Tom Ritter
Browser fingerprinting is the creepy party trick of the internet: change your VPN exit and clean your cookies and websites can still re-identify you. Is it as bad as it seems?
Well, we’ve got the receipts and we know just how unique fingerprinters think you are – and why.
More importantly, we’ll dig into what can actually be done about it when you’re the one on defense. Spoiler: “lie about everything” isn’t a viable strategy, unless you’re also cool with breaking your own browser. The hardest part of anti-fingerprinting isn’t figuring out how to make users less unique – it’s avoiding catastrophic, silent breakage of real-world sites, and even detecting when that breakage happens. Most fingerprinting defenses involve some combination of lying in APIs, randomizing outputs, and overriding user preferences – but every one of those approaches risks pissing off your users _and_ subtly breaking Google Meet.
No browser has performed as detailed a fingerprinting study as ours, and no one but a browser can. Find out why things are both not as bad as you thought they were and much worse. Come for the scary graphs showing how unique people are. Stay for the spicy takes on perverse incentives for browsers…
Audience-driven tangents can include: why it’s harder to exploit Tor Browser than Firefox, what are other browsers doing, ranting about browser fingerprinting sites like browserleaks or panopticlick, and why you shouldn’t enable Tor’s stricter fingerprinting protections that are present in Firefox.