Request to JShelter developers: don't add nonsense, add noise!
Technical definition of noise: irregular fluctuations that accompany a transmitted electrical signal but are not part of it and tend to obscure it.
This morning I got another email notification from Github (Better to provide real world values than random or faked values for three spoofs WebGL, Plugins and Fonys · Issue #166 · polcak/jsrestrictor) telling me again that the WebGL vendor and renderer values are correctly randomized with non-existing fake values. They don't seem to grasp that they are adding identifying nonsense in stead of obscuring noise.
Trace for instances does this (half) right by adding a list of real world GPU models to obscure WebGL vendor and renderer. To do this perfectly right the end-user has to limit this list to DirectX and WebGL versions which the end-user's own GPU model does accept (as explained in red in the picture). So when you have a Intel 620 HD Graphics model, you should limit the list to generation 9 Intel GPU's all excepting DirectX 12_1 (the 5xx and 6xx family Intel graphics GPU's).
View attachment 263644
I only get responses (probably from tech people) that they are implementing what the BLOG tells them to (link). Sadly there seems to be no big-data expert and digital marketeer involved who can explain them what they are doing is putting a huge pink elephant (non-existing value) in a herd of sheep and thinking they won't stand out, so until further notice
DON'T USE THIS EXTENSION
*) This is yet another example of the much posted advice in security forums that it is better to add no fingerprinting protection than wrong obfuscation. Remember that only a limited percentage of the websites use these advanced fingerprinting techniques (5 to 10 at most is my guess) because the digital marketeers using these systems are often only trained in the top3 most prevalent tracking systems and have to proof (every two to three) years that they still know how to operate these analysis/tagging/tracking systems.
Trace has this setting disabled by default. It is, however, available to be enabled in the free version.To do this perfectly right the end-user has to limit this list to DirectX and WebGL versions which the end-user's own GPU model does accept (as explained in red in the picture).
I tested on browserleaks.org and it is giving me all of my true user agent data and a unique fingerprint lol. It doesn't seem to do anything on my end.
I have to correct myself (it's not about consistency):It won't simply hide or change your userAgent because it may introduce inconsistency of the fingerprint and make it more unique.
What do you guys and girls think about it?