Yes you are right. I don’t think there is a realistic way for most people to be anonymous or private online anymore given all these offensive and invasive techniques being used regularly now. Hell cloudflare fingerprints people with TLS alone, and that doesn’t care about javascript or anything else above it.
perhaps you should look up how creepjs implements detection for known extensions
check out how creepjs implements detection for many common extensions…
Yes you’re right, but disabling JS also makes you stand out way more wrt fingerprinting, and you can still be fingerprinted with HTML/CSS, TLS and other methods.
The first two are already quite ghastly. The final one just solidifies my opinion.
All federated services grossly violate GDPR.
anonymous
browser extension
these two do not mix well. almost any extension can be detected by a site and used to fingerprint you.
and yggdrasil and lokinet
Anyone that’s actually paying attention knows that both candidates are horrible.
Or just TLS.
not forever
possible
In practice? No not really.
JShelter is the only thing I have seen that stops creepjs from working at all. But that doesn’t mean you can’t be fingerprinted. Not to mention Crimeflare has been very successful with their TLS fingerprinting methods (among other things), which doesn’t even require working JavaScript.
And compared to creepjs, EFF’s tool is a joke and works quite differently, and not in a good way.
wait until you find out where computers and the internet came from.
And people still think those calling it “crimeflare” or “mitmflare” are crazy…
That may be true but if you’re using a frontend then you’re just trusting them with your data instead. Perhaps many of those could be run by people with even more malicious intent. I have interacted with quite a few invidious/piped instance owners, and most of them are quite… unstable individuals.
Very strong disagree, I have seen and used many very widely used extensions that manipulate the DOM, which IMO satisfies your criteria of “something that can be observed” i.e. by javascript with a fingerprint tracker like creepjs.
Some examples:
ad blockers (uBO/uMatrix/etc.)
color/theme management (dark reader/dark theme/Stylish/etc.)
custom mouse cursor managers
page translators
addons serving in-browser ads
userscript managers (grease/tamper/violentmonkey etc.)
privacy blockers (CanvasBlocker/JShelter/etc.)
site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)
All of these can be detected and included as yet another bit of data that a unique fingerprint can be built from.