A web page that shows you everything the browser told it without asking

Browsers are stuck between compatibility and privacy. Every bit of environment detail has some site that claims to need it, and every extra bit makes users easier to distinguish.

pretty interesting but why's this website so dramatic, like it thinks it's making me uneasy and paranoid or something

Someone should do a demo where they take all the info from the browser and feed it to an LLM to describe the person as accurately as possible. I bet it would be 10x better than any horoscope.

Its mixing confidential info. For example, you know I'm connected from a location, but you do not know my precise location. I connected from a tower that is from Odido, but I am not paying Odido for a subscription.

I prefer https://fingerprint.com/demo

Terrible company-at least you know you are testing what is being used.

DuckDuckGo browser helped mask some stuff, but definitely a fair amount still goes through.

Annoyingly the web is becoming a bit more annoying to browse as a DuckDuckGo (mobile) and Brave (desktop) user. With a VPN on top it gets even worse.

The text legibility of the gray on black is a serious problem. My eyes aren't that bad but I can barely read this.

Yes, I'm on a MacBook Air in Eastern Time and I speak English. I'd have told the website that myself if they had asked it.

None of the information identified for me was surprising using an up-to-date Firefox on Mac w/ a mostly default configuration. I had to unblock Javascript in NoScript for the page to work.

I get the point, but I think the EFF Panopticon page is a better representation of browser fingerprinting and how it works, because most of the things shared are really basic elements of data that aren't personally identifiable. You can absolutely fingerprint Firefox with a default config, so obviously this was vibe-coded and just doesn't do much. Cool, you did a GeoIP lookup, read the user-agent, the referrer header, and the accessibility data, exactly zero of that should be surprising to anyone that knows how you access a website.

You could have used show hn since you made it

If the color scheme weren’t so atrocious, it would almost be possible to read what it says.

How do we get our browser to stop sending all this information? It's really maddening.

> You have been on this page for 92 seconds. You scrolled 0% of the way down. You never left this tab.

Uhm... how did I get to the bottom if I scrolled 0%?

With javascript off it just stalls at "reading" forever. There are certainly some viewport properties and other things it does know even without JS execution, but the mitigation is significant. And the page itself (the JS application) cannot act on that data or communicate it. Instead it has to be processed by some other application on the backend or wherever. Not in my browser by my computer.

"Your screen is 320 by 568 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display."

Not quite, I'm on a 2016 iPhone SE

I'm not worried about my privacy. No one can read the dark text on that page anyhow.

good stuff but useful for non tech ppl. We already knew those things are exposed by the browser. probably worth putting in x/reddit

Update: I pushed two rounds of fixes for things people caught.

1. GPU "or similar" stranded prose. Firefox returns "Mozilla, or similar" as the masked renderer string and my parser was grabbing the second half. Masked-GPU case now gets its own observation.

2. Desktop battery showing NaN/100%. Chromium reports a phantom 100%-charging battery on machines without one; my filter was too narrow. Stricter check, falls through to "kept back."

3. Storage quota of 39+ GB reading as implausible. Now expressed in GB, and the prose was reworded ("would let this page write up to" rather than "allocated to").

4. Screen size matching window size (Firefox letterboxing / Brave farbling). Page now names it: "your browser appears to be returning the viewport in place of the real screen — anti-fingerprinting at work."

5. "Recent, high-end display" being claimed on old retina devices (iPhone 5-class). Tightened the heuristic.

6. No-JS hangs at "reading." <noscript> block added.

Worth saying directly since it came up. The prose is hand-written. Each observation has a small set of templated registers and the code selects among them based on what the data returns. There is no LLM in the runtime path. AI helped me iterate on the spec like it does for most projects now. The sentences on the page are mine. If that's not the kind of work you're in the mood for, fair, but the slop charge is wrong.

the breathless fearmongering but also condescending tone of this really makes it hard to take seriously. yeah, you can "digitally fingerprint" me when i browse the web. do you know when else you can get my fingerprints? literally any time i touch something in the real world, i leave my fingerprints behind. and nobody is making websites telling us all what a risk to privacy that is.

if you want to make me afraid of browser fingerprinting, try explaining how that information can be used to harm me. i'm aware that it's possible, i just don't care because it doesn't seem like it's that big of a deal.

dark gray on black text was a terrible choice, virtually unreadable contrast

> This volume requires JavaScript. That is part of the point — your browser is what is being read.

