- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
You must log in or # to comment.
I wonder, do phones have 6dof tracking (space + rotation) or 3dof tracking (just rotations)
It told me I was likely sitting while I was sitting at my dining table. I assume if your phone is angled more towards the ground it would say you’re in bed.
Well they tried
Yeah that was the one part they were way off on for me
Scary
I prefer https://www.deviceinfo.me/
I get a blank page?
iOS and the browser I use block a lot of stuff from being visible, interesting!
Interesting that this one doesn’t detect my battery (says it’s blocked) but the one OP posted can see it
It seems to be based on how the website is interpreting the browser. I got mine correct but with the battery mentions Firefox and a removed API. I wasn’t using Firefox.
Very well done site!
“We know your IP address”. No kidding, that’s how IPv4 works, even if the browser wasn’t
leakingoffering it.The point is not that they know your IP, but that even your IP already gives away information. That’s why they start with the information, rather than the IP being the source.
This is not intended to be for people who understand how this works.
And as someone else said, probably vibe coded.
The public IP is irrelevant, only shows the IP of the server used by your ISP, which can be at the other side of the country. It can maybe identify the ISP, but not the user, less if a dynamic changing IP is used. The public IP is always leaked if you don’t use a VPN or the TOR network.
Depending on your location it can actually be geolocated into your specific city block, I geolocated an online friend’s IP just for the hell of it (I already knew where they lived) and it spit back out the city block they lived in as well as a lot of other very identifiable information
Also, if you can ping devices on that network using that IP you can also use that as a way to easily identify users. That’s if they have anything that isn’t firewalled, obviously, but the point stands!
Absolutely not, the public IP a website sees is your home IP. The resolved location will be inaccurate by design, but the IP definitely identifies you at that time.
depends on the isp, my router has its own adress on the iternet
couple of friends have a different isp that layers it users behind multiple nats so half the city would show the same ip on a website
What the website see is the current IP of the used ISP server in this moment. In the last check it was Madrid, several hundreds km from my real home. The public IP isn’t the same as my user IP, which only know my ISP and I (and the police by the ISP, if exist a court order). The public IP don’t show your real location, the website only can use your GPS data if you have it activated or if it appears in your account data (Google, Google Maps).
I understand how all of it works. Whether it’s vibe coded or not it, it showed me stuff that I didn’t think about like arbitrary web pages can know my phone tilt, battery level??
The opsec implications are severe.
Oh yeah, it’s insane. The only way to truly protect your identity on the internet is by not using the internet. Second best would be tor, I suppose
Thanks for sharing, I was already using a decent anti-fingerprinting browser (Fennec) but the fact that it gave away my timezone made me research a bit more and I’m now on IronFox, which has a toggle to spoof it, and reports a fake screen resolution. Great! I’m now unique on coveryourtracks though
The browser knows and shares way more than this… One of the worst offenders is the list of installed fonts. Pretty sure I stick out so hard just on that.
List of fonts is in there.
Vibe coded af, how has nobody spotted this. The website swears the text was written by a human, and either they have contracted chronic GPT-virus or are an LLM
edit: this is made by Rise Up Labs which is an ai psychosis company
How can you tell that it was vibe coded? Genuine question.
AI is quite good at web design now, but it still has a distinct style. Claude in particular LOVES to mix serif and monospace fonts. This isn’t necessarily a guarantee based on just that, but it did trigger my alarm bells.
The second biggest thing is the language. LLMs absolutely SPAM slightly vague, short phrases separated by punctuation.
The language on each data point also is pretty repetitive which implies either sub agents were called or the model was asked individually to write something about it in a specific tone.
The final nail in the coffin was the company that made it, Rise up labs, which advertised all their AI software on their home page
One clue to me is the “how many times you moved” statement. One actual human “move” is worth hundreds of what the site calls a move. A human would notice that but the reality of it means nothing to an AI.
Secondly just the language used being quite dramatic but also generic.
You know it’s just counting the change in acceleration in your phone’s gyroscope chip or whichever it is. If you are typing something the phone “moves” twice with each swipe.
This page is just putting numbers it’s collecting from your phone into a template paragraph.
LLMs always write with a very dramatic tone. I really hate that high impact language now.
Looks like it doesn’t know shit about me. Just that I am on an iPhone and my general location from the IP. Not surprising at all.
Maybe this is more thrilling for android users?
This specific website only shows information that the browser is freely offering. Basically you open the page, and without the website even asking for anything, that’s the information it’s getting. It’s not querying any data points, or trying to tie any of them together. This is just your browser saying “Hi, we just met, so here’s a bunch of stuff you may want to know about me.”
If they want to know more, they can just ask and the browser will give more information. If there’s information the browser doesn’t want to share, the website can infer a bunch more information.
Nothing exceptional here, except it did know I was on an android. Guess its time to change all my passwords lol.
This post helped me discover that my SurfShark VPN built-in kill switch does not work within the Android app. My home IP was showing.
I turned kill switch on at the OS level and my IP was correctly showing the VPN IP.
Enable the kill switch in the VPN settings of Android
I found it interesting that it knows my battery level and current orientation of the phone.
On Firefox android both the battery level and graphics card information were not available. But it was described as another data point regardless.
It got my phone’s orientation wrong
Same tbh
I can understand the latter since it might want to render differently, but why does it need to know the battery level?
So that Uber will charge you a higher rate when the battery is low
I don’t even know it it’s /s anymore
certainly how making your battery level available to apps is getting used I’m sure
Potentially to activate battery-saving features? Like AMOLED-black mode if your battery is <15 % or something (and your screen is AMOLED)
Shouldn’t that be the provenance of the device itself though. My phone already allows me to set a threshold when it should go to night mode for example. The system can tell the browser to switch rendering to night mode. There’s no real reason for the browser then to report to the site.
Quite fear mongering and not very educative. Throws around a lot of terms whose meanings are not explained, nor are there links to further descriptions. This doesn’t help people who need to know about this stuff. If you already know about this stuff, it doesn’t really add any value.
There are links and more info when you get to the bottom, you can click on sources. It gives you info and what to do about it, with links to sites like EFF.
Well, don’t I have egg on my face.
I almost missed it myself! The site doesn’t make it as clear as they could.
I hit it with Firefox and it gave 24 points. Firefox refused to disclose my battery level. But did give it my angular geometry.
I opened it in Brave and it lied about my screen resolution and colored up my fonts, my battery. It refused to give up my angular geometry.
Why the hell doesn’t firefox just include some of those white lies?
Your finger moved 899 times… what???
What other tabs were open? 👀
It seems to count a swipe as a series of dozens of movements. Probably to show there’s a clear fingerprint even in how exactly you move your finger.
Websites don’t just get a “swipe” command. They know exactly where your finger is on the screen at any given moment.
