
EFF Launches Panopticlick 2.0 - clumsysmurf
https://panopticlick.eff.org/#2
======
dang
[https://news.ycombinator.com/item?id=10753087](https://news.ycombinator.com/item?id=10753087)

------
newscracker
I have used the previous version several times over the years across
computers, operating systems and browsers. My worry was always about browser
fingerprinting, which meant that using a popular configuration like Windows
XP/7 with IE 6/7/8 would help "hide in the crowds and not stand out" better
than other choices would.

Even with this new version of Panopticlick and its associated help pages, it's
disturbing to know that browser fingerprinting cannot be completely defeated.

In the help page, the recommended limited effect approaches to handle browser
fingerprinting are:

1\. Use Tor - this is probably useless for most people due to the low speed of
browsing (I know everyone has to pitch in to share bandwidth with others, but
this is not an easy compromise at all).

2\. Use Privacy Badger - I do use it with Firefox and Chrome, but it's not
available for other browsers, which is not ideal for me.

3\. Use NoScript - I tried this a long time ago and found that it crippled
almost every site I regularly visited. I realized this was too heavy and
cumbersome a solution. I can easily recommend uBlock Origin and Privacy Badger
to other non-technical people, knowing that those _wouldn 't usually_ cause
issues with websites. But it's not possible to recommend NoScript to non-
technical users who just want to get things done.

My earlier conclusion on browser fingerprinting was that ironically, it
usually traps the more technical and privacy oriented people who may use more
of the unpopular solutions in order to derive privacy and security related
benefits.

I wish there were easier ways to defeat browser fingerprinting, because we may
not even know which sites are using it to track us (unlike say, cookies or
super cookies, where the evidence is usually visible).

~~~
jandrese
I use NoScript daily and while it requires a bit of interaction the first time
you visit a website it really isn't that hard to use. Just allowing the TLD
and any obvious CDNs covers about 95% of all websites. If you do run across
some website that is just horribly busted, there's always the "allow all
temporarily" button, but I find it is extremely rare that I have to resort to
that. And the times that I have I usually discover that it is in fact the
website that is broken, not my browser settings.

~~~
newscracker
> Just allowing the TLD and any obvious CDNs covers about 95% of all websites.

I know about the options NoScript provides, but I see this statement itself as
part of the problem. If we just whitelist sites that we use and see (to have
them work), we're not really stopping tracking, are we? We're just guarding
against unknown sites. Most people visit perhaps 10 major sites on a regular
basis everyday, and all the popular ones that people would whitelist use
trackers.

I'm not denying the benefit of being protected from unknown, obscure and
malicious sites that we may land in once in a while and things like XSS
protection, but that alone is not enough in this context.

What we need is either a trusted block-list for NoScript that's updated
periodically, similar to block-lists that exist for ad-blockers, or some other
mechanism that can curb the tracking potential of scripts (I don't know the
answer for the latter).

~~~
jandrese
You obviously don't whitelist google-analytics.com or facebook.net.

------
davecardwell
More information about what has changed:
[https://www.eff.org/deeplinks/2015/12/panopticlick-20-launch...](https://www.eff.org/deeplinks/2015/12/panopticlick-20-launches-
featuring-new-tracker-protection-and-fingerprinting-tests)

Some discussion yesterday:
[https://news.ycombinator.com/item?id=10753087](https://news.ycombinator.com/item?id=10753087)

------
Wingman4l7
The tool notes a browser's lack of support for analyzing compliance with "Do
Not Track" as a negative _(red X)_.

This is interesting because IMO, "Do Not Track" is basically another flavor of
Trusted Computing, which the EFF has been critical of before.

~~~
mtgx
Care to elaborate? EFF is a supporter of Do Not Track.

[https://www.eff.org/pages/understanding-effs-do-not-track-
po...](https://www.eff.org/pages/understanding-effs-do-not-track-policy-
universal-opt-out-tracking)

~~~
Wingman4l7
Yes, I understand. I just have a dim view of any sort of tracking at this
point, even if it's a voluntary "nice" kind -- and in general I don't think it
encourages a healthy privacy mentality.

------
Drdrdrq
This is another tool that might come handy:
[http://www.canyoutrackme.com/](http://www.canyoutrackme.com/)

It checks if you really lose cookies and supercookies on browser exit.

------
peteretep

        > your browser has a nearly-
        > unique fingerprint
    

Must be one of the few iPhone 6+s users in Germany O_o

~~~
VLM
"one in x browsers have this value" "6193830.0"

"User Agent" "Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/46.0.2490.80 Safari/537.36"

OK then. I suppose this implies I was the 6193830-st person to run it from a
desktop like mine.

~~~
plank
Nope, I interpret it as: 6193829 people reached the site before you, but had
different values. Or: 2x6193830 people reached it, and one of the those had
the same value as you...

------
chromaton
Canvas fingerprinting was a new one to me:
[https://www.browserleaks.com/canvas](https://www.browserleaks.com/canvas)

"The method is based on the fact that the same canvas-code can produce
different pixels on a different web browsers, depending on the system on which
it was executed."

------
UserRights
I really like their humor - the share buttons on the results page are a
wonderful piece of satirical reality.

------
SRSposter
Do i win if i cant even turn on the test because of my addons? (noscripts,
RequestPolicy, Ublock Origin)

------
dogma1138
Is any one else not being able to complete this? Fingerprinting is stuck for
me in an endless loop, Chrome 47 custom user agent and Canvas fingerprinting
is blocked.

