[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 140 KB, 981x736, 1510070542181.jpg [View same] [iqdb] [saucenao] [google] [report]
67704052 No.67704052 [Reply] [Original] [archived.moe] [rbt]

Ask Hiro.

New ads system and new script that generates a "canvas" for every user, so you are more easy to track.
Evidence on the pic.

Issue: using CanvasBlock and randomizing the readout still gets you a unique fingerprint each time, making you stand out even more, but blocking all canvas API will break captcha.

Also, if you want to block malware domains at the OS level, see: https://github.com/ScriptTiger/Unified-Hosts-AutoUpdate

>> No.67704105

That doesn't smell fishy at all. Nope. Nothing suspicious at all.

JK it's probably going to make life a shit ton easier to actually permaban people now when they go goreposting on /b/ or some retarded shit. I know a few anons that see getting banned as a minor inconvenience. Would love to see those sorts of people get rekt.

>> No.67704131

>T. Glow in the dark CIA nigger

>> No.67704144
File: 47 KB, 584x336, 1519553039861.gif [View same] [iqdb] [saucenao] [google] [report]

>yes goyim, let the gook track you and sell your data off to orbitfour47.com, it's okay think about all the goreposters

>> No.67704158
File: 17 KB, 1081x310, Untitled.png [View same] [iqdb] [saucenao] [google] [report]

Wow, you weren't kidding.
So what now, what's the game plan to blocking this crap?

>> No.67704169

>T. Maximus Paranoia.

>> No.67704172
File: 130 KB, 430x288, 1520554820965.png [View same] [iqdb] [saucenao] [google] [report]

>So what now, what's the game plan to blocking this crap?
kidnapping the gook and forcing him to debotnet the site. getting rid of canvas fingerprinting is pretty impossible.

>> No.67704184

I'm serious. What's the workaround? Even non-JS captcha doesn't work.

>> No.67704215

we have to make a big stink about this to force that fucking gook to remove the canvas fingerprinting from the site.


>> No.67704232

last thread:

>> No.67704259

That website doesn't even load properly, keeps restarting.

>> No.67704274

>keeps restarting
if you pressed "test" then that's normal. just wait.

>> No.67704293

God forbid he sells the IP that I share with 1000 people, the size of my browser, and the text that I posted. I'm totally compromised now!

>> No.67704308

you don't understand fingerprinting you mongoloid. It has nothing to do with cookies, IP or anything else. It's a fingerprint based on your software and hardware.

>> No.67704338

Tried that with and without real companies, got 3 YES's, a No, and a loading element.
That's after I enabled javascript.

>> No.67704389

canvas is html5 so don't think you're safe

>> No.67704401

So what do I do now? Block canvas API for all but vital websites?

>> No.67704403

I think you need JS to manipulate it though.

>> No.67704409

>Block canvas API
this breaks captcha so you could never post again.

>> No.67704423

I'm totally fine with pissing on 4chan's corpse. I'm talking facebook and my Uni's site.

>> No.67704437

if you don't need to post here, then use "CanvasBlocker" addon for firefox and set it to block all or block all except whitelist.

>> No.67704440

Not him but I think most of the people in this thread don't understand what this really is. I see a lot of "its super secret THEY MUST BE TRYING TO PROBE MY ANUS" sort of paranoia.

From my perspective at least, the only use I can see for this is to make punishing ban evaders that much easier. If it's truly a fingerprint based on your hardware and software, it would be so much harder for a person to bypass a ban. Simply getting a VPN, clearing your cookies, or trying from a different browser wouldn't cut it. You'd see lest shitposting on /v/ where some cunt comes along and says "HAHA CANT CATCH ME TRANNY JANNIES" and proceeds to break as many global rules as he can.

Or, you know, maybe everyone here is right and gookmoot is really Mark Zuckerburg, selling all your data to marketing teams who will see that you dumbasses are super paranoid while watching Boku no Pico and start recommending anime bodypillows to you as you browse amazon.

One of these things makes sense. The other makes some HUUUGE assumptions based on the idea that the entire world is out to get you.

>> No.67704458

Can't use just use ublock to block the actual canvas image from loading or more sensibly only allow board images? It seems to come the i.4cdn domain. If it can't load, it can't fingerprint, right?

>> No.67704459

So how do I know canvas blockers works or hasn't been compromised?

>> No.67704462

>>From my perspective at least, the only use I can see for this is to make punishing ban evaders that much easier.
this is entirely false and not doable you mongoloid piece of shit on damage control. You can't ban people based on this.

>> No.67704476

set it to block all and see how it breaks captcha, or use a canvas test (posted in the previous thread which is linked to here)

>> No.67704496

>Issue: using CanvasBlock and randomizing the readout still gets you a unique fingerprint each time, making you stand out even more
Faking -> Random Number Generator -> persistent

Now it only stays the same within browser session or until you clear it manually

>> No.67704513
File: 2 KB, 150x66, 1517647725485.png [View same] [iqdb] [saucenao] [google] [report]

which one is best?

>> No.67704520

What makes you say that? CS 1.6 servers can ban players based on machine ID, why can't 4chan ban someone from this fingerprint shit?

It uniquely identifies you.

>> No.67704527

>bitcoin miners
>How many times do you need to be told?
disable javascript

>> No.67704537

>fake readout API: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the <canvas> API to display something on the page, but the readout API is forced to return a new random value each time it is called.
>fake at input: on display of text the drawn pixels get modified slightly. This makes the detection of the add-on harder but is less secure. On WebGL-canvas the behaviour is identical to "fake readout API".

