Duh
So people using ad-blockers who don't see online ads are vulnerable to advertisers tracking you and putting targetted ads on websites you visit that you still won't see as you are using an ad-blocker. And this is a bonus to advertisers how?
The recent explosion in people installing ad blockers for their browsers may have an ironic side effect: identifying them to advertisers. French researchers digging into online privacy issues have built on a 2010 study by the EFF that used people's browser configurations to identify individuals. The researchers account for the …
If they know you're using an ad-blocker, they'll profile you as a leech and perhaps start using ad-gates. Either that or they'll see that as a cue to get more aggressive with the ads by triggering the original website to insert inline same-domain ads, which will be tougher to block without collateral damage. Plus since they'll be able to track you across websites, they can wait for other opportunities to bombard you which you may not always be able to block. Heck, if they can tie you to a social account or e-mail address, they can probably use them to get to you as well.
@ Charles 9. If people are using ad-blockers in the first place it likely indicates they are not receptive to internet adverts anyway, so using alternate means to shove them in your face is likely to have a negative brand image effect for the product and website rather than induce a sale. If websites block me for using an ad-blocker I go elsewhere, there are very few sites that have exclusive content that I absolutely must see. Similarly, if adverts manage to sneak past my ad-blocker and make a site too annoying, then I'll simply stop visiting that site.
Note: I also use No-Script too and block third party cookies etc so have even less exposure to advertisers and trackers. I also use a throwaway email address on social media.
"What about a manufacturer's website for drivers?"
You keep raising that. Let's look at it.
Where do these manufacturers make their money?
By selling the H/W that their drivers support.
What would happen if they poisoned their drivers?
They'd burn their main business. (Remember how quickly HP had to row back after the shit-storm they raised by playing silly buggers with their ink cartridges.)
Why would they want to do that?
Why wouldn't they? Plus I'm not talking the drivers themselves but the sites on which they're hosted: packed full of mandatory scripts and so on ripe to be drive-by'ed with no viable alternatives if they don't provide high performance drivers to kernels (kernel can't do that themselves many times due to patent-based black-boxing, and as for Windows...).
so only 48 others are using the single extension Privacy Badger on a locked-down chrome?
>PB logo.gif identified in only 49/~6000 Browser tests,
>whilst on FF 52 there were around 2000 Privacy Badger blocker users, so a bit more dilution
>Safari - a locked down Ghostery (without Evidon direct tracking) seemed OK - but I don't really trust it
however the standard fingerprinting, OS, resolution, fonts canvas etc individualised me in all cases.,
then there's server side cookies, evercookies, telemetry [Apple still get a packet with your UUID everytime you query "About this Mac" on your own desktop/laptop!]
"however the standard fingerprinting, OS, resolution, fonts canvas etc individualised me in all cases.,"
Not sure why you got down voted. I found the same, even after make sure I wasn't logged into anything, changed the browers id string to remove all reference to X, FreeBSD and AMD, ie plain old Firefox ID string, remove all add-ons and yet it still identified my as unique. I'm betting it's my font list.
On the other hand, the test only runs if I whitelist scripting for the testsite domain.
As it hasn't been mentioned and almost everybody here will have an old redundant 1st generation RaspberryPi gathering dust in their drawer - You can give it a great second life using https://pi-hole.net/ on it to replace your network DNS. Works a treat for all connected devices. No need for browser add-ons and works within your smartphone apps (when using wi-fi).
I've found it the most effective way of blocking all ads - and if any ad does show up it will be the most obvious product/service to avoid purely on being so subversive.
The only issue so far was the TfL website would omit tube/trains from its journey planner. But by checking the easily view-able blocking log, whitelisting solved that problem immediately.
"The researchers account for the 2017 internet: they look at what browser extensions people have and what social media services they are logged into."
This seems more like a (well known) social media issue than something related to ad blockers. I'd thought it was common knowledge by now that if you visit a website you're often also downloading 3rd party contents, which allows said 3rd party to perform a bit of tracking. Especially when it's being used on multiple places (such as social media like buttons, Google Analytics javascript, etc.).
