• pound_heap@lemm.ee
    link
    fedilink
    English
    arrow-up
    17
    ·
    2 days ago

    Because the data used in browser fingerprinting is also used to render pages. Example: a site needs to know the size of browser window to properly fit all design elements.

    • ricecake
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 days ago

      Just for an example that isn’t visible to the user: the server needs to know how it can communicate responses to the browser.
      So it’s not just “what fonts do you have”, it also needs to know "what type of image can you render? What type of data compression do you speak? Can I hold this connection open for a few seconds to avoid having to spend a bunch of time establishing a new connection? We all agree that basic text can be represented using 7-bit ASCII, but can you parse something from this millennium?”.

      Beyond that there’s all the parameters of the actual connection that lives beneath http. What tls ciphers do you support? What extensions?

      The exposure of the basic information needed to make a request reveals information which may be sufficient to significantly track a user.