The wretched Chrome Client Hints, another Doomsday of privacy: ways out of it.

[Saxon]

On 8/22/2024 at 11:23 AM, Sampei.Nihira said:

It is a Chromium (118.0.5993.159)-based browser.
(November 2023)

It's not true, again. Cent browser release date [2024-06-27].

Researched with a couple of clicks.

https://www.centbrowser.com/history.html

[Karla Sleutel]

So far, no matter how many browsers I tried, only CatsXP has them partially disabled, it just sends empty strings, just like in @Dixel's hack, but the API works, Possibly Brave, too. @NotHereToPlayGames, you mentioned you use brave 134, could you check? Thanks

[NotHereToPlayGames]

Sending "empty strings" is the WORST IDEA EVER !!!

DO NOT send "empty strings" !!!

If the "intent" is to reduce your fingerprint, then why in Hades would you STAND OUT LIKE A SORE THUMB via an "empty string" ???

We've been over this a "thousand" times, you must use something like PROXOMITRON to fake Client Hints with the string of your choosing, sending an empty string is "dumb".

You must "blend in with the crowd" (ie, fake Client Hint strings), *not* "stand out like a sore thumb" (ie, an "empty string").

[D.Draker]

16 hours ago, NotHereToPlayGames said:

you must use something like PROXOMITRON

You seriously believe a young girl would use PROXOMITRON? 

[D.Draker]

16 hours ago, NotHereToPlayGames said:

You must "blend in with the crowd" (ie, fake Client Hint strings), *not* "stand out like a sore thumb" (ie, an "empty string").

Weird logic. Then you must drop or add client hints to all old browsers which don't support them, otherwise "stand out like a sore thumb".

That also applies to iOS/Safari.

[D.Draker]

20 hours ago, Karla Sleutel said:

So far, no matter how many browsers I tried, only CatsXP has them partially disabled, it just sends empty strings, just like in @Dixel's hack, but the API works, Possibly Brave, too. @NotHereToPlayGames, you mentioned you use brave 134, could you check? Thanks

Since @NotHereToPlayGames for some reason avoids the question, I'll answer, they still haven't found a way to fully disable the API, hence the weird hacks like empty strings or mismatched/misconfigured garbage Supermium sends in CH section.

Source: https://github.com/win32ss/supermium/issues/838

So yeah, I prefer empty strings to newbie edited garbage, but if I'm on a phone - a full match.

 

 

[NotHereToPlayGames]

I have used Proxomitron to *ADD* client hints to 360Chrome.  

Sure, agreed, Proxomitron is "not for everyone".

But if one has to live in a world paranoid of things like client hints, then one must learn the tools of the trade.

Personally, me myself, to each their own, yaddy yaddy yaddy, I COULD CARE LESS ABOUT CLIENT HINTS.  They're not the "privacy doomsday" that this thread wants to make them out to be.

Said it a thousand times, what's ONE MORE TIME, IF YOU ARE "THAT" PARANOID OF ONLINE FINGERPRINTS, THEN GET OFF OF YOUR COMPUTER AND PHONE AND LIVE IN A CARDBOARD BOX IN THE MOUNTAINS WITH NO ELECTRICITY OR RUNNING WATER!

[D.Draker]

13 hours ago, NotHereToPlayGames said:

ONE MORE TIME, IF YOU ARE "THAT" PARANOID OF ONLINE FINGERPRINTS, THEN GET OFF OF YOUR COMPUTER AND PHONE AND LIVE IN A CARDBOARD BOX IN THE MOUNTAINS WITH NO ELECTRICITY OR RUNNING WATER!

Dude, your finger got permanently glued to shift? 

Yes, they are "privacy doomsday" that this thread wants to make them out to be. See how meticulously you are fingerprinted even on crap forums.

https://meta.discourse.org/t/dropping-ios-15-other-old-browsers-in-may-2025/358131/12

Edited April 4 by D.Draker
link

[NotHereToPlayGames]

1 hour ago, D.Draker said:

Dude, your finger got permanently glued to shift? 