>> No.67704561

>disable javascript
breaks the site and 4chanx

>> No.67704601


>> No.67704613

Does anyone know how to actually contact hiroshimoot and complain about this garbage? Isnt there like an irc channel or something?
I only know of his youtube channel:

>> No.67704616

>he thinks those are the same as canvas fingerprinting
go back to /v/

>> No.67704632 [DELETED] 

his twitter

>> No.67704637

4chan X works for me without JavaScript. Well, other than the JavaScript from 4chan X of course.

>> No.67704644

his twitter

>> No.67704659

I dont use twitter, and you shouldnt either.

>> No.67704670

I don't care about your view on that. make a fake account using a fake email or something.

>> No.67704682

i'm block the shit sites and i.cdn.org:
and allowing per board. example:
i think the solution is block everything, and allow the necessary, but it's too much autist work for today

>> No.67704685

>he thinks that canvas fingerprinting cant be used by the webserver's backend to automatically IP ban users with known fingerprints
isn't there a new episode of Infowars you need to be watching?

>> No.67704695

>IP ban
different things, mongoloid.

>> No.67704707

hurr durr its totally impossible to put a fingerprint in a banlist and then ip banning people who try to post with a banned fingerprint doiiiiiiiiiiiii

>> No.67704720

how do i get fingerprinted?

>> No.67704725

it's retarded, plebbitor.

you would be banning random IP's of other people because this is assuming the user has dynamic IP. so every time they use the site, IP's that will get used by loads of other people get banned. you really are brain dead huh?

>> No.67704732

Just read straight from the 4chans API.

>> No.67704736

e i g h t faggots, no insane captcha and only fill it once every 24 hours

>> No.67704738

on desktop?

>> No.67704754

>"ip ban" means permanent
Ok so he is just making assumptions. Also I find it funny you call reddit when you are using reddit spacing

>> No.67704762

yeah but the userbase is ultimate autism.
duration is irrelevant, because dynamic IP had change multiple times per day.

>> No.67704782

Is it finally time to exodus to 8ch?

>> No.67704809

it would only work if we did it en masse. otherwise we'd have to go and deal with that terrible userbase of cripplechan.

>> No.67704811

>the userbase
you mean the 23 people that use that site all have autism?

>> No.67704827

ok so uh i installed this https://chrome.google.com/webstore/detail/canvas-defender/obdbgnebcljmgkoljcdddaopadkifnpm and now captcha just goes through every time??? cool???

>> No.67704832

Yeah, this is what I did,and I'm not getting the fingerprint png, but I dunno if that means it's still not being generated serverside at thus fingerprinting is happening or if it actually stops it.

>> No.67704835

/tech/ is fine for the most part.

>> No.67704850

Actually you know what, I'm going to spell it out for you seeing as you haven't figured it out by now. I'll use your reddit spacing so you can understand.

Lets say a person called dumbass gets his ass permabanned for posting CP. Dude gets his pc fingerprint swiped, and banned. Fingerprint added to his ban.

Dumbass has the brilliant idea of deleting cookies, resetting browser session, changing his IP, and posting new images. But what he doesn't know is the fingerprint will still match him.

Now when he goes to post, the server goes "Hey i know this guy", tempbans his IP (doesn't need to be a long ban, just like a 30 second ban). Lift the ban on the old IP and apply it to the new IP. He can keep changing IPs and we keep shifting his ban. As a failsafe keep the last known IP banned incase he tried a new PC, then BOOM add that fingerprint to his ban.

TLDR match IP to fingerprint, fingerprint to id, ip bans dont need to be permanent when fingerprint bans are, use your brain

>> No.67704862

>the userbase is ultimate autism.
here it is autism + cancer + reddit, so I'll take autism only over that.

>> No.67704871

>redditspacing CIA nigger is trying to justify spying on all users

privacy invasion damage control is literally always the same

>> No.67704877

>calls reddit spacing
>in a post with reddit spacing
not sure if retarded, or just trolling. Probably both

>> No.67704912

>newfag trying to make an argument
if you think the pedo posters don't use tor and tor browser / tails, you're a brain dead child.

>> No.67704935

Of course they don't use tor browsers on 4chan to pedodump, because tor exit nodes are blocked on 4chan brainlet.
Stay summer eternal

>> No.67704940

>not using a proxy after going through tor
stay pleb, newfag

>> No.67704955

Fuck off no one cares about ban evasion. Only bootlikers like bans. And even that doesn't s not justify invasion of privacy without consent.

>> No.67704965

>proxy after tor
>essentially eliminating the point of tor
>still give 4chan an IP to ban AND A FINGERPRINT
cmon mcfly, think!

>> No.67704966

>everything keeps getting worse

>> No.67704972

You literally press in button on tor and still pass true

>> No.67704979

>>essentially eliminating the point of tor
you don't know how things work, do you?

>> No.67705008

How is it an invasion of privacy?
>oh no the service i post on every single day is keeping track of who i am incase i decide to start being evil
>wheres my rights
fuck off retard, you are using their service they have the right to make it possible to deny you access to their service. Where's 4chan's rights? Oh, wait, they dont get any because it doesn't benefit you. Fucking retard

btw I noticed how you moved those goal posts. We were talking about fingerprints, now you are going on about a solution for a hypothetical ban evader to ban evade around a hypothetical solution to ban evasion... incase you forgot.

I think I have a better understanding than you at this stage.

>> No.67705027

>autism + cancer + reddit
8gag is also that. Enjoy having to worship the board owners of the few live boards there like a cultist, you fag.

>> No.67705029

>schizo is SEETHING
>still trying to do damage control
>doesn't understand enough to know his point is a non-argument

>> No.67705040

>when they go goreposting on /b/
Posting gore is not against the rules.