It's for that reason why I use both an Ad blocker but also the StopSocial plugin; a small plugin which prevents my browser from contacting any social media website whenever I'm on a website other than the social media site itself. Next using a reference blocker (NoRef) also does miracles.
The only risk is that some websites might break (sometimes they rely on references) but that's easily fixed with setting up a (small) whitelist.
Happy tracking that :)
Never hurts to check your browser fingerprint with a visit to https://panopticlick.eff.org/
as many machines running Adblock & NoScript can still be uniquely identified. Even with 3rd party plugins, Cookies, Javascript & Flash disabled it's fascinating how much data can be gleaned.
That's the trade-off for ad-blocking/privacy - running your connection through a VPN, using an 'exotic' browser (Vivaldi in my case), using uBlock or similar (TunnelBear Blocker's nice by the way) all give you a relatively unique fingerprint in comparison to the proles - given that my ISP has no clue what websites I'm looking at and that I'm ad/malware free whilst I do it, I think that's a worthwhile trade*
Of course, if you're doing something naughty and you get tracked down as a consequence of trying to be anonymous you may consider otherwise.
*That doesn't mean I wouldn't be keen to adopt anti-fingerprinting though - I'm hopeful that's coming in the next round of the privacy wars.
Just tried the test - it showed I was unique to 4403 so far tested. HOWEVER, it did say that I appeared to be logged in to LinkedIn (never had an account - ever) and logged into Forbes (whomever they may be). So, the question is: As I did try to find someone through LinkedIn - quite some time ago - has it left a marker somewhere on my laptop and how do I get rid of it?
And what about Forbes - I've never heard of them let alone knowingly been there. I don't 'do' any social media.
Running Firefox with AdBlockerPlus.
An inquiring mind would like to know.
Phil
@Phil - Forbes do news (FSVO news), you may have picked up a cookie from there by following a news story from somewhere
I never bother with Forbes as they have served malware via ads on their site in the past yet have the temerity to tell you to disable ad blockers!
Like most people main role of ad blocker is as part of a series of measures (e.g. scripts run from sites on whitelists only) to reduce malware risk, loss of in your face / page rearranging ads is just a bonus side effect
"Kind of an ugly solution, but it works."
I'll try that.
I have a HUGE number of fonts, to duplicate fonts to replicate vintage packaging / labels.
Also for other graphic design tasks.
I also use NoScript, not an ad blocker, as I'm more concerned about security & privacy, so 3rd party cookies are blocked, I log out of evil tracking orgs, and I only white list enough to make a site work. Some sites, even though used regularly, are only getting scripts Temporarily allowed.
Rats!
Courier, Helvetica, Times New Roman, Verdana, MONO
Unique out of 7501 browsers that were tested so far!
Maybe install User Agent and pretend I'm on Windows and not Linux. I needed that on last PC to download Kindle Reader for Wine, but I decided it's spyware, so I convert Kindle to ePub with Calibre now. (a plug in uses my real Kindle's serial number).
Whitelisting feature in Firefox 52 and later is no use to limit Browser Fingerprinting:
1) It's whitelisting the fonts the browser uses, which only incidentally affects reporting of fonts to a website.
2) Whitelisting ALSO blocks fonts loaded from websites (I think this is the reason for the feature, if so it's a broken idea, whitelisting/blocking the domain providing makes more sense?)
3) Makes too many websites look rubbish that use "wingding"/"symbol" fonts as Icons
4) I already downloaded and installed lots of commonly used 3rd party on the fly fonts on websites to reduce tracking via font providers. There is website for them. This also speeds up page loading.
My conclusion is that currently this is a lost cause. Browsers should only report current browser window size and perhaps resolution, though physical DPI is more useful than X by Y screen pixels, it's the window X by Y needed for "responsive" sites / served image sizes etc.). Browsers are simply reporting too much. It was good that Mozilla backtracked and removed the battery state.
