Why is fingerprint.com browser fingerprint working so well with iPhones?
fingerprint.comVery likely less than 99.5% accuracy based on my testing…
… or …. I guess it’s possible that someone is drugging me several times a day, cloning my SIM card, putting it in another device and flying all over the U.S.
Dear HN, maybe you know.
This is about precision of browser fingerprinting.
fingerprint.com generates a hash from browser/os attributes to recognize users without cookies. I tried their demo using iphone and expected (because i use private mode and returned several times with hopefully different cookie) to see some entries from other iphones like my one pop up in my history (from the fuzzy matching; https://www.apple.com/safari/docs/Safari_White_Paper_Nov_201... has some sentence about fingerprint prevention) but there were no other. I was alone and it traced me well. It was immune to private relay on/off (geodata).
They claim 99.5% accuracy for fingerprint pro. From the docs (https://dev.fingerprint.com/docs/understanding-our-995-accur...) it seems to me that 99.5% is overall accuracy for the hosted service and that number might be inflated by all the reference calls generated by devices that never clean their cookies (these count as 100%) The fraction of these is undisclosed, but its most likely very high(?).
I had, so far believed that it is more difficult to fingerprint a mobile safari than a desktop or android, because there is not so much hardware variety. Canvas/audio fingerprint should mainly depend on the phone’s model, and so are the fonts? (can apps bring new fonts to the fingerprint?)
Yet the demo of fingerprint.com performs pretty well for me. I do not know if its a problem of my safari leaking something or whether I am the only current user of the demo and therefore have no other peers to compare against. It seems a general problem also on sites like amiunique.org that almost nobody uses them. amiunique reports current iphone user agent as having a 0.4% fraction in last 15 days; but there are millions of these phones out there?
First I thought its my cookies but safari is indeed in private mode and e.g. samy.pl/evercookie test shows different digits each visit.
Anybody has some link/test tool especially crafted for iphone/ipad fingerprint or has some know-how of the “secret sauce” of fingerprint.com et al and would like to share? i would like to know how my iphone SE is different from other iphone SE. how to find out? Do you see conflicting peers on fingerprint.com demo when using it with iphone?
Thanks a lot.
I tried it on an iPhone and noted that it said I visited several times before even though this was my only time. Previous instances varied in IP, incognito mode, and location.
This was through the demo on their main page fingerprint.com > view live demo using Safari w/ private mode and some ad blocking extension.
Same. There were 4 entries that were not me listed - one was even an incognito visit. They were all from the same date about a month ago. Maybe this service works better on iPhones than Androids?
Edit: Reread your comment and you were on an iPhone.
Same for me - said I’d visited 17 times from 11 IPs, but this was the first time I’d even heard of the service!
Same for me showed previous visits. Never went to that site before.
I don't have an iPhone so i can't test it, but one thing i would be interested in is, if you use another browser like chrome/firefox etc, do you also get the same ID?
On my android different browsers yield different IDs but private mode or clearing browser data doesn't change anything.
There are ways to accomplish device level fingerprinting (cross-browser), though I don't know if it's offered by Fingerprint.com.
Curious. What are some of these methods and any background reading?
Yes, I tried with Firefox on normal, private and via VPN, same fingerprint.
there is nothing in their opensource version that would allow them to distinguish between iPhones running the same OS on the same hardware. for example apps can't add fonts globally. but they could be abusing a way of associating data with browsers that is not a cookie or something that is filtered by incognito mode in order to track users.
It seems to have no idea on my Kubuntu desktop.
Other sites seem to struggle remembering my browser too, i'm not doing anything special to my knowledge.
I'm on Windows 11 using Firefox - switching to incognito gave me a new visitorId. All I have to do is use my different monitors (each with a different resolution) and it has no idea who I am.
I also saw a bunch of other logs of devices that weren’t my own (on stock Safari on iPhone). I use a pretty standard ad-blocker. Perhaps that explains it?