>> No.67705054

How can I reproduce OP's pic?

>> No.67705058

>but he's retarded
This is how I know i've won. Rather than attack my argument, you attack my character. I'l


>> No.67705059

you're stupid if you think that. Literally never had a problem with a board owner since I dont frequent boards with retarded owners. /tech/ at least is just fine, and since I only browse /g/ here its all I need.

>> No.67705066

Open network manager, refresh page

>> No.67705079

Why are you people trying to make Hiro look bad? Hiro has done nothing wrong.

>> No.67705093

What would be blocked under that?

>> No.67705094


>> No.67705136

How have I used such a logical fallacy? I've claimed that this fingerprinting shit could possibly be used for banning, people say I'm retarded, I explain how it could possibly be used for banning, people say I'm retarded, I give example scenarios, people continue to attack my character...

oh wait, I'm on 4chan. The home of ad hominem.

>> No.67705144

not him, but you are literally the most dense autistic on this board right now.

>> No.67705151

unless practically everything on your machine is set to default and you're using popular hardware, you will be identified by your fingerprint.
changed the window size? changed the location of your taskbar? using an operating system that isn't windows 7 or windows 10? using something to block scripts? have a non-standard font installed? you're already more unique than you think, especially when this information is paired with your ip range. it's a lost battle.

>> No.67705159

why the fuck do browsers leak all this information in the first place? I fucking hate web 2.0

>> No.67705163

Still ad hominem tho.

>> No.67705178

you still haven't made a legit argument in favor of privacy invasion.

>> No.67705179

to sell all your information

>> No.67705183


>> No.67705184

Thank javascript. You can literally get the private IP of your computer with it.

>> No.67705191

>implying those people don't protect themselves and/or easily can continue

This is for the common user alright

>> No.67705206

You still haven't shown me how a unique image that is designed to identify your computer, that is made on the client without any server influence, is an invasion of privacy.
I haven't being trying to argue in favor of privacy invasion because as I see it, this is not an invasion of privacy.

>> No.67705211

Even with all addons disabled it's not listed for me.

>> No.67705216

It blocks two GETs one being the fingerprint PNG. I went to disable my setting, because I forgot what the other was and now they're not loading. I wonder if he removed them or the only show up sometimes. Either way it blocked the fingerprints from being loaded. The thing is, I don't know how they're generated, do they still exist server side, did that stop them? I dunno, but they don't load.

>> No.67705224
File: 66 KB, 1039x914, 1516860298888.jpg [View same] [iqdb] [saucenao] [google] [report]

>You still haven't shown me how a unique image that is designed to identify your computer, that is made on the client without any server influence, is an invasion of privacy.

>> No.67705232

banning pedophiles
isn't this enough!?

>> No.67705245

Ad hominem again. It's almost as if you can't come up with a counter argument or anything other than logical fallacies in response...
My work here is done, enjoy your shitty board. I have a bed to sleep in.

>> No.67705254

This should be blocked by this filter in uBlock filter list: https://github.com/uBlockOrigin/uAssets/blob/master/filters/filters.txt#L168

I don't see these requests with uBlock filter list enabled.

>> No.67705259

I bet this guy lives in a house made of glass with how little he cares about his privacy

>> No.67705275
File: 547 KB, 256x196, 1520094059705.gif [View same] [iqdb] [saucenao] [google] [report]

lmao at you faggots falling for this bait thread

>> No.67705287

4chan was added to this filter only 4 days ago, so if it's not being blocked by you, purge your filter cache and update them again.

>> No.67705336

This won't do shit for ban evaders, fingerprints are easy to change if you know what you're doing. What this does allow, however, is selling data. Gookmoot can sell your 4chinz data to the data brokers who can connect it to your real name, all online accounts, browsing history, etc. etc.

>> No.67705349

It's called markdown, redditor. Only redditors call it reddit spacing

>> No.67705355

t. butthurt redditor.

>> No.67705366

/b/ is where the gore should be, and should stay dumb fuck

>> No.67705375
File: 47 KB, 852x854, da429040-8263-4438-9b23-2bd60aab99fc..jpg [View same] [iqdb] [saucenao] [google] [report]

you're not fooling anyone Hiromooti

>> No.67705376

no u

>> No.67705388
File: 82 KB, 1178x632, 4chanbotnet.png [View same] [iqdb] [saucenao] [google] [report]

It's not canvas fingerprinting. Open the .png in GIMP and export as raw data. Then open that in a text editor (replace all "ÿ" with "" if there are any). It's a json object that contains HTML, CSS and JavaScript. pic related

>> No.67705422
File: 650 KB, 1235x871, 1528396969905.jpg [View same] [iqdb] [saucenao] [google] [report]

what do we do against this fucking gook?

>> No.67705448

stop using 4chan ;)

>> No.67705492

just block the script that downloads the png

>> No.67705498
File: 57 KB, 792x600, this is bait.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.67705503

and the next time he adds another domain/script?

>> No.67705514
File: 7 KB, 250x243, 1507487305318.jpg [View same] [iqdb] [saucenao] [google] [report]

>be le me
>be non tech illiterate + not retarded
>use umatrix and ublock origin
>never see these new ads
>no fingerprint in network monitor
feels good to not be retarded bros.
you all need to go back to /v/ until you learn how to use a computer.

>> No.67705523

then you do this >>67705492

>> No.67705538

but then you're always a step behind the fucking gook.

>> No.67705543

Freddy got fingerprinted

>> No.67705554

Have any of you paranoid mongoloids actually tried reverse-engineering the Canvas elements it uses?