For now the best solution against tracking is:
1: Block all 3rd party cookies always (Default sadly is allow on Firefox).
2: Install Noscript and only whitelist enough to make a site work. Some sites best only temporarily whitelist, such as Twitter, Facebook, Google applications.
3: Always log out of social media and Google. Sometimes restart the browser so as to lose the temporary whitelistings that Social Media icons use on other sites.
4: If maintaining a website, DO NOT copy/past "code" offered for icons and widgets. Download image of icon/widget, upload to your site and put a simple HTML link (maybe set to open in new window/tab). These 3rd party icons/widgets (with javascript) may even be illegal for you to put on your site if you are in EU.
5: If building / maintaining a website, put copies of all fonts, images, javascript etc in your own domain (or ideally same site) to make whitelisting easier for users, make your site self contained and avoid leaking the user's history / browser to 3rd parties.
6: Install your own analytics on your own site. Google's Analytics are a privacy slurp. They can't be trusted.
7: Only implement cookies for users that login. Do not use 3rd party log in APIs such as Facebook or Google.
8: If the site captures unique user data or has a login, then use HTTPS.
9: Use a Mozilla based browser, such as Firefox, Seamonkey etc. Not Edge, Safari, IE, Chrome or Opera. I don't know what the story is on Chromium. Not ideal, but better than some of the spyware.
10: Change firefox setting so URL bar fails if you mistype, no search or autocorrect. Don't use a browser without a separate search box and url bar.
11: Do not install toolbars.
1. Because more and more sites won't work AT ALL without cookies. More and more sites won't let you get past the front page, and that includes sites I used to frequent.
2. More sites tie basic site function to those scripts. No scripts, no content. And other sites like Forbes use ad-blocker-blockers that deny you access. If they're the ONLY source of something (like a manufacturer's website that protects its property, so no internal drivers for you), God help you.
4. Those widgets are often copyrighted and impose terms on their use, meaning NOT copying/pasting them is in violation. It's THEIR way (copy/paste) or NO way.
5. Same problem. Some fonts, etc. ONLY allow you to source them from the official source.
9. Mozilla captures user data, too. So do IE, Edge, and Opera. Last I heard, Vivaldi also records stuff. Basically, unless you can roll your own from scratch or use a pre-commercialization browser like NetSurf, don't trust the browser.
10. ISPs tend to screw up this solution these days, and some of them are bold enough to intercept requests to third-party resolvers (easy enough to do, as DNS uses a fixed port number). And let's not get started with resolutions hard-coded into the clients.
Well, now I'm not so sure this new FF whitelist setting fully works. EFF's Panopticlick is still able to enumerate fonts (unless it's just guessing?), although the site referenced in this article now only sees what's in the whitelist. Not quite sure what Panopticlick is doing to get around the whitelisting - assuming it really is.
Ditto - NoScript meant NoTest until I allowed it.
Having done so, unique amongst 6114 so far. However, my extensions came up N/A and I got a 'no' for being identifiable by logins (this will be because cookies don't survive a browsing session, and I've only visited three sites this morning since switching on - including El Reg and the test). It's my browser fingerprint that gets a yes - but that's all.
(Okay, the combination of all three gets a yes as well, but that's as much because of the browser fingerprint as anything else!)
With such a small number of people having run the test, this is not that much of a surprise. So meh.
When I tried it, it couldn't detect them. Apparently only Google is stupid enough to allow that, since it said it only works in Chrome.
In the login leak, I was one of 1532 collisions among 4650 browsers, so hardly unique there.
In the standard fingerprint I was unique as I guessed I would be - I'm running Firefox on Linux! But that's easily fixed by changing my user agent string, if I cared to bother.
"since it said it only works in Chrome"
But using Chrome means you don't care about privacy anyway.
The logins and extensions usages is irrelevant anyway, their browser fingerprinting is completely rubbish.
It told me I was the same as about 680 among 5200 while this https://panopticlick.eff.org tells me my browser is unique among 213k.