Information Security Asked on December 24, 2021
How is it possible to create an account in a website with completely different credentials without the website being able to link the user of the first account and this new one?
Tor is not a viable option because the website does not allow it. Ive tried VPNs but the website was still able to link my phone to the new account being created, even though I gave the browser no GPS or any other permission.
Is there a browser VPN or any tool which would completely cover every way that is used to find out if the website is being accessed from the same phone, no matter how advanced of a security feature that site implements?
Perhaps a tool which would show the website fake identity, instead of blank ones, which would raise a red flag.
My phone is already rooted.
as a quick workaround, you could use Tor browser, although the 400 something exit nodes are public and if the site is behind something like Cloudflare, it will likely try and test you to make sure you are not a robot or block you entirely. This won't however as mentioned totally prevent browser fingerprinting.
Answered by Max P on December 24, 2021
Given a site can use browser fingerprinting methods, there no tool that would completely cover everything. The paradox is that the more you try to make your browser look like something it isn't, the more unique it becomes. You can use tools like Panopticlick or AmIUnique to investigate your current browser.
Therefore, even with Tor, it's better to use the Tor Browser with its default settings. The Tor Blog has a good article on the subject, Browser Fingerprinting: An Introduction and the Challenges Ahead:
What Makes Fingerprinting A Threat To Online Privacy?
It is pretty simple. First, there is no need to ask for permissions to collect all this information. Any script running in your browser can silently build a fingerprint of your device without you even knowing about it. Second, if one attribute of your browser fingerprint is unique or if the combination of several attributes is unique, your device can be identified and tracked online. In that case, no need for a cookie with an ID in it, the fingerprint is enough. Hopefully, as we will see in the next sections, a lot of progress have been made to prevent users from having unique values in their fingerprint and thus, avoid tracking.
Tor + Fingerprinting
In the end, the approach chosen by Tor developers is simple: all Tor users should have the exact same fingerprint. No matter what device or operating system you are using, your browser fingerprint should be the same as any device running Tor Browser (more details can be found in the Tor design document).
If you only need two accounts and they shouldn't be linked, it's relatively easy (in theory) to:
However, it's only a matter of time when you do a mistake that could help linking the accounts.
Answered by Esa Jokinen on December 24, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP