I know there is browser fingerprinting,
(Btw if you know a way to defeat this on graphene please tell me how you do it)
But are there more fingerprintings?
Like for apps that are connected to the internet?
I speak about only apps where there is no obviosly connection to personal information like email/socialmedia/co.
I mean all the other apps that are FOSS and not tied to personal information.
Or mabe the systemwebview?
What fingerprintings do exist?
What fingerprinting categories exist?
- Edited
Quotesquestioner What fingerprintings do exist?
Issue #2314, while not fully verified, seems plausible.
Edit: Please note that the developers have requested that issue comments be reserved for technical information that moves the issue forward, not discussion, especially not "I think this should be fixed too!" posts.
Quotesquestioner you can try looking at a fingerprinting testing website, like https://amiunique.org/fingerprint to see what's listed there.
- note that I'm not suggesting amiunique.org, I really just did a search and used the first website I found. There may be better websites for this kind of testing or information.
other8026 i'm fully aware of amiunique.org. but this is just browser fingerprinting. The question was, if there are more cadegories where gingerprinting occurs
Quotesquestioner oh. I see. I misunderstood the question. Sorry.
other8026 no worries i thank you for your very good work in this forum
de0u i think don't really get it. What i understand in there is, that apps can currently (Mon,Sep,23) fingerprint my device in theory. Is that right?
On Pixel7a with GrapheneOS 2024091900?
Or is there more to it?
Does it depend on something?
Besides browsers, apps can track your device type and usage patterns, even FOSS ones. System WebView can contribute too, so keep an eye on that. On Graphene, using a VPN and tweaking app permissions really helps with privacy.
de0u Issue #2314, while not fully verified, seems plausible.
Quotesquestioner i think don't really get it. What i understand in there is, that apps can currently (Mon,Sep,23) fingerprint my device in theory. Is that right?
I don't think that issue yet contains a report which solidly verifies that the issue leads to powerful fingerprinting and in which circumstances.
For example, there is a recent comment that makes allegations about SnapChat but provides no proof and doesn't cite any source.
There is a report that the Media DRM i.d. persists across a factory reset within GrapheneOS, but that post doesn't make it clear whether or not the i.d. is shared across profiles, and it also doesn't discuss whether flashing an OS resets the i.d.
The issue doesn't contain any reports on whether (as Google documentation suggests) different web sites accessing the i.d. receive different i.d. values, or whether the i.d. would work for cross-web-site fingerprinting.
Overall, I think there is enough information to be concerned (which is why I filed the issue), but it is not clear that the exact extent of the issue is understood. More hard data might raise the priority of the issue with the GrapheneOS team (but comments on the issue that don't contain hard data, e.g., "This is important!", may result in the developers locking out comments, which would make it harder for hard data to be accumulated).
This might be a big cross-site/cross-profile fingerprinting technique, but it also might not. It would probably be useful if somebody could spend a couple of days with a couple of devices, flashing a couple of OSs, factory-resetting a bunch, creating multiple profiles, etc. And it would probably also be useful for a web developer to wade through the Media DRM API and set up a couple of test web sites with different domains. I suspect it would be productive for people running experiments like that to add detailed comments to the issue.
Please note that I don't speak for the GrapheneOS project.