Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
My intent in trying to redirect to plug-talk was to merge with the somewhat larger conversation there, rather than bifurcating. -- Russell Senior russ...@personaltelco.net On Sun, Feb 26, 2023 at 5:00 PM Ben Koenig wrote: > Discussions regarding the technical implementation of device > fingerprinting are perfectly on topic IMO. > > The ethical nature of such technology is another subject of debate and is > probably better on plug-talk. Conversations like this can split both ways ;) > > My somewhat toxic rant largely revolves around the articles blatant > misunderstanding of how anonymity works. He made a perfectly sane statement > about data collection/aggregatioon and then proceeded to make a completely > contradictory claim. > -Ben > > > --- Original Message --- > On Sunday, February 26th, 2023 at 4:08 PM, Russell Senior < > russ...@personaltelco.net> wrote: > > > > Although the idea of browser fingerprinting was not new to me, I did find > > the link to https://panopticlick.eff.org/ interesting and somewhat > > illuminating. > > > > Followups should (?) probably go to plug-talk. > > > > -- > > Russell Senior > > russ...@personaltelco.net > > > > On Sun, Feb 26, 2023 at 3:42 PM Ted Mittelstaedt t...@portlandia-it.com > > > > wrote: > > > > > Unfortunately my experience in "technical blog posts" is that most of > them > > > are crap, they are put together by people who run scraping software > that > > > rips off content from other people's sites then assembles it to try to > make > > > money off advertising on their sites. > > > > > > Unless the technical post is part of a forum that has a lot of > > > participation on it to where people with more knowledge/experience can > > > either add to it or refute it, usually it's just not that good. > > > > > > Ted > > > > > > -Original Message----- > > > From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Ben > > > Koenig > > > Sent: Sunday, February 26, 2023 1:19 PM > > > To: Portland Linux/Unix Group plug@lists.pdxlinux.org > > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor > > > devices? > > > > > > None of this is news. That entire blog post looks like it written to > > > appeal to someone who spent the last 30 years not asking how the > internet > > > works then freaking out after realizing what is possible. No joke, I > read > > > the following quote from that article and nearly fell out of my chair. > > > > > > "What’s ironic about device fingerprinting is that the more > > > privacy-centered add-ons you install on your browser (e.g. Privacy > Badger, > > > Do Not Track Me, Ghostery to name a few) in a bid to protect the > remnants > > > of your privacy, the easier it becomes to identify you because of the > > > uniqueness of your browser’s configuration." > > > > > > ROFLMAO. It's so brilliantly stupid that it cannot be refuted by > logical > > > means. That whole article is an accurate example of human intelligence > > > after decades of inadvertent lead exposure. Nice. > > > > > > -Ben > > > > > > --- Original Message --- > > > On Sunday, February 26th, 2023 at 10:21 AM, Ted Mittelstaedt < > > > t...@portlandia-it.com> wrote: > > > > > > > Why is this even necessary to look at nonsense like the plugins, both > > > > HP, Dell, and Lenovo computers make their motherboard serial numbers > > > > available via BIOS calls and those serial numbers are unique. Hard > disks > > > > also have unique serial numbers and of course the LAN MAC addresses > and > > > > Bluetooth BD_ADDR are unique. The machine's ARP cache is not > protected > > > > either so if they really want to fingerprint they can look at the > netmask > > > > in use, setup a loop and ping every IP in the network then pull all > the MAC > > > > addresses out of the ARP cache and then if they really want to get > clever > > > > they can match the MACs and see if any other machines on the local > network > > > > that they have fingerprints for are online. > > > > > > > > The entire hoo-ha over Intel putting serial numbers in it's CPUs a > few > > > > years back was complete baloney, a red herring to distract the > masses. > > > > > > > > The clearcode article is just barely scra
Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Discussions regarding the technical implementation of device fingerprinting are perfectly on topic IMO. The ethical nature of such technology is another subject of debate and is probably better on plug-talk. Conversations like this can split both ways ;) My somewhat toxic rant largely revolves around the articles blatant misunderstanding of how anonymity works. He made a perfectly sane statement about data collection/aggregatioon and then proceeded to make a completely contradictory claim. -Ben --- Original Message --- On Sunday, February 26th, 2023 at 4:08 PM, Russell Senior wrote: > Although the idea of browser fingerprinting was not new to me, I did find > the link to https://panopticlick.eff.org/ interesting and somewhat > illuminating. > > Followups should (?) probably go to plug-talk. > > -- > Russell Senior > russ...@personaltelco.net > > On Sun, Feb 26, 2023 at 3:42 PM Ted Mittelstaedt t...