NOPE, MY KEYBOARD HAS A CAPS LOCK KEY, IT WAS USED HERE FOR DEMONSTRATION PURPOSES.

1 hour ago, D.Draker said:

they are "privacy doomsday" that this thread wants to make them out to be

"Fingerprinting" and "content delivery based on device and network" are two different things.

Client Hints have more to do with "content based on device", I think most refer to it as "active content", not sure of exact terminology.

I AM NOT A FAN OF "ACTIVE CONTENT".  Servers should serve XP the same EXACT code that they serve 7 or 10 or 11 or 123456789.  If that code "crashes" XP, so be it, just serve everybody the same EXACT code.

[D.Draker]

18 hours ago, NotHereToPlayGames said:

NOPE, MY KEYBOARD HAS A CAPS LOCK KEY, IT WAS USED HERE FOR DEMONSTRATION PURPOSES.

I AM NOT A FAN OF "ACTIVE CONTENT".

Before, you wrote you don't use CAPSLOCK, I already asked you. What changed? You parrot D.Draker?

Client Hints have more to do with tracking than "content based on device", content based on device works perfectly fine by using the standard UA.

[D.Draker]

On 4/4/2025 at 1:33 AM, NotHereToPlayGames said:

"stand out like a sore thumb"

You do, I assume you still send your favourite US locale string, whereas almost no one does.

accept-language: en-GB

https://meta.discourse.org/t/dropping-ios-15-other-old-browsers-in-may-2025/358131/12

Edited April 5 by D.Draker
rough night consequential typo

[D.Draker]

Just to be clear> I'm not suggesting you to remove the US string, I perfectly understand you most likely don't know all English words, like "bugger off". But to blend in, you need to get that order the developer pointed out to.

And finally change your system locale to GB. 

Edited April 5 by D.Draker
rough night consequential typos

[D.Draker]

On 4/4/2025 at 7:06 PM, D.Draker said:

Before, you wrote you don't use CAPSLOCK, I already asked you. What changed? You parrot D.Draker?

Client Hints have more to do with tracking than "content based on device", content based on device works perfectly fine by using the standard UA.

To prove my point even further, a standard Android or iOS phone already includes the precise model in its UA. What else do they need!?!??!

Mozilla/5.0 (Linux; Android 13; SAMSUNG SM-A536B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.3

https://deviceatlas.com/blog/samsung-phones-user-agent-strings-list

Mozilla/5.0 (iPhone; CPU iPhone OS 15_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Mobile/15E148 Safari/605.1 NAVER(inapp; search; 1000; 11.8.10; 12PROMAX)

https://whatmyuseragent.com/platforms/ios/ios/15

 

[D.Draker]

Blaukovitch inserts a unique identifier to its ported Chrome. What for? What Russia structures Blaukovitch really works for?

Blaukovitch had removed the standard  X-Client-Data filed on HTML response header form and changed to F**KYOUGOOGLE

X-Client-Data, what it is.

https://gigazine.net/gsc_news/en/20200205-google-chrome-x-client-data/

More info on the matter.

"When a browser wishes to fetch a web page from a server, it sends an HTTP request for that page, a request that contains a set of headers, which are key-value pairs separated by colons. These headers describe data relevant to the request. For example, sending the header accept: text/html tells the browser what media types it will accept.

For years, since 2012 at least, Chrome has sent a header called X-client-data, formerly known as X-chrome-variations"

https://www.theregister.com/2020/02/05/google_chrome_id_numbers/

Edited April 7 by D.Draker
More info on the matter.

[D.Draker]

On 4/3/2025 at 9:23 PM, Karla Sleutel said:

So far, no matter how many browsers I tried, only CatsXP has them partially disabled, it just sends empty strings, just like in @Dixel's hack, but the API works, Possibly Brave, too. @NotHereToPlayGames, you mentioned you use brave 134, could you check? Thanks

Brave

https://browserleaks.com/javascript