They’re really playing up the ominous tone.
“We know this because your IP address — xxx.xxx.xxx.xxx — was the first thing your device sent us. We know the rest of it. We chose not to display it. Most pages would not have made that choice. We did not ask for your location. Your address arrived before you did.”
Uh, yeah. That’s how IP addresses work.
We sent a SYN-ACK packet and YOU acknowledged it, confirming you are not spoofing YOUR IP address. Now WE share the same sequence number. Most sites do not tell you this is happening.
dude be careful, right now your house is probably broadcasting a street address.
the mailman that drops your mail off? he knows
Compare this to Google’s homepage, which is clean, wholesome, friendly, and inviting.
(I don’t mind sites that try to scare the user straight, but this one definitely has the unmistakable tinge of AI-generated wording. Make a sense if you click through the links at the bottom to see who created it.)
It really looks ai-generated. It even contains mistakes like saying that my 5yo phone model with low resolution is a high end device. All the text is pretty “generic” and sloppy
Tbh, a five year old phone can absolutely be high end. Mine is four years old and I absolutely consider it high end.
Language and dark mode setting are also funny. Yes, I literally want to share those preferences so you don’t serve me a blinding white website in hebrew. What a hacker you are.
I am pretty sure 90% of the people using the Internet don’t know what an IP address is.
Obvious, the address of where you pee.
No, it’s where I pee…. It’s not a UP address
Relevant user
namesentence.What is the address of everywhere?
It got my location wrong. It got my GPU wrong. It said I never left the tab, even though I left it to start this comment. It said I moved my cursor 111 times in 74 seconds, which is absolutely false.
That site is just pointless. Pretty much the only things it got right were my time zone and my browser.
In my case it was incredibly accurate, except for one detail; the wire said I moved my finger over 600 times which… Seems hyperbolic.
The website is clearly AI-slopped, what did you expect?
Time zone has no info about where I actually am. Sure, I’m in a particular vertical slice of the earth. I have the JP keyboard downloaded, but you’re wrong, that doesn’t mean I speak Japanese. In fact, I speak French but your cookie reading didn’t pick that up.
It is genuinely interesting what info gets passed to websites but the doomy tone is rather silly and will unnecessarily worry people who don’t know much about computers/Internet, which is the majority of users.
It got my timezone and location pretty spot on, though.
Very useful site. Thanks for posting this.
Lol it says I have a “recent, high end device”… It’s a Samsung that’s old enough to be in the third grade.
Only thing that’s missing is a bunch of threats with a Bitcoin address at the bottom.
I’m guessing it has inferred that (wrongly) from your screen size and resolution.
That’s not a great datapoint, if that’s the case, there’s 2015 phones that are unnecessarily 4K (right when 4K TVs were becoming popular)
Your browser accepts cookies. Websites can write small files to your device that persist after you leave — files that identify you when you return, that follow you across sites, that remember what you looked at, what you almost bought, and how long you hesitated. We have not written one. Your browser would let this page write up to 10 GB to your device — a private room, ours alone, like the one given to every site you visit.
Hol up … 10 GB?
Doesn’t seem to be anything new here than what’s we already know:
Just with a more ominous tone. Is it any wonder people are afraid of technology?
Laughing my ass off reading through this. The sanctimonious and passive aggressive threatening tone is perfect for how much info it got wrong just because I use Firefox and an adblock. YOUR BROWSER DIDN’T TELL US ANYTHING ABOUT THIS, LIKELY BECAUSE ITS FIREFOX. BUT THAT MEANS WE KNOW YOU USE FIREFOX AND WE ARE CHOOSING TO BE SAFE WITH THAT INFO, YOURE WELCOME, PWNED!!!11!1111!1
Teaching people about fingerprinting and how important understanding it is for personal privacy is good, but acting like a 4chan script kiddy group and making bizarre empty threats like you’re mr robot ain’t it, dawg.
From other comments this is likely some AI slop to sell a product, but if they’re serious they come off like they just slept through sec+ and think they’re shadow brokers now lmao
On a bog standard phone with dns blocking and nothing more, it was able to identify a lot of information. Some pieces of information I didn’t realize are sent to websites when I visit them. It’s a good demonstration of fingerprinting.