@portlandia-it.com > > wrote: > > > Unfortunately my experience in "technical blog posts" is that most of them > > are crap, they are put together by people who run scraping software that > > rips off content from other people's sites then assembles it to try to make > > money off advertising on their sites. > > > > Unless the technical post is part of a forum that has a lot of > > participation on it to where people with more knowledge/experience can > > either add to it or refute it, usually it's just not that good. > > > > Ted > > > > -Original Message- > > From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Ben > > Koenig > > Sent: Sunday, February 26, 2023 1:19 PM > > To: Portland Linux/Unix Group plug@lists.pdxlinux.org > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor > > devices? > > > > None of this is news. That entire blog post looks like it written to > > appeal to someone who spent the last 30 years not asking how the internet > > works then freaking out after realizing what is possible. No joke, I read > > the following quote from that article and nearly fell out of my chair. > > > > "What’s ironic about device fingerprinting is that the more > > privacy-centered add-ons you install on your browser (e.g. Privacy Badger, > > Do Not Track Me, Ghostery to name a few) in a bid to protect the remnants > > of your privacy, the easier it becomes to identify you because of the > > uniqueness of your browser’s configuration." > > > > ROFLMAO. It's so brilliantly stupid that it cannot be refuted by logical > > means. That whole article is an accurate example of human intelligence > > after decades of inadvertent lead exposure. Nice. > > > > -Ben > > > > --- Original Message --- > > On Sunday, February 26th, 2023 at 10:21 AM, Ted Mittelstaedt < > > t...@portlandia-it.com> wrote: > > > > > Why is this even necessary to look at nonsense like the plugins, both > > > HP, Dell, and Lenovo computers make their motherboard serial numbers > > > available via BIOS calls and those serial numbers are unique. Hard disks > > > also have unique serial numbers and of course the LAN MAC addresses and > > > Bluetooth BD_ADDR are unique. The machine's ARP cache is not protected > > > either so if they really want to fingerprint they can look at the netmask > > > in use, setup a loop and ping every IP in the network then pull all the > > > MAC > > > addresses out of the ARP cache and then if they really want to get clever > > > they can match the MACs and see if any other machines on the local network > > > that they have fingerprints for are online. > > > > > > The entire hoo-ha over Intel putting serial numbers in it's CPUs a few > > > years back was complete baloney, a red herring to distract the masses. > > > > > > The clearcode article is just barely scraping the surface and what they > > > say is being collected sounds like amateur hour. > > > > > > Ted > > > > > > -Original Message- > > > From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of > > > Michael Rasmussen > > > Sent: Saturday, February 25, 2023 10:46 AM > > > To: Portland Linux/Unix Group p...@pdxlinux.org > > > > > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor > > > devices? > > > > > > Fingerprint computes avail themselfs to a variety of items that, taken > > > together, come close to uniquely identifing your computer. > > > &
Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Although the idea of browser fingerprinting was not new to me, I did find the link to https://panopticlick.eff.org/ interesting and somewhat illuminating. Followups should (?) probably go to plug-talk. -- Russell Senior russ...@personaltelco.net On Sun, Feb 26, 2023 at 3:42 PM Ted Mittelstaedt wrote: > Unfortunately my experience in "technical blog posts" is that most of them > are crap, they are put together by people who run scraping software that > rips off content from other people's sites then assembles it to try to make > money off advertising on their sites. > > Unless the technical post is part of a forum that has a lot of > participation on it to where people with more knowledge/experience can > either add to it or refute it, usually it's just not that good. > > Ted > > -Original Message- > From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Ben > Koenig > Sent: Sunday, February 26, 2023 1:19 PM > To: Portland Linux/Unix Group > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor > devices? > > None of this is news. That entire blog post looks like it written to > appeal to someone who spent the last 30 years not asking how the internet > works then freaking out after realizing what is possible. No joke, I read > the following quote from that article and nearly fell out of my chair. > > "What’s ironic about device fingerprinting is that the more > privacy-centered add-ons you install on your browser (e.g. Privacy Badger, > Do Not Track Me, Ghostery to name a few) in a bid to protect the remnants > of your privacy, the easier it becomes to identify you because of the > uniqueness of your browser’s configuration." > > ROFLMAO. It's so brilliantly stupid that it cannot be refuted by logical > means. That whole article is an accurate example of human intelligence > after decades of inadvertent lead exposure. Nice. > > -Ben > > > --- Original Message --- > On Sunday, February 26th, 2023 at 10:21 AM, Ted Mittelstaedt < > t...