First canvas is used to decode the image-encoded JSON which has adloading shit.

https://hastebin.com/iteyemerac.py - Decoder (needs Pillow, run as decoder.py that-scary-looking-image-you-freak-out-about.png)
https://hastebin.com/xowedekore.json - Output from above.

Second canvas is used just to display ads.

>> No.67705555

is there a way to block this with noscript yet?

>> No.67705556

if you want to get ahead, do this >>67705448

>> No.67705575

You're assuming the ban can be associated with a fingerprint. If an user does not run first-party JS, no fingerprint can be relayed.

>> No.67705588

see >>67705388

>> No.67705639

Yeah, I'm aware. I provided links since people would rather be paranoid than actually spend two seconds decoding minimal obfuscation.

https://hastebin.com/sujequruro.js is the inner JS, prettified.

>> No.67705649

I'm not getting anything like this. Is it random or have I avoided the noid?

>> No.67705669

only people that are already on "the list" get it. you dodged a bullet, because you're a good boy.

>> No.67705684

>the list
no such thing. ublock has added it to the filter list.

>> No.67705692

You're probably already blocking the in-page ad-loader script from boards.4chan.org.

>> No.67705705

4chan deserves to appear on the next botnet bingo.

>> No.67705731


>> No.67705780
File: 75 KB, 659x725, Capture.png [View same] [iqdb] [saucenao] [google] [report]

help, retard here. Installed disconnect privacy badger, canvas blocker and keep getting this.

>> No.67705803

click "show full results" and see how bad the fingerprint is. it gives you a number.

>> No.67705833

90% of fingerprinting comes from javascript. use umatrix or noscript to block it by default, and allow it when you need to.

>> No.67705838

breaks every single site.

>> No.67705854

Go check out how canvas fingerprinting work and calm down. Just install 3 random fonts and add a flash player. It collects multiple data and renders an image

>> No.67705933

>just install 3 random fonts and add a flash player
Yes, let us all go and make sure our fingerprints are unique and identifiable

>> No.67705970
File: 18 KB, 583x328, thinking emoji.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.67706050
File: 288 KB, 1462x857, notworking.png [View same] [iqdb] [saucenao] [google] [report]


I blocked everything as you see, if I remove eff scripts page won't even load

>> No.67706100

you can't get rid of fingerprinting, but you can make yourself less unique, so go and look at the full results.

>> No.67706131
File: 48 KB, 632x734, 3.png [View same] [iqdb] [saucenao] [google] [report]

>fucking botnet REEEEE

how bad am I?

>> No.67706176

>using CanvasBlock and randomizing the readout still gets you a unique fingerprint each time, making you stand out even more
If you're getting a new fingerprint at each load, doesn't it mean you can't be tracked at all? Or am I retarded?

>> No.67706217
File: 16 KB, 776x527, 1512636161049.png [View same] [iqdb] [saucenao] [google] [report]

first of all, set CanvasBlocker to pic related (persistent will clear when you close the browser) otherwise you getting a new fingerprint for every reload (default setting) will make you stand out way more.
>those fonts
set in about:config:
browser.display.use_document_fonts" = 0

>> No.67706221

maybe if everyone bought a 4chan pass hiroshimoot wouldnt need to resort to this :^)

>> No.67706230

everything else still remains the same, but the canvas, which means you stand out a lot. just do this: >>67706217

>> No.67706249

maybe I should just run that script that fixes ff
ty for your time

>> No.67706271
File: 24 KB, 608x490, >javascript.png [View same] [iqdb] [saucenao] [google] [report]

try disabling javascript

>> No.67706272

>that script that fixes ff

>> No.67706305

>have to selectively re-enable it for every single site you ever visit so that they actually work

>> No.67706331

why is no-script captcha (4chan x) broken?

>> No.67706349

i only enable it for websites i use often
werks on my machine

>> No.67706403

too lazy to do this though

>> No.67706406

yeah I did this already, but you have to change it to make it usable for every day use (at least I had to).

>> No.67706415


>> No.67706466
File: 164 KB, 1288x700, g - 4chan fingerprinting users with unique canvas - Technology - 4chan - Mozilla Firefox.png [View same] [iqdb] [saucenao] [google] [report]

They already do it through this. All your posts are tied to this cookie. If you block cookies, you can't post.

>> No.67706467

because you have referrer spoofing enabled.

>> No.67706484

testing now to see how my network activity behaves.

>> No.67706507

>using CanvasBlock and randomizing the readout still gets you a unique fingerprint each time, making you stand out even more

Yeah but if you appear to be a completely unique user every time you load the site, you're not being tracked for shit.

>> No.67706517
File: 342 KB, 1397x485, i dont see it.png [View same] [iqdb] [saucenao] [google] [report]

I dont see this shit at all

cant you just use autodeleting cookies?

>> No.67706533

I use "Cookie AutoDelete" with a whitelist.

>> No.67706545

it is amazing because people are majorly against it but hiro doesn't give a fuck and won't listen to anyone since he is getting his $ from /pol/'s drooling retards

>> No.67706558

>if you appear to be a completely unique user every time you load the site
so you change your ip range every time you load 4chan? cool story bro

>> No.67706559

>cant you just use autodeleting cookies?
Yes, that's one solution, to delete that cookie every time after you make a post. Coupled with IP randomisation should make you more difficult to track. But it's necessary to do both.

>> No.67706561

for me it's kind of random. try reloading the page or opening a few different threads

>> No.67706569

If anything everybody here is already tracked through Recaptcha anyways.

>> No.67706589

if i have a 4chanpass can i use canvasblocker?

>> No.67706593

Not really. If you change your IP you're a new person for CF and Google.

>> No.67706604

which is better?

