How to to stop browser fingerprinting and tracking?

[jetman]

I understand that it is possible to identify an individual user on the Internet even if they use a VPN. Websites can collect information about the configuration of user's PC or device which is almost to unique to each person. A fingerprint is based on an individual's particular combination of hardware/software apparently ?

I tested myself here and found that my machine is very easily identifiable....

Panopticlick

I don't know much about this subject but would be interested to know more. Some browser extensions claim to reduce the risk of being tracked in this way. I'd be interested to hear people's comments about these. I was considering the following extensions in Firefox...

Windscribe- claims to keep changing the "user agent" whatever that means
Kasperksy- says it blocks trackers and web beacons
Privacy Badger- claims to do something similar.

Can anyone make recommendations here ??? Woud you use all three of these extensions together, just one of them, or are they all a bit pointless ?

Thanks.

 

[Prorootect]

ScriptSafe.

 

[Sunshine-boy]

Simulate Unique Connections by Managing Browser Fingerprint | Multiloginapp
You have to buy this!but expensive!

 

[Prorootect]

...and ipFlood: ipFlood – Add-ons for Firefox

and Policy Control

and Random Agent Spoofer...https://addons.mozilla.org/en-US/firefox/addon/ipflood/

 

[Kubla]

Simulate Unique Connections by Managing Browser Fingerprint | Multiloginapp
You have to buy this!but expensive!

Wow I first looked at the prices and thought they were for a year and that was a little expensive, then I saw it was for a month.

Also from what I have read using the Tor Browser as is meaning making no changes to it will also help with anonymity since most who use it don't make changes to it creating very little uniqueness between that browsers users.

 

[Sunshine-boy]

There is also another good and free alternative:
Tails - Privacy for anyone anywhere

 

[zzz00m]

For Firefox, I like CanvasBlocker: CanvasBlocker – Add-ons for Firefox

I set mine to return a random faked readout every time a site tries to access it...

This add-on allows users to prevent websites from using the Javascript canvas API to fingerprint them. Users can choose to block the canvas API entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API. More information on canvas fingerprinting can be found at http://www.browserleaks.com/canvas.

 

[Flengo]

Here are some about:config tweaks for Firefox to improve privacy
From this page.

Preparation:

1. Enter "about:config" in the firefox address bar and press enter.
2. Press the button "I'll be careful, I promise!"
3. Follow the instructions below...

Getting started:

1. privacy.firstparty.isolate = true
   • A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
2. privacy.resistFingerprinting = true
   • A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
3. privacy.trackingprotection.enabled = true
   • This is Mozilla’s new built in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you should set it to false if you are using the add-on functionalities.
4. browser.cache.offline.enable = false
   • Disables offline cache.
5. browser.safebrowsing.malware.enabled = false
   • Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
6. browser.safebrowsing.phishing.enabled = false
   • Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
7. browser.send_pings = false
   • The attribute would be useful for letting websites track visitors’ clicks.
8. browser.sessionstore.max_tabs_undo = 0
   • Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
9. browser.urlbar.speculativeConnect.enabled = false
   • Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. Source
10. dom.battery.enabled = false
    • Website owners can track the battery status of your device. Source
11. dom.event.clipboardevents.enabled = false
    • Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
12. geo.enabled = false
    • Disables geolocation.
13. media.navigator.enabled = false
    • Websites can track the microphone and camera status of your device.
14. network.cookie.cookieBehavior = 1
    • Disable cookies
    • 0 = Accept all cookies by default
    • 1 = Only accept from the originating site (block third party cookies)
    • 2 = Block all cookies by default
15. network.cookie.lifetimePolicy = 2
    • cookies are deleted at the end of the session
    • 0 = Accept cookies normally
    • 1 = Prompt for each cookie
    • 2 = Accept for current session only
    • 3 = Accept for N days
16. network.http.referer.trimmingPolicy = 2
    • Send only the scheme, host, and port in the Referer header
    • 0 = Send the full URL in the Referer header
    • 1 = Send the URL without its query string in the Referer header
    • 2 = Send only the scheme, host, and port in the Referer header
17. network.http.referer.XOriginPolicy = 2
    • Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
    • 0 = Send Referer in all cases
    • 1 = Send Referer to same eTLD sites
    • 2 = Send Referer only when the full hostnames match
18. network.http.referer.XOriginTrimmingPolicy = 2
    • When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
    • 0 = Send full url in Referer
    • 1 = Send url without query string in Referer
    • 2 = Only send scheme, host, and port in Referer
19. webgl.disabled = true
    • WebGL is a potential security risk. Source

 

[Arequire]

I use Adguard's Stealth Mode to rotate between the two commonly used user agents daily and Canvas Defender to change my canvas fingerprint daily.

