It’s usually a number of different data points about your browser like the user agent string that identifies what browser you use and what OS, screen resolution, language settings, timezone, whether or not you use and adblocker etc… and of course IP addresses
One trick a few years ago (that has been patched in all browsers now) was using favicons.
If you ever clicked a link between 2010 and 2021 and noticed that your browser redirected you several times before taking yo to the correct destination, that was a successful attempt at de-anonymizing you.
What was happening was there was a web of redirects. Each location had a different favicons (the little picture in your browser tab that ids the site visually for you). If your browser had been to that destination before, your browser would have the favicon in cache.
if favicon found, send to redirect free A. If redirect not found, send to redirect tree B.
Then repeat the process. With like 35 redirects you’d have enough binary data to uniquely ID every internet connected device ever made.
Canvasblocker(randomises all of those little tracking details)/Noscript(outright prevents JS scripts from being able to read those in the first place) combo my beloved
It’s usually a number of different data points about your browser like the user agent string that identifies what browser you use and what OS, screen resolution, language settings, timezone, whether or not you use and adblocker etc… and of course IP addresses
One trick a few years ago (that has been patched in all browsers now) was using favicons.
If you ever clicked a link between 2010 and 2021 and noticed that your browser redirected you several times before taking yo to the correct destination, that was a successful attempt at de-anonymizing you.
What was happening was there was a web of redirects. Each location had a different favicons (the little picture in your browser tab that ids the site visually for you). If your browser had been to that destination before, your browser would have the favicon in cache.
if favicon found, send to redirect free A. If redirect not found, send to redirect tree B.
Then repeat the process. With like 35 redirects you’d have enough binary data to uniquely ID every internet connected device ever made.
Wild.
This was fixed in 2021.
This is horrifying. I’ll reset my browser more often, I was already in the habit of doing that
Canvasblocker(randomises all of those little tracking details)/Noscript(outright prevents JS scripts from being able to read those in the first place) combo my beloved