> With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops.

What? When I enable JS it shows me a lot of stuff that is only queriable with JS.

It's somewhat interesting but over half of what it talked about is just silly.

- Reverse IP/geocode (while be cute about "we won't show your IP", oh no, not my IP!)

- Timezone - Ok, yeah, lots of websites need/make use of that for completely legit tasks

- Browser/OS/Screen size - boring, again mostly needed or historical

- GPU - Again, not super interesting IMHO

- Battery - Ok, this is the first one I think should be behind a permission dialog

- Language - Come off it, that's just table stakes

- Fonts - Again, not sure how else this should work in a "perfect" world

- Cookies/dark mode/DnT/etc - Ehh, again aside from fingerprinting (which ruins everything) these are all QoL improvements IMHO

- Referrer - Again, this is just how the web works

I think the websites that take all of that and show you a fingerprint or show the data in a more data-oriented way are way more compelling.

This, almost certainly vibe-coded, website doesn't do anything novel and hits on a huge pet peeve of mine: using low-quality arguments for a legit issue (fingerprinting). By mixing in stuff like your IP/Language on the same level as Battery/GPU/other-fingerprinty-things it makes the whole argument less compelling.

This is just... silly. Everything it told me, while browsing on my iPhone, seems entirely reasonable.

> Every page you have ever visited knows at least this much. Most of them know more. None of them told you.

So? Why would I want the news site I'm visiting to "tell me" it knows my preferred language, that I'm using light mode, or the estimated location of my IP address...?

It's not surprising that a browser which renders text can be used to identify which fonts are available. It's not surprising that a browser which allows calculation with your GPU will identify your type of GPU.

The "without asking" framing is just silly. I expect to be asked for consent to use my webcam or microphone or exact precise location. But the last thing I want is to be asked for permission around detecting my local time zone or preferred language or my screen resolution or 20 other totally reasonable things for a website to be able to know.

> Your screen is 1512 by 982 pixels, rendered at 2x density — which means it is almost certainly a recent, high-end display. Your device volunteered all of this in the first milliseconds of the connection.

No it didn't. It was queried by the JS running on the page. It's a fun demo but it could really do without the slop prose.

The stats are wrong - on Android my finger has not moved triple digit times, and I haven't tapped double digit times. In 4 seconds.

My general location is also wrong.

This site's theme is barely visible.

And the entire idea for the site is at least couple decades old.

Unoriginal slop.

Another vibe-sloped false-integrity derivative. Cmon, OP..

I wish it knows that I absolutely hate dark modes with such low contrast.

Wow! A significant amount of that information is wrong. I guess my corporate security is doing their job pretty well.

Its pretty scary when you see it like this

Man what a awful looking site. I shouldn't have to crank my brightness to max to kind of read the words

Vibecoded slop with LLM-written copy. When will it stop

Jokes on them, they got the wrong IP address, dummies!!! My IP address is 127.0.0.1!

I can’t even read this on my phone, the text is too small and the contrast is terrible

It's really bad, it's not using proper fingerprinting techniques, no network stack fingerprinting, no browser history via DNS poisoning, no narrowing down exact country with timing and so on. I mean this is even inferior from basic tools like amiunique, what's the point?

This is a great exercise, it's generally accurate on location but it's hard to express how granular they can be Identifying users through browser information. fonts? display size? processor? how unique is that really in laymans terms?

Your browser discloses a lot more fingerprinting data than this

Ok…

Are we supposed to care?

Another unreadable piece of slop with Claude fonts and style that this user has already spammed three times here with an account created 21 days ago.

This is out of control, and y'all just comment these threads as if they're made by humans.

At least it doesn't know my age

Oh wait

We've seen tens of pages like this, all done better. Now the vibe coders got into it and completely fuck up the idea.

it got both my city and browser wrong i am not too concerned lol

Lol, the description text is so dramatic.

[dead]

[flagged]

>OH MY GOD WE KNOW STUFF ABOUT YOU

peoples obsession with 100% privacy while operating in a public space is immature. if you're that risk averse dont connect to the internet.