A lot of the Javascript attributes used for fingerprinting are used to decide WHAT to render and to cache settings so things work smoothly the next time you come back.

For example, the amount of RAM, your WebGL settings and version, presence of audio, mic, and camera, and screen dimensions are all relevant to a game, a browser-based video-conferencing app, or WebASM based tools like Figma.

And unless you want an app to do a full check each time it returns to foreground, it will likely cache those settings in a local store so it can quickly look it up.

If the app needs to send some of this data to the cloud so the server changes what it sends up, they now also have your IP address, rough reverse IP coordinates via ISP, and time. You can use VPN or Tor to obfuscate IP addresses, but you have to remember to turn that on each time you use the app, and in the case of VPN, to disconnect/reconnect to a random server to semi-randomize your IP (or use Tor, which does this for you).

But to answer the first question, changing or disabling those settings could break a bunch of features, especially Single-Page Applications, those using embedded analytics, or any amount of on-device graphics.

I know it’s fun to bash on Gates, but it’s also bullshit. Dave Cutler worked on at least two major operating systems. He’s way up there in the Hall of Fame.

deleted by creator

Alarming, yet like an episode of a sitcom.

“Be a shame if something bad happened to you, Kyle.”

They could replace the whole article with https://xkcd.com/2347/

They were doing this a decade ago, to help track app marketing campaigns.

IIRC, it turned out you could get pretty close to uniquely identifying a device with permutations on only 7 attributes. The problem is if you install a plugin to return false data, it could break non-malicious websites, like running games or data visualizations.

Years ago, folks hacked a Jeep Wrangler remotely, with a WIRED reporter in the car: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

That freaked the shit out of vehicle manufacturers. It led to encrypted CANBus messages: https://dev.to/living_syn/can-bus-message-security-3h43

Problem was, your mom and pop repair shop would need a special $$$ ‘authorized’ dongle from the manufacturer to be able to diagnose problems beyond what plain OBD-II let you see. This effectively locked out third-party repair shops. People screamed and IIRC, a lot of car manufacturers backed down and just hardened remote access.

What Deere did was even more harsh. They tried to block off not only self repair, but third-party firmware that made the tractors work better, especially older ones that were out of warranty: https://schiller-tuning.com/vehicle-listings/agriculture/john-deere

They’re trying to game copyright laws and click-through terms-of-service agreements to lock out third party repair.

This is a test case. If they lose, it’ll be a BIG win for Right to Repair laws, covering phones, laptops, consoles, etc.