-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EnhancedTracking prevention in IOS12 and MacOS Mojave #371
Comments
Haven't tried it so far! |
I have this version of macOS running currently. @jonashaag if you want and can point me in the right direction, I could help you test this. |
I tested this on safari technology preview and fingerprint computation works fine. http://valve.github.io/fingerprintjs2/ I dont think fingerprinting would be affected https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ |
Hello, I was about to open a new bug report, when I noticed this and wanted to share some data which indicates that Apple tracking prevention may be impacting fingerprinting from working as expected going back at least a few weeks, maybe more. Alternatively, possibly an issue with Apple device compatibility with hasLied detection. ScenarioI am leveraging Fingerprintjs2 to gather data from many websites into a single location. As a part of my data capture, I am also sending data to Google Analytics to more easily understand the data at a glance. I've setup each of the "hasLied" items to send a unique event to Google Analytics, so I can tally up some stats to make a report. As part of the reporting, I wanted to show the number of "hasLied" events (resolutions, os, language, etc.) which had been captured as true. I believe I may have accidentally stumbled onto evidence that apple is indeed impacting fingerprintjs2. Also this is worth sharing: https://developer.apple.com/documentation/safari_release_notes/safari_12_1_release_notes
All the info below is from the frame of reference of Google Analytics, so, please keep in mind that someone who hasLied about their OS or browser, etc. May cause the analytics data to become untrustworthy. But even taking that into consideration, the below warrants discussion. The sample set is from over 4,000,000 analytics events. From the last couple of months or so. Here are the things which jump out: -- Broken down by Mobile Device Info -- hasLiedResolution Apple iPhone is the next up to bat with 3.96%, and the remaining 2.11% spread across all other mobile devices combined. hasLiedOS -- Broken down by Browser -- Fingerprint dataUnfortunately, I do not actually own an IPad, but will see about getting my hands on one for testing. SummaryNot sure if Apple is doing something to impact these elements, or if it's simply an issue with iPad detection in fingerprintjs2. I did have a thought: How do iPads handle windowed browsers for multitasking compared to how fingerprintJS2 detects hasLiefResolution? |
Could also be a bug in the library. |
For sure, it's possible. The implementation is pretty quick and dirty at best. Here's what I am using. (This is inside of the Google Tag Manager, all the rest is native Google Tag Manager tags, etc, nothing custom)
Edit: hasLiedBrowser: 1% of users When omitting iOS and Safari from the data, it's much much closer to what I would expect to see for OS spoofing. I am happy to help if I can, just le me know what I can do. Fingerprintjs2 is awesome, I am getting a ton of insights as a result, so I am more than eager to contribute some way. Edit2+3:
I also came across amiunique[dot]org, which is using some interesting attributes for further improving fingerprint diversity. Included here are both food for thought, as well as potential extra elements to consider for fingerprintjs2 HTML5 canvas and the WebGL tests in particular seems like it could be a workaround if Safari is indeed working around current measures. |
No no I'm talking about a bug in fingerprintjs2. Can you by any chance check the "has lied" components with an untampered-with iPad/iPhone? I'll check with my iPhone later.
Umm, we're already using all of these things :) |
Thanks jonashaag!
My apologies, have to put my foot in my mouth on this, once I started working on the below, I saw that. The two sources from Apple indicate they are putting in place measures to defeat fingerprinting for Safari. Which does make me think that the issue is not a bug in finerprintjs2, but Apple adding extra privacy measures. I've been asking around, trying to get an ipad, have one lined up and will report back once I get my hands on it. I am going to see about temporarily expanding my data capture to create a history of more individual fingerprint components by JSON.stringfy ing the full component variable on each site load. In a few days, I should be able to share the most likely component setups to flag as liedOS. JW |
The Safari tracking prevention prevents placing cookies in some scenarios but it doesn't thwart fingerprinting. |
With EnhancedTracking prevention in IOS12 and MacOS Mojave - Is there any known issue or should we be worried websites getting blocked when using fingerprintjs2 ?
https://www.apple.com/macos/mojave-preview/
When you browse the web, the characteristics of your device can be used by advertisers to create a “fingerprint” to track you. Safari now thwarts this by only sharing a simplified system profile. And now improved Intelligent Tracking Prevention keeps social media Like buttons, Share buttons, or comment widgets from tracking you without your permission. We know you’ll like that.
PS: Apologies if this is not a real issue but just wanted to check if there are any good practices for tracking or any known issues.
The text was updated successfully, but these errors were encountered: