 Only twice, including now. I'm just clarifying that I don't intend to spam so Seytonic doesn't assume so and ban me for it.

Interesting. What is your source?

node-ipc used to have such a code for one version, but AFAIK when ppl found out it was removed in later version

@@FoxBlocksHere that's fair, can't imagine you getting banned for giving valid information though

Yeeeaaaah true… been looking at some http requests recently… some sites logged my graphics card.

Of course there is but it is inconvenient, many websites break, and many sites make you solve captcha for appearing "suspicious"

There are ways, but as stated, if you run JavaScript it does not matter if WebGL is on or off as JS provides sufficient techniques to identify you even better. The answer to that is NoScript extention. Admittedly, it breaks a lot of websites and you will have to allow it for some websites anyways in order to use them, allowing them to track you. But all in all NoScript with AddBlock, a canvas blocker, and turned off WebGL in a privacy respecting browser like FireFox and a privacy respecting system like Linux for PC or GraphineOS for phones is you best bet. The problem is that NoScript takes aways convenience and you will have to learn Linux. That is also why we put up with this, most people just do not care enough or are lazy to do all this for their privacy.

I thought so too, tempreture both outdoor and gpu temp itself will probably also effect it.

It's unlikely. The GPU's load and temperature should not affect the result of compute operations, but they will affect the speed (and WebGL does allow the website to see your FPS). As for context leakage between processes or between webpages, it's possible in regular apps (Palinopsia vulnerability) but not in WebGL because it explicitly clears buffers before handing them to unsafe javascript.

I forgot one point: applying a load to the GPU will slow down all tasks by a certain amount. If the number of performance dimensions measured by the tracker is higher than the number of different GPU load parameters you randomise, linear algebra can be used to figure out your randomisation parameters and correct for them.

Use a VM - but find one which will let you adjust the parameters of the vGPU, to ensure differences in actual performance.

The accuracy of the fingerprinting is the problem, and what's new here.

Smart

yes

it's not limited to nvidia. there's nothing you can do about it.

that's not what you should take away from the video. they are tracking you from everything. either you disable fingerprinting or using most tools available that in itself is a fingerprint to better pinpoint you.

i don't think so, the fingerprinting isn't accurate enough

It’s pretty simple. Money and power. They sell the data to advertisers, governments, and businesses.

“just” “every time”

I don’t care if a business stores some of my data when I use their service. I care when they start selling that data to governments and third parties. I also dislike when they don’t tell you that they are taking data.

@@zachb1706 Ah right, I get that