Comment by peetistaken

Comment by peetistaken 10 hours ago

4 replies

View on Hacker News

I built a nice tool to visualize that: https://tls.peet.ws. Its not that secret anymore though, more and more libraries are starting to allow spoofing for browser tls configs. There isnt really a cat/mouse game here - once you match the latest chrome, there is nothing to fingerprint

johnisgood 9 hours ago

I do not think I understand that website. I see that JA3 always gets changed after refresh, but not sure what JA3 is. Why is it always different, and is it good or bad?

Reply View 3 replies
  • Retr0id 9 hours ago

    Modern browsers randomise parts of the handshake, which results in an unstable ja3. ja4 and others normalize the relevant details to make the fingerprint constant again.

    Reply View 2 replies
    • johnisgood 8 hours ago

      How effective is it at "un-anonymizing" me? I value privacy. What do you think I can do about "any" of this?

      Reply View 1 reply
      • Retr0id 8 hours ago

        It tends to identify your platform/browser version, with relatively low granularity. Unless you have an unusually rare OS/browser config, it won't deanon you on on its own. But it can be combined with other fingerprinting vectors.

        Reply View 0 replies