logoalt Hacker News

joshstrangeyesterday at 3:29 PM3 repliesview on HN

It's somewhat interesting but over half of what it talked about is just silly.

- Reverse IP/geocode (while be cute about "we won't show your IP", oh no, not my IP!)

- Timezone - Ok, yeah, lots of websites need/make use of that for completely legit tasks

- Browser/OS/Screen size - boring, again mostly needed or historical

- GPU - Again, not super interesting IMHO

- Battery - Ok, this is the first one I think should be behind a permission dialog

- Language - Come off it, that's just table stakes

- Fonts - Again, not sure how else this should work in a "perfect" world

- Cookies/dark mode/DnT/etc - Ehh, again aside from fingerprinting (which ruins everything) these are all QoL improvements IMHO

- Referrer - Again, this is just how the web works

I think the websites that take all of that and show you a fingerprint or show the data in a more data-oriented way are way more compelling.

This, almost certainly vibe-coded, website doesn't do anything novel and hits on a huge pet peeve of mine: using low-quality arguments for a legit issue (fingerprinting). By mixing in stuff like your IP/Language on the same level as Battery/GPU/other-fingerprinty-things it makes the whole argument less compelling.

Replies

thesuitonymyesterday at 4:12 PM

I'm with you on almost all of this, but since you (almost) asked, here's how I think fonts should work:

The server tells your browser to display a line of text in a specific font. If that font is available, your browser does so, and if not, it displays the text in your default font, or a backup font if the developer specified one. There's no need for the server to know if it's there or not.

mwheelzyesterday at 3:54 PM

Fair pushback, and partially right. Most of these data points are individually defensible. Accept-Language helps with localization, Referer is just how links work, timezone is universally useful. The page's argument isn't that any single one is bad; it's that the bundle is identifying. Panopticlick / Cover Your Tracks measures combinatorial uniqueness, not any single point. The piece could be sharper about the distinction. Noted.

akerstenyesterday at 4:47 PM

People discovering "just how the web works" have spawned myriad complaints, misguided laws, and general anger and confusion. I wish there was a test people had to take before they go online or something. Otherwise they'll still be mad that Chrome Incognito didn't prevent ads.google.com from registering them as a pageview statistic.