@portlandia-it.com> wrote: > > > > Why is this even necessary to look at nonsense like the plugins, both > HP, Dell, and Lenovo computers make their motherboard serial numbers > available via BIOS calls and those serial numbers are unique. Hard disks > also have unique serial numbers and of course the LAN MAC addresses and > Bluetooth BD_ADDR are unique. The machine's ARP cache is not protected > either so if they really want to fingerprint they can look at the netmask > in use, setup a loop and ping every IP in the network then pull all the MAC > addresses out of the ARP cache and then if they really want to get clever > they can match the MACs and see if any other machines on the local network > that they have fingerprints for are online. > > > > The entire hoo-ha over Intel putting serial numbers in it's CPUs a few > years back was complete baloney, a red herring to distract the masses. > > > > The clearcode article is just barely scraping the surface and what they > say is being collected sounds like amateur hour. > > > > Ted > > > > -----Original Message----- > > From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of > Michael Rasmussen > > Sent: Saturday, February 25, 2023 10:46 AM > > To: Portland Linux/Unix Group p...@pdxlinux.org > > > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor > devices? > > > > > > > > Fingerprint computes avail themselfs to a variety of items that, taken > together, come close to uniquely identifing your computer. > > > > From: > > > https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint > > > > They list: > > > > * IP address > > * HTTP request headers > > * User agent string > > * Installed plugins > > * Client time zone > > * Information about the client device: screen resolution, touch support, > operating system and language > > * Flash data provided by a Flash plugin > > * List of installed fonts > > * Silverlight data > > * List of mime-types > > > > For more information you can check out the description of it on > > Wikipedia: > > > > https://en.wikipedia.org/wiki/Device_fingerprint > > > > * Timestamp > > * > > > > -- > > > > Michael Rasmussen > > Be Appropriate && Follow Your Curiosity >
Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Unfortunately my experience in "technical blog posts" is that most of them are crap, they are put together by people who run scraping software that rips off content from other people's sites then assembles it to try to make money off advertising on their sites. Unless the technical post is part of a forum that has a lot of participation on it to where people with more knowledge/experience can either add to it or refute it, usually it's just not that good. Ted -Original Message- From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Ben Koenig Sent: Sunday, February 26, 2023 1:19 PM To: Portland Linux/Unix Group Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices? None of this is news. That entire blog post looks like it written to appeal to someone who spent the last 30 years not asking how the internet works then freaking out after realizing what is possible. No joke, I read the following quote from that article and nearly fell out of my chair. "What’s ironic about device fingerprinting is that the more privacy-centered add-ons you install on your browser (e.g. Privacy Badger, Do Not Track Me, Ghostery to name a few) in a bid to protect the remnants of your privacy, the easier it becomes to identify you because of the uniqueness of your browser’s configuration." ROFLMAO. It's so brilliantly stupid that it cannot be refuted by logical means. That whole article is an accurate example of human intelligence after decades of inadvertent lead exposure. Nice. -Ben --- Original Message --- On Sunday, February 26th, 2023 at 10:21 AM, Ted Mittelstaedt wrote: > Why is this even necessary to look at nonsense like the plugins, both HP, > Dell, and Lenovo computers make their motherboard serial numbers available > via BIOS calls and those serial numbers are unique. Hard disks also have > unique serial numbers and of course the LAN MAC addresses and Bluetooth > BD_ADDR are unique. The machine's ARP cache is not protected either so if > they really want to fingerprint they can look at the netmask in use, setup a > loop and ping every IP in the network then pull all the MAC addresses out of > the ARP cache and then if they really want to get clever they can match the > MACs and see if any other machines on the local network that they have > fingerprints for are online. > > The entire hoo-ha over Intel putting serial numbers in it's CPUs a few years > back was complete baloney, a red herring to distract the masses. > > The clearcode article is just barely scraping the surface and what they say > is being collected sounds like amateur hour. > > Ted > > -Original Message- > From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Michael > Rasmussen > Sent: Saturday, February 25, 2023 10:46 AM > To: Portland Linux/Unix Group p...@pdxlinux.org > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices? > > > > Fingerprint computes avail themselfs to a variety of items that, taken > together, come close to uniquely identifing your computer. > > From: > https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint > > They list: > > * IP address > * HTTP request headers > * User agent string > * Installed plugins > * Client time zone > * Information about the client device: screen resolution, touch support, > operating system and language > * Flash data provided by a Flash plugin > * List of installed fonts > * Silverlight data > * List of mime-types > > For more information you can check out the description of it on > Wikipedia: > > https://en.wikipedia.org/wiki/Device_fingerprint > > * Timestamp > * > > -- > > Michael Rasmussen > Be Appropriate && Follow Your Curiosity
Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