Similar results with NoScript.
This volume requires JavaScript. That is part of the point — your browser is what is being read.
With JavaScript off, the page cannot tell you what your browser disclosed. The data is still there. The disclosure still happened. Only the telling of it stops.
The fact that they’re stopped from “the telling” says a lot about their abilities, but not much about “the disclosure”.
I imagine it was just stuff collected in most server logs: IP Address, user agent string… I’m not too concerned, really.
Looks like they don’t have a dedicated backend dev. A similar presentation could be done by making it a dynamically generated page, with some CSS animations.
This is lame as shit. The tone of the writing is going to get non-tech people feeling quite dismissive, or scared enough to seek out surface level info, which just rolls back into feeling dismissive. It’s actually really stupid because they’re clearly driving fear, but hardly touch the real thing to be scared of. Fingerprinting is barely mentioned, it’s only really addressed once, in the font identification section. The issue with all these data points is how they can be collected and correlated across the web - it basically means fuck-all if it’s only from one page.
edit: On top of that, each data point is presented as some sort of horrible catastrophe, when some are completely benign. Barely addressing why some points actually matter, or not at all. (Like click/touch data, it’s needed for site functionality, but it gets creepy when that data is used for things like psychological profiling)
Even more disappointing because the formatting/appearance is more than clean enough to share with basically anyone. Yet the tone and focus makes that out of the question. What a waste of time to make this.
Your graphics processor identified itself as or similar.
Ah yes, Or similar, great GPU, love it.
We know your full name, blood type, and that your left elbow is itching a bit right now. Your browser told us. But we’re choosing to not show you. We also know what you did on July 14, 2018.
I opened it in Firefox and Librewolf just to see how the information sent was different. Librewolf obfuscated the following which Firefox disclosed:
Time zone
Monitor resolution
GPU used
Also, the Firefox one said I moved my cursor such-and-such times, while the Librewolf one said my finger moved such-and-such times. Must be related to hiding what screen I’m using. I’m on desktop.
Firefox on mobile obscured GPU.
“Your browser masked your graphics processor. Firefox and Safari have started returning generic strings — “Mozilla”, “Apple”, “or similar” — instead of the real renderer. The fact that yours did so tells us, with reasonable confidence, which browser you are running. The mask is also a fingerprint.”
Is this just lack of dedicated GPU on mobile?
Seems to be making a lot out of “you send your user agent and screen resolution”.
There is a looot more than that lol. Usually enough to allow them to uniquely fingerprint every device on earth.
There were a couple of things on that page that were novel to me. “Only a couple” made it worthwhile though:
- There’s a free tier to a service that gives you geolocation data from an IP address
- This site counts the number of times you move to a different tab
I didnt mean this site specifically just in general.
See this site for something more technical. Takes a while to process everything give it a minute.
sooooo reading a browsers user-agent is now a thing to worry about? oh look I changed my user-agent and now this dumb ass site is giving all the wrong info woulda look at that.
“We know where you are based on your IP” yeah bro, that’s how IP’s work. look i turned on mullvad, omg now it says i’m in Sweden!
“we know you’re using an AMD gpu” gasp ya don’t say. oh look I changed my user-agent again and now you think I’m on nvidia, crazy how that works huh?
This is a dumb bullshit site.
oh look it’s built by these morons: https://riseuplabs.app/ a company that vibe codes every “product” they have. so naturally building a stupid site that just pulls your user-agent would seem amazing to them.
This is bullshit marketing for their bullshit vibe coding. report this post, it’s an ad.
The location is off by about fifty miles. It didn’t get my GPU or battery level. Everything else is stuff that doesn’t matter. Firefox browser, English, android device. I am not terribly impressed.
You’re right, and same for me, but what if you’d never considered any of this before and are new to the idea of privacy? I expect it would then give you pause for thought.
Sure, it’s a gimmick site. But it serves a useful purpose for those who don’t know about the topic. Which is probably the majority of users.
Despite my own experience: TIL the tilt angle of my phone is available to websites.
