really? it takes a minute to set up a VPN and do your web browsing through a virtual machine. I guess it's not "trivial" for the average American, but it definitely is for the average terrorist or child pornographer, so it's easy compared to surmounting most other threat models faced by people intending to evade detection. Therefore, "trivial".
[edit] also, the less trivial it is, the better for corporate security.
The article describes "Fingerprinting as a Service. Some choice quotes:
It doesn’t matter if you are using a VPN or Private Browsing mode, they can accurately identify you.
Also note that VPNs does not help with fingerprinting. They only masks IP address.
right. but using a VPN plus a fresh VM running Ubuntu can mostly do the trick. In a pinch, just keep a few different versions of various browsers around when you plan to surf a site that you don't want associated with you. Or change your screen resolution or turn off your fonts.
My point was that fingerprinting is much more practical and useful as a positive form of identity verification than it is as a tracking device, as long as it isn't (and hopefully never will be) mandatory to lock into browsers.
Your point might even be that "fingerprinting is much more practical and useful as a positive form of identity verification" but we all know how fingerprinting tech is and will be used: to track users even more and try sell even more crap to them because that's what almost the entire internet is all about.
And as for this
> using a VPN plus a fresh VM running Ubuntu can mostly do the trick. In a pinch, just keep a few different versions of various browsers around when you plan to surf a site that you don't want associated with you. Or change your screen resolution or turn off your fonts
How do you plan to do all that on your mobile device for example? Fingerpirinting is a problem exactly like invasive tracking is a problem.
mobile devices present a problem when using fingerprinting for 3FA, and require frequent human intervention. This is a good thing.
Fingerprinting is inherently opaque. That's why it's such a good third level security measure. It's a lot harder to spoof and, if someone tries, a lot easier to isolate the attempt.
And you count that as "trivial" for regular user? 90% of users don't know difference between a tab and browser, and you think they would know to setup vpn, vm, and what else to avoid getting tracked.
one point is that I may not have any specific sites I care about disassociating myself with. I just don’t want an aggregate picture to be built and sold freely.
Cliche example/ I want to be able to buy a pregnancy test online but don’t want that information shared and re marketed to me. There is plenty of stuff like this. The impact of privacy violation is small and often boring but on aggregate corrosive to public discourse and individual wellbeing.
Look... to this and other (sib) posts I have total sympathy, but much better tracking can be done with cookies and other forms of client side storage. Which the 90% of people do not notice, clear, or care about.
Fingerprinting is by definition a lot more imprecise and vague. It's always going to be an issue if surveillance networks use it to pick out individual users. Whining about that is useless. It's also a valuable security tool and part of the landscape. Do with it what you can.
yeah? I use about 24 different parameters and/or their lack of ability to i.d. a machine. Pretty sure I understand how to turn that into a set of tolerances that can be compared with another machine to provide a reasonable projection of whether those match with the people using them. I think I get the concept.
[edit] also, the less trivial it is, the better for corporate security.