None of this is news. That entire blog post looks like it written to appeal to someone who spent the last 30 years not asking how the internet works then freaking out after realizing what is possible. No joke, I read the following quote from that article and nearly fell out of my chair. "What’s ironic about device fingerprinting is that the more privacy-centered add-ons you install on your browser (e.g. Privacy Badger, Do Not Track Me, Ghostery to name a few) in a bid to protect the remnants of your privacy, the easier it becomes to identify you because of the uniqueness of your browser’s configuration." ROFLMAO. It's so brilliantly stupid that it cannot be refuted by logical means. That whole article is an accurate example of human intelligence after decades of inadvertent lead exposure. Nice. -Ben --- Original Message --- On Sunday, February 26th, 2023 at 10:21 AM, Ted Mittelstaedt wrote: > Why is this even necessary to look at nonsense like the plugins, both HP, > Dell, and Lenovo computers make their motherboard serial numbers available > via BIOS calls and those serial numbers are unique. Hard disks also have > unique serial numbers and of course the LAN MAC addresses and Bluetooth > BD_ADDR are unique. The machine's ARP cache is not protected either so if > they really want to fingerprint they can look at the netmask in use, setup a > loop and ping every IP in the network then pull all the MAC addresses out of > the ARP cache and then if they really want to get clever they can match the > MACs and see if any other machines on the local network that they have > fingerprints for are online. > > The entire hoo-ha over Intel putting serial numbers in it's CPUs a few years > back was complete baloney, a red herring to distract the masses. > > The clearcode article is just barely scraping the surface and what they say > is being collected sounds like amateur hour. > > Ted > > -Original Message- > From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Michael > Rasmussen > Sent: Saturday, February 25, 2023 10:46 AM > To: Portland Linux/Unix Group p...@pdxlinux.org > > Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices? > > > > Fingerprint computes avail themselfs to a variety of items that, taken > together, come close to uniquely identifing your computer. > > From: > https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint > > They list: > > * IP address > * HTTP request headers > * User agent string > * Installed plugins > * Client time zone > * Information about the client device: screen resolution, touch support, > operating system and language > * Flash data provided by a Flash plugin > * List of installed fonts > * Silverlight data > * List of mime-types > > For more information you can check out the description of it on > Wikipedia: > > https://en.wikipedia.org/wiki/Device_fingerprint > > * Timestamp > * > > -- > > Michael Rasmussen > Be Appropriate && Follow Your Curiosity
Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Why is this even necessary to look at nonsense like the plugins, both HP, Dell, and Lenovo computers make their motherboard serial numbers available via BIOS calls and those serial numbers are unique. Hard disks also have unique serial numbers and of course the LAN MAC addresses and Bluetooth BD_ADDR are unique. The machine's ARP cache is not protected either so if they really want to fingerprint they can look at the netmask in use, setup a loop and ping every IP in the network then pull all the MAC addresses out of the ARP cache and then if they really want to get clever they can match the MACs and see if any other machines on the local network that they have fingerprints for are online. The entire hoo-ha over Intel putting serial numbers in it's CPUs a few years back was complete baloney, a red herring to distract the masses. The clearcode article is just barely scraping the surface and what they say is being collected sounds like amateur hour. Ted -Original Message- From: PLUG [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Michael Rasmussen Sent: Saturday, February 25, 2023 10:46 AM To: Portland Linux/Unix Group Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices? Fingerprint computes avail themselfs to a variety of items that, taken together, come close to uniquely identifing your computer. From: https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint They list: * IP address * HTTP request headers * User agent string * Installed plugins * Client time zone * Information about the client device: screen resolution, touch support, operating system and language * Flash data provided by a Flash plugin * List of installed fonts * Silverlight data * List of mime-types For more information you can check out the description of it on Wikipedia: https://en.wikipedia.org/wiki/Device_fingerprint * Timestamp * -- Michael Rasmussen Be Appropriate && Follow Your Curiosity
Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
sorry, wrong Wikipedia link in my previous email. Use this one instead: https://en.wikipedia.org/wiki/Device_fingerprint -- Michael Rasmussen Be Appropriate && Follow Your Curiosity
Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Fingerprint computes avail themselfs to a variety of items that, taken together, come close to uniquely identifing your computer. From: https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint They list: * IP address * HTTP request headers * User agent string * Installed plugins * Client time zone * Information about the client device: screen resolution, touch support, operating system and language * Flash data provided by a Flash plugin * List of installed fonts * Silverlight data * List of mime-types For more information you can check out the description of it on Wikipedia: https://en.wikipedia.org/wiki/Device_fingerprint * Timestamp * -- Michael Rasmussen Be Appropriate && Follow Your Curiosity