>> No.67706606


>> No.67706631

>only data exploitable is IP
You're forgetting HTTP/user header which almost nobody bothers changing. Plus knowing Google they probably actually do their own fingerprinting.

>> No.67706643

With things like umatrix, this is damn fucking easy and works great. You are just a little retard OwO!

>> No.67706648

Google is easy to trick if you just remove their cookies and change your IP. They don't go that far, at least not for advertising purposes.

>> No.67706679
File: 26 KB, 673x361, atom_2018-09-20_10-40-07.png [View same] [iqdb] [saucenao] [google] [report]

If you don't see it, it's either because you're blocking the script before it can load (via uBlock/ABP's latest rules), or because you're not blocking anything. That image will only pop up if it detects that it cannot load adclix.png.

>> No.67706682

Google hates privacy and openly admitted it in the past. Shit like this wouldn't be unexpected from them.

>> No.67706683

Someone help me understand. I use ublock origin and haven't seen any of these ads. That four47 domain shows that it's connecting but I'm not seeing any

>> No.67706716
File: 101 KB, 1891x736, firefox_2018-09-20_10-43-27.png [View same] [iqdb] [saucenao] [google] [report]

Aforementioned adclix.png

>> No.67706717
File: 114 KB, 1525x842, Untitled.png [View same] [iqdb] [saucenao] [google] [report]


>> No.67706733

spotted the retard

>> No.67706742


>> No.67706752

8gag is a crock of shit

>> No.67706792


>> No.67706800

>Browsing /g/, not using an adblocker.

>> No.67706806
File: 656 KB, 1103x1200, 1537390074107.png [View same] [iqdb] [saucenao] [google] [report]

>there is people ITT who don't browse the web with privacy.resist.fingerprinting set to True
I shiggy diggy.

>> No.67706827

fuck that, it keeps resizing the window

>> No.67706830

Don't worry anon, your argument makes me find you agreeable.

>> No.67706832

*can't install any addons from AMO because it pretends to be firefox 52*

>> No.67706843

what do I do with these?

>> No.67706855

Works on my maschine.
That's on you for using a deprecated version of Firefox. Since the 60 release it spoofs ESR 60.

>> No.67706857

put them in my filters in ublock orign

>> No.67706858

It's good, but not enough. It will still be able to uniquely identify you if you have JS enabled.

>> No.67706886

Oh, that's slightly less terrible then. I just haven't used resistfingerprinting since quantum came out

>> No.67706988

Well, with JS on it's literally impossible to remain annonymous. It is trivial to fingerprint by storing soundcard information, fonts and the way your OS sends requests through the network.
Not every website and company, however. Some protection on some sites is better than no protrction.

>> No.67707030

You can tell him now


>> No.67707037

So turns out it's just JS in a png file then? No cause for alarm if I roll without JS?

>> No.67707041

js was a fucking mistake that is for sure

>> No.67707078

Is that really?

>> No.67707082

wtf who is this jap? where is moot

>> No.67707085


>> No.67707086

how do you make the site work without it? if I disable it css breaks and I can't use the catalog.

>> No.67707121

Didn't do anything special to make it work, just disabled JS and everything works.
Everything except catalog. You'll have to learn to live without it.

>> No.67707125
File: 7 KB, 241x209, 1332079014485.jpg [View same] [iqdb] [saucenao] [google] [report]

Can I ublock my way out of this today as well?

>> No.67707127


>> No.67707132

But can his chair do this?

>> No.67707148

see >>67706792
and >>67706742

>> No.67707166

How do I ublock the "Connection Error" unknown page error tho?

>> No.67707172

What is he talking about?

>> No.67707177

>If I remove eff scripts page won't even load
Real funny that, it will work if you go into the global settings (asterisk next to domain name) and block scripts from there.
uMatrix seems to do something weird, and letting something slip if you don't.
I think it has to do with it loading different domains as first party when it's doing the test, or something like that.

>> No.67707183

Don't like that blinking tic he has
pls nuke him

Also ask him why he went to north korea.
Is he CIA?

>> No.67707195

he said that buying 4chan and running it into the ground is payback for hiroshima

>> No.67707198

how to package your data profiles into different value tiers for customers

>> No.67707211

How the fuck do I post now? I downloaded CanvasBlocker and turned the fingerprint thing in firefox to true. Is uBlock and NoScript the issue?
I can solve the captcha but I can't post.

>> No.67707238

@@||4chan.org^*$csp=default-src 'self' * data: 'unsafe-inline' 'unsafe-eval'

>> No.67707259

if I disable javascript page styles break and defaults to the shitty yotsuba one. I also can't use quick reply or get any (you)s. I just tried whitelisting a.4cdn.org and s.4cdn.org in noscript and the site seems to work now, but I'm still getting a blank space at the top and bottom of every page. am I getting the aids or not?

>> No.67707269

>You can tell him now

the gook is ignoring my comments

>> No.67707300

check ublock logger if anything gets blocked when posting

>> No.67707307

Throw money at it

>> No.67707360
File: 21 KB, 300x300, 1403188789921.jpg [View same] [iqdb] [saucenao] [google] [report]



>> No.67707387

Quick reply and (you)s are part of native extension so they won't work without JS.
And apparently it does default to Yotsuba style without JS. Didn't know that.

>> No.67707517

I could see the merit in that - it would be a valid a technique some places use - but please don't forget that from he ran 2ch, Hiroyuki Nishimura was alleged to have collected user data without consent (which ultimately leaked), and that he had also been selling it.

So the concerns are not merely theoretical, but have some plausible historic precedent directly relevant to the person in charge of the site when he ran another site just like this one.

Of course since then, a few things have changed. For example, it may be a GDPR infringement.

