A web page that shows you everything the browser told it without asking

Original Article ↗ Hacker News Discussion ↗

Overall Reaction to the Demo

  • Many see it as a simplified, editorialized version of browser fingerprinting demos (EFF’s Cover Your Tracks, amiunique, fingerprint.com) rather than something technically new.
  • Some appreciate it as a tool to show non-technical users what’s leaking; others call it shallow, “vibe-coded,” and less informative than existing tools.

Technical Accuracy and Bugs

  • Multiple users report incorrect IP geolocation (off by tens to hundreds of kilometers), wrong city/ISP, and misleading phrasing around “we know where you are.”
  • GPU detection is often wrong or overly specific in Chrome and intentionally masked in Firefox; initial parsing bugs led to “or similar” nonsense strings.
  • Battery status shows phantom 100% on desktops or NaN; later fixed to “kept back.”
  • Storage quota was mispresented as “allocated” and absurdly large (tens of GB) before being corrected.
  • On some browsers it only sees viewport size, not true screen size; now labeled as anti-fingerprinting behavior.

Fingerprinting Mechanics and Browser Defenses

  • Thread discusses how combinations of GPU, screen, fonts, language, timezone, and behavior (scrolling, mouse movements, tab switches) form a unique fingerprint.
  • Fonts are highly identifying on desktops (accumulated over time) but much less so on stock iOS/Android.
  • Users highlight more advanced techniques the page omits: history/timing attacks, network stack fingerprinting, sensor APIs, cross-site tracking services.
  • Firefox, Mullvad/LibreWolf, and privacy tools (uBlock, NoScript, VPNs, Apple Private Relay, etc.) significantly reduce or spoof many signals; anti-fingerprinting (letterboxing, GPU masking, cache partitioning) is noted as effective.

Design, UX, and Tone

  • Strong criticism of very low-contrast dark theme and tiny text; many find it barely readable, especially on mobile or with aging eyes.
  • The copy is widely described as melodramatic, paranoid, and “LLM-sounding,” which for some undermines the message.
  • Others find the theatrical style entertaining and like touches such as tracking how long you left the tab.

Ethics, Consent, and Legality

  • Debate over whether basic signals (language, timezone, screen size, referrer) should require consent versus being “just how the web works.”
  • Some argue the “without asking” framing misleads: IP and headers are fundamental to HTTP, while geolocation APIs already prompt users.
  • EU/GDPR is cited: fingerprinting for tracking is not legal without proper disclosure/consent, even without cookies.

HN Meta and Trust

  • Several commenters accuse the site of being AI-generated slop and part of low-quality link spam; others point to a “sources” section claiming all prose is hand-written.
  • Mixed sentiment: some think such posts degrade HN; others still find the ensuing privacy discussion worthwhile.