 

[bribon77]

How to stop fingerprint and browser tracking? I think that's a difficult challenge

 

[HarborFront]

To block fingerprints

For Chrome use the following extensions

1) ScripSafe
2) Tunnelbear Blocker
3) Random User Agent
4) Add "-disable-reading-from-canvas" (remove quotes) to the Chrome icon properties on your desktop

For FF Quantum (v57 and above) use the following extensions

1) ScriptSafe
2) CanvasBlocker
3) Canvas Defender
4) Shape Shifter

For blocking browser trackers many adblockers can do the job like uBlock Origin, Nano Defender, uMatrix, NoScript, Keyboard Privacy, Cookie AutoDelete, Tunnelbear Blocker etc

Running your browsers in Private Mode/Incognito helps in lessening your chances of being tracked

 

[Arequire]

Keep in mind that completely blocking your canvas fingerprint makes you more identifiable than not doing so. Sure, your canvas fingerprint won't be sent but the fact that you're blocking it will be and that puts you into a extremely small group of users that do the same, as opposed to the far bigger group of users who don't block their canvas fingerprint.

 

[TairikuOkami]

Keep in mind that completely blocking your canvas fingerprint makes you more identifiable than not doing so.

Indeed, to completely block tracking, there is only one alternative VPN or a linux distros like Tails. A partial blocking via extensions makes the user more identifiable, not to mention: the more you block, the more you break the webpage. I just block trackers, because they slow down the browser, not because of privacy concerns.

 

[zzz00m]

Keep in mind that completely blocking your canvas fingerprint makes you more identifiable than not doing so. Sure, your canvas fingerprint won't be sent but the fact that you're blocking it will be and that puts you into a extremely small group of users that do the same, as opposed to the far bigger group of users who don't block their canvas fingerprint.

With CanvasBlocker you can set it to fake the readout with a random fingerprint every time that is 100% unique. So refresh the page or visit another time and it sends another fingerprint that is also 100% unique. Very nearly impossible to correlate your two visits that way! Better than disabling fingerprinting completely, if you ask me!

 

[zzz00m]

Indeed, to completely block tracking, there is only one alternative VPN or a linux distros like Tails. A partial blocking via extensions makes the user more identifiable, not to mention: the more you block, the more you break the webpage. I just block trackers, because they slow down the browser, not because of privacy concerns.

Your browser fingerprint can still be tracked, even with a VPN. Better to fake the readout each visit to a site with a random fingerprint.

Test your fingerprint here: Canvas Fingerprinting - BrowserLeaks.com

 

[Arequire]

With CanvasBlocker you can set it to fake the readout with a random fingerprint every time that is 100% unique. So refresh the page or visit another time and it sends another fingerprint that is also 100% unique. Very nearly impossible to correlate your two visits that way! Better than disabling fingerprinting completely, if you ask me!

CanvasBlocker isn't available for Chrome.

 

[zzz00m]

CanvasBlocker isn't available for Chrome.

True - but since Firefox is the best browser, that matters little to me, LOL! Firefox always had the best extensions anyway.

I also use Chrome sometimes and I have been using Canvas Defender over there. It's available for both browsers. Canvas Defender

Canvas Defender: canvas fingerprinting protection - gHacks Tech News

The extension adds an icon to the browser's main toolbar that you can interact with. A click displays the noise hash, and an option to generate new noise. You may disable the creation of noise to Canvas at any time using the menu as well.

The extension comes with two options that users may find useful. First, an option to add sites to a whitelist. If you notice that a site won't work properly anymore after installing Canvas Defender, you may add it there if you trust it to block Canvas Defender from adding noise to Canvas when you are on the site.

The second option configures the browser add-on to generate a new noise hash automatically. I recommend that you enable that option if you use the extension, as you'd have to generate new noise hashes manually otherwise.

Mine generates a new canvas fingerprint every 24 hours. But you can set it to every minute, hour, day, week, etc.

 

[Daljeet]

Simulate Unique Connections by Managing Browser Fingerprint | Multiloginapp
You have to buy this!but expensive!

Multiloginapp is awesome application as you know friend @Sunshine-boy I like it features
simulate fake User Agent
Disable WebRTC
Zero fingerprint
Canvas defense
and many more

 

[Tsiehshi]

With CanvasBlocker you can set it to fake the readout with a random fingerprint every time that is 100% unique. So refresh the page or visit another time and it sends another fingerprint that is also 100% unique. Very nearly impossible to correlate your two visits that way! Better than disabling fingerprinting completely, if you ask me!

You can also apply @Arequire's point to this. Even if you change your fingerprints all the time, you'll still be in the far smaller group. It only works if it's common practice. A better solution would be faking the canvas rendering of another popular browser, or using forks that don't change the original Firefox/Chrome rendering (both my Opera and QupZilla successfully pretend to be Chrome).

 

[Handsome Recluse]

Might want to read Tor's research on this.