>> No.67707555

okay lads, t. brainlet paranoid, are those 2 ublock entries enough to stop this shite from putting its finger up in my ass?
and how do i get non js captcha

>> No.67707715

yes until something new happens
Be alert these days

>> No.67707752
File: 31 KB, 404x287, do this.jpg [View same] [iqdb] [saucenao] [google] [report]


You should also purge all the cache from the filters you use, add some more in, and update them all

>> No.67707808

from what i can tell, yes
nothing suspicious in the network tab anymore
>non js captcha
4chan x

>> No.67707817

how to fake screen size?

>> No.67707847

you can't.

>> No.67708019

fucking hiroshimoot
when are we buying the site off of him

>> No.67708048

after we crash its value

>> No.67708100
File: 99 KB, 643x580, 1506158674079.png [View same] [iqdb] [saucenao] [google] [report]

basically you're all retards

>> No.67708115

>disable javascript
>hurr look it doesn't fingerprint
>realize every single page on the web needs javascript to function

>> No.67708130

oh look
another retard

>> No.67708187

This works.
This is malware tier.

>> No.67708194
File: 121 KB, 891x595, 2018-09-20_15-25.png [View same] [iqdb] [saucenao] [google] [report]

>he allows mixed content anywhere
poor form

>> No.67708199

fuck I thought just blocking javascript from i.4cdn.org would work but that also stops webms from loading

>> No.67708223


>> No.67708230

i've tried this on a new installed os with a newly installed firefox with no addons and that shitty test still gives me im unique in over 2 million fingerprint.
its a shit test desu

>> No.67708241


>> No.67708249

Can we just ban a few countries?
Like Germany, India, and France?

>> No.67708266
File: 120 KB, 1024x1024, 1520420005000.jpg [View same] [iqdb] [saucenao] [google] [report]

>not banning Ameritards

>> No.67708272

what's the point of arguing with a retard.
that's because nobody keeps their OS or browser on freshly installed stock settings

>> No.67708291

t. retard who can't make a single argument.

>> No.67708334

Stay off the internet it was basically invented by Americans. Also /pol/tards don't represent all of us.

>> No.67708338

eat shit https://github.com/kkapsner/CanvasBlocker/

>> No.67708344

>t. retard who thinks javascript is the be-all end-all of web security
like i said, i don't argue with retards

>> No.67708360

>CERN is American

>> No.67708379

Block all 3rd party domains, use the malwarecss filter, and get a canvas spoofer.

>4chan.org##script:inject(abort-current-inline-script.js, String.fromCharCode, /[0-9a-f]{40}..$/)

>> No.67708420

>everything was made by americans even if it wasn't

>> No.67708434

>What is (TCP/IP)?

>> No.67708441

it's shit

>> No.67708446

>>the Internet is TCP/IP
Wew lad.

>> No.67708473

Your booty blasted replies are glorious. Later fags hopefully your country bans 4chan.

>> No.67708485

>hopefully your country bans
my country has infinitely more freedom than the united states of mutts.

>> No.67708507
File: 27 KB, 529x399, 1512756108099.jpg [View same] [iqdb] [saucenao] [google] [report]

heh finger me now bitch
nothin personnel gookmoot

>> No.67708516

The Third Reich invented personal computers and the internet.

>> No.67708542
File: 12 KB, 249x249, 1535328647894.jpg [View same] [iqdb] [saucenao] [google] [report]

idgaf anymore. Literally impossible to block everything. Maybe if gookmoot stopped signing up for the most disgusting eye cancer diseased ads to dump on here I'll put up with ads and he wont need to sell data.

>> No.67708556
File: 72 KB, 500x500, 1531923651188.jpg [View same] [iqdb] [saucenao] [google] [report]

why are you so quick to trust an extension made by literal WHOs that are probably selling your data as well.

I swear you people are fucking stupid sometimes. If you want to be secure, stick to add-ons made by people you trust and know, don't just install 50 add-ons for the fuck of it, because you're installing shit made by literal nobodies that have nothing to lose.

>> No.67708589

Canvas Blocker is GPL so it's more safe than just browsing without anything at all

>> No.67708625

I've uninstalled it of course. I just wanted to try it and see if it had an effect (it didn't since: >>6770538). I realize running closed-source addons from the chrome store is dumb.

>> No.67708646

meant >>67705388

>> No.67708689

i can see you glowing from here cianigger

>> No.67708800

Europe invented technology sweaty. Europe also invented humanity and civilization.

>> No.67708853

Sumeria is not Europe.

>> No.67709043

Is 19 bits of fingerprint info a small enough amount?

>> No.67709054

yeah it's fine.

>> No.67709665
File: 704 KB, 600x337, azunyan_sweat.gif [View same] [iqdb] [saucenao] [google] [report]

So, what's the fix?
Lots of conflicting info and the idbhsgy.com shit doesn't work any more.

>> No.67709789
File: 207 KB, 638x640, 1536970329430.png [View same] [iqdb] [saucenao] [google] [report]

>Hiroshimoot updates YET again his malvertising ads on the daily
>Suddenly threads for fixing his gay shit get invaded by an horde of clueless damage control retards

>> No.67710002

I just updated my ublock filters, blocked the new domain "orbitfour47.com" in ublock, and turned privacy.resistfingerprinting to true and I'm not getting any ads or the canvas image. Everything is exactly the same as it was beforehand

>> No.67710025

why is spiderman being impregnated

>> No.67710177

so am I safe if I don't see any ads or not?

>> No.67710212

Yeah that’s a yikes for me

>> No.67710710
File: 67 KB, 1677x468, lol.png [View same] [iqdb] [saucenao] [google] [report]

kek faggot.

