SecureKongo

Level 4
Hey guys, since some time I'm looking for ways to make my Browser fingerprint less unique as a testsite always tells me that it's still unique after all, no matter what I've tried so far. Do you have any tips? I'd also appreciate to see your testresults.

Website: Panopticlick

My current extensions are: Adguard, Privacy Badger, SmartHTTPS, Decentraleyes and Canvas Blocker. (Google Chrome)

looking forward to your recommendations :)
 

Attachments

  • Unbenannt.PNG
    Unbenannt.PNG
    72.9 KB · Views: 67

plat1098

Level 22
Verified
I got the same results you did. I never get a clean result, but then again, I don't use a vpn or run TOR browser. Too slow.

I ran the test before and after installing 2 additional extensions claiming to protect against stuff like this. I put the snip here. Pretty much the only thing that changed before and after was the hash of my browser showed as spoofed--which of itself is an identifier.

Total extensions: 5. uBO, Privacy Badger, ClearURL plus: Canvas Blocker and Spoof. The latter two are now removed. Enabled Do Not Track requests in chromium Edge also. Didn't change the test results.

This test has gotten more specific over the past few years? This time it correctly shows my gpu model. Yuck. 😒

I got better results w/Random Agent Spoofer back in the day w/Mozilla Firefox. But it interfered w/too many sites and I kept getting notices to update Safari and Internet Explorer. Bottom line: I don't care. Machine ID me all you want. But others will fight the good fight and win.

pan.PNG

panopgpu.PNG
 

SecureKongo

Level 4
I got the same results you did. I never get a clean result, but then again, I don't use a vpn or run TOR browser. Too slow.

I ran the test before and after installing 2 additional extensions claiming to protect against stuff like this. I put the snip here. Pretty much the only thing that changed before and after was the hash of my browser showed as spoofed--which of itself is an identifier.

Total extensions: 5. uBO, Privacy Badger, ClearURL plus: Canvas Blocker and Spoof. The latter two are now removed. Enabled Do Not Track requests in chromium Edge also. Didn't change the test results.

This test has gotten more specific over the past few years? This time it correctly shows my gpu model. Yuck. 😒

I got better results w/Random Agent Spoofer back in the day w/Mozilla Firefox. But it interfered w/too many sites and I kept getting notices to update Safari and Internet Explorer. Bottom line: I don't care. Machine ID me all you want. But others will fight the good fight and win.


I used to get a result like "your browser has a nearly unique fingerprint" but that changed now and i didnt change any settings or extensions. Thanks for your detailed answer btw! :)
 

SecureKongo

Level 4
Real quickie test w/Tor. No uBlock Origin or other extensions installed. Defaults are: NoScript, HTTPS Everywhere and DuckDuckGo. I suppose I could tweak for a better result but I didn't have the patience. I ran the Panopticlick test and during that minute, MalwareTips was still trying to load. Too slow.

i actually think the result is based on the fact that the browser is in windowed mode and doesn't have javascript enabled. But that isn't an option for day to day use i guess. :confused:
 

SecureKongo

Level 4
Avoid using Google Chrome. Switch to a Privacy-focused browser.

In this example, I am using Brave a Chromium-based browser.

Brave (Normal tab)
View attachment 246346

Settings (Standard defaults)
View attachment 246347
Oh, sweet. I don’t really like brave tho cause it has so much junk in it which i don’t need. Is there an alternative you know about?
 

SpiderWeb

Level 4
You will know when it's working when you get greeted by Captchas, the site renders the wrong format, Spotify and streaming sites don't load and you can't buy anything or login to your banking account online. It's not worth the hassle. Privacy Possum is great at hiding fingerprints. So great, I uninstalled it because it's breaking too many sites that I need to navigate to and require fingerprinting for authentication. Spotify even sent me an email that they logged me out of everything because they didn't know who I was with Privacy Possum and VPN on (see pic). Google screams critical security alert on my Chromebook. Just beware 99% of the time, fingerprinting is used in your favor and by hiding it you don't become invisible, just more suspicious. It's like wearing a mask. Nobody knows who you are but now you stand out because you are the only one wearing a mask. lol
 

Attachments

  • Screenshot_20200915-170328.png
    Screenshot_20200915-170328.png
    180.9 KB · Views: 63

SecureKongo

Level 4
You will know when it's working when you get greeted by Captchas, the site renders the wrong format, Spotify and streaming sites don't load and you can't buy anything or login to your banking account online. It's not worth the hassle. Privacy Possum is great at hiding fingerprints. So great, I uninstalled it because it's breaking too many sites that I need to navigate to and require fingerprinting for authentication. Spotify even sent me an email that they logged me out of everything because they didn't know who I was with Privacy Possum and VPN on (see pic). Google screams critical security alert on my Chromebook. Just beware 99% of the time, fingerprinting is used in your favor and by hiding it you don't become invisible, just more suspicious. It's like wearing a mask. Nobody knows who you are but now you stand out because you are the only one wearing a mask. lol
Actually Privacy Possum worked very well for me with little inconveniences. I decided to uninstalled it tho cause it didn’t receive an update for quite a while. Also i totally get your point, but i thought there is an easier and hassle free way to do that. And yea, there is nothing more annoying than Captchas which u actually solve correctly, but somehow it refreshes itself again 🤣
 

oldschool

Level 57
Verified
@SecureKongo Brave has "junk" like Rewards but it may be disabled to your liking. See my Brave feature review thread. Brave is updated frequently and they continue to make improvements to adblocking and fingerprinting protections. These functions are best handled by the browser itself, and not extensions, thus making Brave a commendable choice.

And please realize, that all of these testing websites use completely different data points/sets and all of these tests suffer from data-input pollution. This renders them very tenuous in terms of their value to web users. And very few users even know about or bother to protect against fingerprinting You may read more along these lines here.

Just beware 99% of the time, fingerprinting is used in your favor and by hiding it you don't become invisible, just more suspicious. It's like wearing a mask. Nobody knows who you are but now you stand out because you are the only one wearing a mask. lol
This, indeed, which speaks to my point above.
 

TairikuOkami

Level 29
Verified
Content Creator
I don't really think this is important. Your fingerprint is one of the zillions even if it's unique.
My Browser's results and that includes only the most common, like the browser, screen resolution, OS. There are ~50 cookieless tracking features.

Uniqueness99.92% (406 of 528769 user agents have the same signature)
 

security123

Level 27
Verified
Good topic!

Panopticlick isn't a good test site. It's to slow to test real world tracking as sites wouldn't use such.
The site also doesn't test much easier tracking ways.

Browser extensions doesn't help against fingerprinting as they add unique values to the own data and as they work on client side the server can get around anyway. Example is CNAME.
Example for bad extension: Browser Tracking | Madaidan's Insecurities

Tor browser make it better then Firefox, Brave but not perfect and also lack sandboxing, CFI and other important security features so it's not recommend for normal surfing.
Also Daniel Micay say Tor browser user can be still tracked with e.g. CSS.

Browser with few user's/ too low market share are too much affected for uniqueness so Chrome is the winner in that case.
Generally websites only need using the ISP name and combine that with useragent. If then the user change the default browser behaviour with e.g. extensions or blocking Javascript or cookies, this is a 100% identity.
That's the reason why default browser config are the best and that's the reason why mitigations must be done on browser level
 

security123

Level 27
Verified
When I call someone I say my name. No problem that the person who is called, knows who I am. It's even a matter of decency. That's why I have no problem with first party trackers. But I don't like third party trackers.
Websites move tracker from third party to first party so blocking third party doesn't work anymore.
That's even worse then CNAME stuff :/
 
Top