Reducing my browser fingerprint? (slrpnk.net)

submitted 1 month ago* (last edited 1 month ago) by countrypunk@slrpnk.net to c/privacy@lemmy.ml

38 comments fedilink hide all child comments

I went on amiunique.com, and it says that I'm unique.

Lowest scores: list of fonts JS (0.01%), canvas (0.00%), media devices (0.00%), user agent (0.11%), and audio data (0.80%)

I use Linux Mint Debian edition, Librewolf browser, and Mullvad VPN. How do I become less unique?

top 38 comments

sorted by: hot top controversial new old

[-] Harald_im_Netz@feddit.org 49 points 1 month ago

https://amiunique.org

Easiest answer would be: Use a common OS, with a common browser, and no add-ons.

The moment you start using something different to Windows, Android, iOS or macOS with Safari, Chrome or Firefox, you're probably already in the 5 % (just my uninformed estimate). Add-ons also increase this value drastically.

Long story short: The sad truth is, the moment you're interested in online-prviacy, you're very unique.

[-] countrypunk@slrpnk.net 10 points 1 month ago

Is there no way to spoof that I'm using one of those without actually using them?

[-] Zikeji@programming.dev 16 points 1 month ago

One of the points of Libre Wolf is to make you unique, but each session should be unique.

You can find some additional setting tweaks here: https://librewolf.net/docs/settings/

The "letterboxing" feature is an additional uniqueness feature you could consider enabling.

I'm particular you could check your result in this experiment: https://fpresearch.httpjames.space/

Try it in both normal and in a private tab, then record those results, reopen Libre Wolf, and try again.

[-] IphtashuFitz@lemmy.world 5 points 1 month ago

Spoofing is a whole hell of a lot easier said than done. Content delivery networks like Akamai, Cloudflare, etc. all know exactly how different versions of different browsers present themselves, and will catch the tiniest mistake.

When a browser requests a web page it sends a series of headers, which identify both itself and the request it’s making. But virtually every browser sends a slightly different set of headers, and in different orders. So Akamai, for example can tell that you are using Chrome solely by what headers are in the request and the order they are in, even if you spoof your User-Agent string to look like Firefox.

So to successfully spoof a connection you need to decide how you want to present yourself (do I really want them to think I’m using Opera when I’m using Firefox, or do I just want to randomize things to keep them guessing). In the first case you need to be very careful to ensure your browser sends requests that exactly matches how Opera sends them. One header, or even one character out of place can be enough for these companies to recognize you’re spoofing your connection.

[-] kekmacska@lemmy.zip 2 points 1 month ago

librewolf hopefully supports changing user agents. if not, uninstall it

[-] moseschrute@lemmy.ml 1 points 1 month ago

I found tor did a very good job of blending you into other tor traffic. But you are only as unique as 1 out of the total number of tor users.

[-] mercphilby@discuss.online 29 points 1 month ago

You’re unique and everyone loves you.

[-] MangoPenguin 17 points 1 month ago

Essentially using Linux with Librewolf and various browser addons is making you unique, since there are not many similar fingerprints.

[-] ElectroLisa 10 points 1 month ago

To my knowledge Librewolf spoofs useragent to Windows by default

[-] FrostyPolicy@suppo.fi 10 points 1 month ago* (last edited 1 month ago)

It does as well as setting your locale to en-us, timezone to utc and giving random output from canvas every time.

Edit: You can also enable a fixed size for you window. More precisely the area which is visible to content (and also to javascript). https://librewolf.net/docs/faq/#what-are-the-most-common-downsides-of-rfp-resist-fingerprinting

[-] ElectroLisa 1 points 1 month ago

Oh I have noticed the timezone change, some websites were misbehaving because of it

[-] umami_wasbi@lemmy.ml 5 points 1 month ago

It can still tell you're on Linux via WebGL

[-] mac@lemm.ee 2 points 1 month ago

Useragent doesn't do much as your browser navigator settings expose the real OS

[-] countrypunk@slrpnk.net 1 points 1 month ago

It seems to me with JavaScript it doesn't work

[-] headset@lemmy.world 14 points 1 month ago

If you are trying to obfuscate instead of poisoning your data, you are doing it wrong. You can't be identified if your fingerprint is always different.

Fingerprinting panic is some bullshit created by brave browser, a bloated shitware than installs a lot of unnecessary crap on your device, including their own advertisement engine.

[-] mbgid@lemmy.world 10 points 1 month ago

Using Tor Browser with default settings is probably the least time consuming way of reducing a site's ability to uniquely identify you.

[-] moseschrute@lemmy.ml 1 points 1 month ago

I wonder if you don’t actually use tor but use their version of Firefox if you still get their anti fingerprint benefits, or if being one of the few tor users not using tor makes you too unique.

[-] mbgid@lemmy.world 1 points 1 month ago

A big part of the anonymisation of Tor is from the routing, so I'm doubtful that just using their Firefox customizations would be enough.