>> No.67710789

Which fix did you do?

>> No.67710823

I use uBlock Origin.

>> No.67710836

HTML Fingerprinting isn't something you can protect against with just matrix and origin.
You have to spoof your user agent to something botnet tier, disable cookies, and prevent reading from canvas.

>> No.67711676
File: 31 KB, 319x325, wat.png [View same] [iqdb] [saucenao] [google] [report]

Here's a somewhat detailed analysis I've put on my blog with how2block and how Yavli works.


And yes I know my blog sucks.

>> No.67711889

so what is the quick rundown on all this? the new shit is just a way for gook moot to backdoor ads on people who don't have up to date ad blocking? it's only an ad loader for now, but it could be used to sneak malware in?

the part that concerns me is that the second vector is hosted by 4chan's own image server supposedly, which means it gets past noscript. I'm not seeing any ads though with only noscript, so at what point is the process being stopped for me?

>> No.67711907

Thank you, I enjoyed reading this.

>Yay, fake news and smut.
But is it real smut or fake smut?

>> No.67711943

Both ad services appear to have /relatively/ good rep, and Yavli even lists their employees, most of whom have western-sounding names and LinkedIn profiles. Not something you'd do if you were being skeevy.

4chan's server just proxies through to Yavli's servers, I suspect, since they'd have to provide translation of whatever Revcontent provides to what Yavli consumes. You'd have to ask Hiro to be sure, though.

>> No.67712196

but what is the process going on my machine? noscript should be blocking the adclick.png from loading, which makes it load the canvas image from i.4cdn.org, and since I have that whitelisted it should be loading the ads through that, but I'm only seeing a blank space where the ads are supposed to be. what am I stopping and what am I vulnerable to?

>> No.67712202
File: 1.33 MB, 200x200, 1515161137763.gif [View same] [iqdb] [saucenao] [google] [report]

>tfw I even added the domain (orbitfour47.com) to my hosts file in windows

>> No.67712217

>dumb frogposter
>calling anything eyecancer

>> No.67712248

To see revcontent, disable NoScript (on the entire tab, not each website individually), your adblocker, and disable 4chanX since it has a CORS adjustment. To get Yavli to fire you do all that, and then just block orbitfour47.com.

As for what's going on on your machine, I have no idea.

>> No.67712285


I used to get banned all the time on /mu/ for no reason, this would ruin 4chan

>> No.67712326

do you have gstatic and google blocked?

>> No.67712364
File: 15 KB, 542x385, 1519378545483.png [View same] [iqdb] [saucenao] [google] [report]


>> No.67712367


>> No.67712440

Might be google analytics, tag, ad, some APIs.

>> No.67712444

but if I'm not seeing ads does that mean I'm safe or it only appears that way? I am worried that my setup is not secure enough.

>> No.67712459

>doesn't block the connection to the url

>> No.67712463

Hit F12, enter networking tab, refresh page. If you only see 4cdn and 4chan.org shit you're fine.

>> No.67712480

even with umatric off, it's broken for me.

>> No.67712531

Hmmm. I turned off everything, it's broken for me too. Hell if I know.

>> No.67712537
File: 17 KB, 465x281, 5c47cfd8-bded-4f80-8651-9fb38b5c9945..jpg [View same] [iqdb] [saucenao] [google] [report]

Can we have Chinkmoot's word on this? We need answers. Where does he live?

>> No.67712600


Safari will prevent this kind of tracking by providing a default profile for this kind of fingerprinting. Apple saving the day yet again.

>> No.67712614

Same, I'm stuck in a range ban right now. Happens every few months.

>> No.67712634

>Where does he live?
yeah, asking for a friend.

>> No.67712648

So If I block orbitfour47.com via ublock origin, am I in the clear?

>> No.67712681

There's two, the orbitfour47.com, then the randomized ad shit. Use regex for that /i\.4cdn\.org\/[a-z]{3}feolite/

>> No.67712721

Interesting enough when I added that 4cdn.org went from green to yellow indicating something got blocked. Thanks.

>> No.67712725

What the fuck, why. Throw that JS code in here, I need to parse this shit for myself to believe. WHY THESE HOOPS? YOU ARE VERY, VERY PAINFULLY OBVIOUSLY HIDING SOMETHING.

>> No.67712732

strange, never saw it with a y before

>> No.67712738

But rest assured, kind citizens, that in no way did Hiro accept money from Apple to introduce fingerprinting in 4chan so that upset users would try to find a solution, thus encouraging migration to Apple's new anti-fingerprinting version of Safari. These two are just a coincidence in timing, I'm sure.

>> No.67712741

Actually from what I can tell it's just a block of JSON data, throw it through https://jsonvisualizer.com/ and tell us if you find anything interesting.

>> No.67712750
File: 59 KB, 1373x833, 1536701732725.png [View same] [iqdb] [saucenao] [google] [report]

Brainlet here, am I safe if I use clover

>> No.67712758

Already did the work for you.

>> No.67712768

Can someone point me to what I should be copy pasting into ublock origin?
Already did purge cache + update but any extra safety is good
I know I should just read the thread but this is coming from some clueless tech illiterate

>> No.67712777

>This works.
only on firefox

>> No.67712781

see >>67712681

>> No.67712795


>> No.67712803

My hero. But why canvas? I am completely lost as to why Hiro would want this data in such a weird format.

>> No.67712806

>Issue: using CanvasBlock and randomizing the readout still gets you a unique fingerprint each time, making you stand out even more
how is that an issue? if your fingerprint changes each time it is still effectively worthless as a fingerprint.

>> No.67712808


>> No.67712821

Yavli isn't a 4chan-only thing, there's other sites using it. My best guess is that it's both obfuscation and getting around signature-based adblockers.

