13
posted ago by cautiousaardvark ago by cautiousaardvark +15 / -2

You're not completely covered if you use "In private browsing" and a different account to log into Reddit, nor any other websites.

TL;DR - use a VPN AND a virtual machine with an older OS on it - like Win XP, or Win 7, or linux os BeOS etc... just not your normal new OS. (There's cracked versions of OS's online)

This is to avoid OS and browser FINGERPRINTING.

What is it? The way your OS and browser work together can give a website everything they need to uniquely identify YOU - it's not just your IP address and login account they use!

To get a fingerprint of the OS and the browser the website has code on it that your browser runs without you seeing and the results provide a unique identity. For example - some code can make a canvas on an invisible web page, draw some text in a particular font - and they can tell some of what your OS is by the code checking the shape of that font that is drawn to the canvas. Like an F having a little curl at the end...

They can also do that with cookies, HTML 5 local file-system files, the browsers name and version and plugins installed, (they used to until it was retired this year) use Flash "super cookies" that used Flash action script to make an alternative cookie you couldn't delete!, then there's the "page referer" (from the PREVIOUS site you were on!) that a browser sends to a website when you first visit, there's also the FAVICON icons that appear in your address bar - they're cached and some code can peek at the cache, and if they use 500 well known sites, they can see which of the 500 you've visited - pritty unique in itself!... all this adds up to a UNIQUE BROWSER and OS - and therefore user.

If they see that browser fingerprint again, even with a new IP AND different Reddit account?

They KNOW you're the same person.

VPN AND VIRTUAL MACHINE. DO NOT visit or log in to ANY personal account sites you have on it. This ensures your normal OS and browser don't leak information about you.

A SIMPLE fingerprinter that doesn't use many techniques... see if they can identify you by you being unique: https://amiunique.org/fp

https://pixelprivacy.com/resources/browser-fingerprinting/

https://hackaday.com/2021/01/22/this-week-in-security-openwrt-favicons-and-steganographia/

https://www.techopedia.com/definition/27310/super-cookie

https://www.andreafortuna.org/2017/11/06/what-is-canvas-fingerprinting-and-how-the-companies-use-it-to-track-you-online/