[-] moseschrute@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

That’s not what I was talking about. The Tor network (onion routing) is a totally separate thing. Tor as an application has very good anti fingerprint protections. I was referring to that feature specifically not the rest of Tor.

Sure if you really wanna benefit, use Tor’s routing. But I am just admiring that the people that built Tor really knew what they were doing in all aspects of the application including the anti fingerprint protections.

[-] mbgid@lemmy.world 1 points 1 month ago

Right, I understand.

There are browsers that implement a lot of Tor Browser's anti-fingerprinting features, such as LibreWolf.

The problem is that if you're connecting to a site from an unique IP address then you're still uniquely identifiable regardless of how much your browser resists fingerprinting measures. If you have a dynamic IP address, information can still be derived from this to build an approximate profile for you (location, language, possible interests, statistically likely demographic bands etc.). It's surprising how accurate these can get.

The strength of the anti-fingerprinting features in Tor browser is really an additional protection on top of the main anonymisation feature: the routing. Everyone using the Tor browser and routing appears (kind of) the same to a site.

Connecting through a VPN provider is a half-way measure, but still won't be as good as Tor. To a site or tracker you'll appear as one of a smaller set of people connecting from that VPN where your browser fingerprint is different from others in the pool of people connecting via that VPN. That may not be enough to personally identify you, but it's enough to build a fairly well-targeted profile of you.

So tl;dr: anti-fingerprinting browser features are really cool and technically clever, but they don't protect against all the ways you can be profiled. And somewhat counter-intuitively, using only browser-level de-anonymisation features could actually make you appear more unique to sites or trackers, because you'll be one of relatively few people with that combination of browser and network connection profile.

[-] merde@sh.itjust.works 7 points 1 month ago

also ☞ https://coveryourtracks.eff.org

[-] some_guy@lemmy.sdf.org 5 points 1 month ago

EFF is an org that I'd run to join if they had a position I could fill. I've been on their side since the 90s, when I was too young to tell if I was choosing the right side because I didn't understand everything they advocated because I was a kid. They are the ACLU of the internet.

[-] merde@sh.itjust.works 6 points 1 month ago

isn't mullvad browser a better choice than librewolf? (i use both)

[-] FrostyPolicy@suppo.fi 6 points 1 month ago

They are pretty much equal. See https://privacytests.org/

[-] merde@sh.itjust.works 1 points 1 month ago

yes, except for the "DNS privacy tests" they seem to be equal on privacytests.org

[-] FrostyPolicy@suppo.fi 1 points 1 month ago

Enabling DoH with max protection probably solves that.

[-] countrypunk@slrpnk.net 2 points 1 month ago

Is it? I haven't heard much about mullvad browser.

[-] eruchitanda@lemmy.world 5 points 1 month ago

It's basically Tor Browser without using the Tor network.

[-] valiant1@lemmy.world 4 points 1 month ago

Try the chameleon extension https://github.com/sereneblue/chameleon

[-] LazerDickMcCheese@sh.itjust.works 3 points 1 month ago

I mean...VM, run Tor as a container within the VM, and don't change any default settings. Amiright guys?

[-] mac@lemm.ee 1 points 1 month ago* (last edited 1 month ago)

If you're gonna put this much effort in you may as well just use tails or qubes OS

[-] moseschrute@lemmy.ml 1 points 1 month ago

Also get ready to throw your credit cards in the trash. They are tracking you. And while you’re at it, might as well throw away your computer.

[-] umami_wasbi@lemmy.ml 3 points 1 month ago

Less unique is equal to what majority of other's do.

Windows
Chrome (stock settings, maybe some addons like grammarly)
No VPN

[-] mac@lemm.ee 1 points 1 month ago

I know you're saying to use widely-used extensions, but for privacy-conscious users I wouldn't suggest grammarly

[-] umami_wasbi@lemmy.ml 3 points 1 month ago* (last edited 1 month ago)

well. as another said, one is pretty unique the moment they seek online privacy. this is the sad reality of it. You want to blend in, less unique? Ditch privacy is a way to go. Is this a shit choice, of course it is. The otherway around is embrace the uniquess on every refresh of the page. However, I still have a hard time to beat some very sophisticated fingerprinting engines. Or you can disable Javascript and you won't be fingerprint-able at all along a VPN.

[-] mac@lemm.ee 1 points 1 month ago

Sure I after with that first point. But actively feeding all of your typed text to a corporate owned server isn't the only way to so that.

[-] joram@discuss.tchncs.de 1 points 1 month ago

Go with Brave. They add stuff to your fingerprint, so that is is completely irrelevant!

[-] Nalivai@lemmy.world 18 points 1 month ago

Brave isn't a thrust-worthy company

this post was submitted on 27 Dec 2024

65 points (100.0% liked)

Privacy

34096 readers

684 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS