Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.
Nothing Private
This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong.
How to use the website
- Visit http://nothingprivate.gkr.pw and enter your name
- Click the “See the magic” button
- Visit the same website in Private browsing / Incognito mode
- See the magic ⭐
Don’t scroll down and ruin the fun… Just follow the steps above… 😄
Hey! How?
Hope you are surprised! 😄 Yes, the website can remember your name even if you had visited it via private browsing or incognito mode. Yes, nothing is private in this world anymore! This is what the big companies are doing with your identity. You think that going into private mode will wipe out all the traces? Absolutely not! In reality, using private browsing or incognito mode will just help you to clear your browsing history. Your internet service provider, search engines, and your favorite websites can still track you. They know your likes and dislikes. They use your data to earn money. The video below explains everything:
Yes, nothing is free…
How to stay safe?
One way to reduce the likelyhood of browser fingerprinting by using some of the browsers listed in the list of browsers implementing countermeasures curated by the community.
Browser fingerprinting is just an example of several ways that can be used to track your identity. For some others visit Freecodecamp blog. Here’s a picture from the blog that explains the current situation:
References
- https://privatebrowsingmyths.com/
- https://panopticlick.eff.org/
- https://amiunique.org/
- https://www.pcworld.com/article/192648/browser_fingerprints.html
- https://en.wikipedia.org/wiki/Device_fingerprint
- https://nakedsecurity.sophos.com/2014/12/01/browser-fingerprints-the-invisible-cookies-you-cant-delete/
- https://spreadprivacy.com/browser-fingerprinting/
- https://time.com/4673602/terms-service-privacy-security/
- https://snapsearch.online/tips/androids-best-private-browsers-privacy-test/
News articles
- Google faces $5 billion lawsuit in U.S. for tracking ‘private’ internet use: You may already know about Google analytics if you are a web developer. In order to develop such a sophisticated tool, they need a lots of workforce.
Why are they giving it away for free?. You are paying them with your and your user’s data. You can easily switch to some open source alternatives like Matomo, but none of the self hosted alternatives provide availability and features as the google analytics. BuiltWith says that 69.5 percent of Quantcast’s Top 10,000 sites (based on traffic) are using Google Analytics and
54.6 percent of the top million websites that it tracks. - Google fails to quash Incognito mode user tracking, privacy lawsuit: Google has failed to have a proposed class-action lawsuit quashed that alleges the company violated user privacy by collecting data in Incognito browser modes.
Some tech stuff
Nothing Private uses the browser fingerprinting feature of Client.js to obtain the fingerprint of your web browser. When you submit the form, this fingerprint is saved, along with your name in a MySQL database using PHP as a backend. The next time you visit the website your browser fingerprint is matched with the column in the database and your name is returned.
The current data points used for generating fingerprints are:
user agent, screen print, color depth, current resolution, available resolution, device XDPI, device YDPI, plugin list,
font list, local storage, session storage, timezone, language, system language, cookies, canvas print
Visit db_server for the server files. (See historical SQLite version of the backend code).
Technologies used
- Client.js Browser fingerprinting
- PHP
- MySQL Database
- JSON
- HTML & CSS
- Karma and Jasmine for unit testing
- Cypress for integration testing
Contributing
Feel free to modify the code and open any pull requests. Also, be sure to read through the Contributing Guidelines
Todo
- [ ] Fix any typos
Running locally
You can run nothing private locally via docker using the commands below:
git clone [email protected]:gautamkrishnar/nothing-private.git
cd nothing-private
docker-compose up -d # use --build to update image if you do 'git pull'
Visit http://localhost/
Hall of Fame
- Special thanks to KwestiaB, Gordon Shieh and several others for reporting the expiry of nothingprivate.ml domain #128. You guys literally saved the whole project by preventing the missuse of the domain.
Contributors
Special thanks to these rockstars:
Thanks
-
Thanks to the 300K⭐ users.
-
Thanks to IssueHunt for sponsoring this project:
-
Thanks to DuckDuckGo for this tweet.
-
Thanks to CloudFlare for their support and PRO Plan Sponsorship.
-
BrowserStack for browser testing sponsorship:
- Sentry for error monitoring sponsorship:
- JetBrains for sponsoring the Open Source License to my favourite IDE WebStorm:
- 33giga.com.br for the blog post.
- Thanks to everyone who tweeted about this.
- Thanks to TechCycle for this demo video.
- Thanks to the @Mozilla community for discussing privacy issues. Some users even reported that nothing private is even working correctly with the latest version of Firefox Focus. They created an issue for it.
- https://softwarelivre.org/.
- Thanks Tutanota for sponsoring free encrypted emails for my opensource projects:
Having trouble?
If you are having trouble using this project, please open a new issue and describe your problem.
Spread the word!
Liked the project? Just give it a star ⭐ and spread the word!