>> No.67712823

>how is that an issue? if your fingerprint changes each time it is still effectively worthless as a fingerprint.
because canvas is not the only thing used to fingerprint you, and all other variables will stay the same. so you will stand out more.

>> No.67712848
File: 96 KB, 796x588, 1524844664011.png [View same] [iqdb] [saucenao] [google] [report]

ty fren

>> No.67712892


>> No.67712961

someone make the new thread (with instructions), this one is over the bump limit.

>> No.67713252

I don't think I can view that on the browser I'm using. I tried showing the images for a page with and without noscript turned on, and without it there were 4 more images including 4 blank ones and one that looked broken. does that mean I'm probably safe?

>> No.67713309
File: 7 KB, 134x135, osqefieldlite-dragunow12857a-d4864po.png [View same] [iqdb] [saucenao] [google] [report]

If one looks like this, you still have Yavli.

>> No.67713408

what about this?
Does it still go through?

!faggot shit tracking

Is noscript captcha fucked on 4chan x for anyone else?

>> No.67713524

That filter is a bit overcomplicated, just use this

>> No.67713579

What? I explained exactly how to get the stuff in my image.
It's json data that contains css, html and js as strings.

>> No.67713785

>Is noscript captcha fucked on 4chan x for anyone else?
yeah it's dead.

>> No.67713822


>> No.67713826

works on my machine

>> No.67713838


>> No.67713843

recording got fucked up so here's #2

>> No.67713847

works on my machine(tm)

>> No.67713848

you can get an addon that generates canvas "noise"

>> No.67713882
File: 725 KB, 1918x1008, Peek 2018-09-20 21-05-vp8.webm [View same] [iqdb] [saucenao] [google] [report]

>> No.67713992
File: 395 KB, 3060x817, Untitled.jpg [View same] [iqdb] [saucenao] [google] [report]

left is with noscript on, right is off. I blocked the adclick one with hosts file. I should probably just use a different browser but I don't know what's good.

>> No.67714010

You need a proper adblocker as well to block the enormous space it adds.

>> No.67714026

Fuck this I'm going to 8ch.

>> No.67714084

See you in two minutes.

>> No.67714104
File: 367 KB, 600x700, 1528062327421.png [View same] [iqdb] [saucenao] [google] [report]

What a coincidence.

>> No.67714190 [DELETED] 

captcha displays, and solves, but when I post it says captcha wasn't correct or couldn't go through or something.

I use this to disable lots of garbage in firefox, can someone see if anything in here is what fucks up captcha?

it's based on: https://github.com/pyllyukko/user.js/ but changed to make it bearable for everyday use (and fix youtube and shit)

>> No.67714254
File: 49 KB, 500x407, .jpg [View same] [iqdb] [saucenao] [google] [report]

Just an idea: Disable the userscript.

>> No.67714305

what userscript? that js is a firefox profile file (basically persistent about:config)

>> No.67714334

Revert it, whatever. It would make sense if it affected captcha since Google renders to canvas and shit.

>> No.67714335
File: 361 KB, 541x702, gtfo.png [View same] [iqdb] [saucenao] [google] [report]

>umatrix and ublock can prevent fingerprinting
>frog poster
makes sense

>> No.67714350

>load page
>no ads
>now ads
wtf why is this happening?

>> No.67714359 [DELETED] 

>It would make sense if it affected captcha since Google renders to canvas and shit.
if you looked at mine, you'd see I don't have canvas disabled, mine is way less agressive than the one from: https://github.com/pyllyukko/user.js/

besides, modern captcha works, only no-script captcha doesn't.

>> No.67714522

>Currently, we estimate that your browser has a fingerprint that conveys 18.73 bits of identifying information.
How fucked is that?
Also why does canvas not help against the unique fingerprint test?

>> No.67714537

>>Currently, we estimate that your browser has a fingerprint that conveys 18.73 bits of identifying information.
How do I check this anon?

>> No.67714574

literally can't get no-script captcha to work even if I disable all addons (other than violentmonkey for 4chanx)

>> No.67714611
File: 78 KB, 622x394, 525.jpg [View same] [iqdb] [saucenao] [google] [report]

REEEEEEEEEEEE how do I fix this?!

>> No.67714672


>> No.67714675

ok I removed orbitfour47.com from my hosts file and now I don't see ads even when I refresh. is noscript not actually blocking the first type of aids? why would it only stop the second ads if I don't f5?

>> No.67714769

orbitfour47 is only used to check if you're blocking ads, if it detects the URL as blocked, it loads the ads directly from 4chan.

>> No.67714790

Why don't we just make a decentralized alternative to 4chan?

>> No.67714797

yeah but the only way I see ads is if I block that site in my hosts file and then load a page and hit f5. why would it happen that way? is it safe to just leave it unblocked in hosts or am I vulnerable?

>> No.67714803

because it would only host cp

>> No.67714819

You need to block the actual script embedded in each webpage 4chan serves. Otherwise, it reaches out and tries to connect to that site (which you've blocked), fails, and then loads the ads from 4chan itself instead.

>> No.67714826

This. Dickheads spam it with CP.

Although actually there is Zerochan that doesn't, and 8ch doesn't have CP anymore, it just "eludes" to it, the mods need to be a lot more strict on 8ch.

>> No.67714900

What happens if you fake the readout instead?

>> No.67714932

this is fine if you do it per site per session and not per request. see: >>67704496

>> No.67714937

had the same issue some weeks ago, was because of some referer shit

>> No.67714987

Page 10.

>> No.67715009

>was because of some referer shit
can you explain? how did you fix it?

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.