Except that disabling JavaScript is an anomaly all on its own. The dozens of users running without JavaScript might not be individually fingerprint able but it's still a small enough cohort that I don't know how much I'd lean on that. Figure in the user agent string and it's probably unique enough a subgroup to sell ads to.
> it's probably unique enough a subgroup to sell ads to
I have been browsing with JavaScript disabled by default for the past 6 months. Based on my experience, no-JavaScript ads are rarer than four-leaf clover.
Also that cuts down the group so much, i imagine other things that are usually too coarse grained to be useful suddenly become much more useful. E.g. geoip location or accept-language headers.
Having JS off probably puts you in the < .1% of users bucket. Unless you additionally are:
* Routinely moving between IPs
* Modifying your headers to avoid giving away info (user agent, etc)
* Defeating all the other non-JS things that fingerprinters probably look for
Not if you disable JS, cause the website then can't see any of these customizations.
That's adorable. I guess you're not old enough to remember when we used to track people with things like invisible pixels. Or todays equivalent: testing CSS parameters.
Neither require JavaScript, and there are a hundred other non-JavaScript methods.
With that method, you won't be able to distinguish between the many different devices using the same browser at same resolution behind one IP.
In the era of CGNAT that means you now only know which city I'm from and whether I use Chrome or Firefox. People mostly use browsers in maximized and resolutions are relatively standardized nowadays.
Compared to the data you get from canvas and webgl, that's much less unique.
This should automatically qualify one to lose their internet privileges. Not just the fact that you did it, but your cavalier attitude towards it with the lack of regret for having done it
I actually agree with you. However, I plead that it was novel at the time, used ineffectively by a tiny marketing department, and not anywhere near this spy level capacity achieved today.
I have no idea what you’re talking about. That URL only tries to load one piece of JavaScript, htmx, and all it does is unbreak the mobile navigation.
(Aside: this mobile navigation is, incidentally, the worst implementation I have ever encountered: instead of twiddling some classes or such, which would happen instantly, it makes an HTTP request that responds with the new navbar. For me, this means at least half a second’s latency on clicking the button, more if time has passed so that the HTTP connection is no longer open (1.5–2 seconds). It also fails the no-JS test, as the unintercepted form-submit just serves the page with the closed mobile navbar again, not switching out the navbar as I expected it might, and which would have been enough to avoid an unconditional “worst implementation” award. Sorry if you made this and it hurts your feelings, but… ugh, this is just a baffling misapplication of hx-post and naive Tailwind use, and just unconditionally a bad approach.)
