How to to stop browser fingerprinting and tracking?

jetman

Level 10
Thread author
Verified
Well-known
Jun 6, 2017
475
I understand that it is possible to identify an individual user on the Internet even if they use a VPN. Websites can collect information about the configuration of user's PC or device which is almost to unique to each person. A fingerprint is based on an individual's particular combination of hardware/software apparently ?

I tested myself here and found that my machine is very easily identifiable....

Panopticlick

I don't know much about this subject but would be interested to know more. Some browser extensions claim to reduce the risk of being tracked in this way. I'd be interested to hear people's comments about these. I was considering the following extensions in Firefox...

Windscribe- claims to keep changing the "user agent" whatever that means
Kasperksy- says it blocks trackers and web beacons
Privacy Badger- claims to do something similar.

Can anyone make recommendations here ??? Woud you use all three of these extensions together, just one of them, or are they all a bit pointless ?

Thanks.
 

Kubla

Level 8
Verified
Jan 22, 2017
355

Wow I first looked at the prices and thought they were for a year and that was a little expensive, then I saw it was for a month.

Also from what I have read using the Tor Browser as is meaning making no changes to it will also help with anonymity since most who use it don't make changes to it creating very little uniqueness between that browsers users.
 

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
For Firefox, I like CanvasBlocker: CanvasBlocker – Add-ons for Firefox

I set mine to return a random faked readout every time a site tries to access it... :ROFLMAO:

This add-on allows users to prevent websites from using the Javascript canvas API to fingerprint them. Users can choose to block the canvas API entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API. More information on canvas fingerprinting can be found at http://www.browserleaks.com/canvas.
 

Flengo

Level 2
Verified
Oct 19, 2017
52
Here are some about:config tweaks for Firefox to improve privacy :)
From this page.
Preparation:

  1. Enter "about:config" in the firefox address bar and press enter.
  2. Press the button "I'll be careful, I promise!"
  3. Follow the instructions below...
Getting started:

  1. privacy.firstparty.isolate = true
    • A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
  2. privacy.resistFingerprinting = true
    • A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
  3. privacy.trackingprotection.enabled = true
    • This is Mozilla’s new built in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you should set it to false if you are using the add-on functionalities.
  4. browser.cache.offline.enable = false
    • Disables offline cache.
  5. browser.safebrowsing.malware.enabled = false
    • Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
  6. browser.safebrowsing.phishing.enabled = false
    • Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
  7. browser.send_pings = false
    • The attribute would be useful for letting websites track visitors’ clicks.
  8. browser.sessionstore.max_tabs_undo = 0
    • Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
  9. browser.urlbar.speculativeConnect.enabled = false
    • Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. Source
  10. dom.battery.enabled = false
    • Website owners can track the battery status of your device. Source
  11. dom.event.clipboardevents.enabled = false
    • Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  12. geo.enabled = false
    • Disables geolocation.
  13. media.navigator.enabled = false
    • Websites can track the microphone and camera status of your device.
  14. network.cookie.cookieBehavior = 1
    • Disable cookies
    • 0 = Accept all cookies by default
    • 1 = Only accept from the originating site (block third party cookies)
    • 2 = Block all cookies by default
  15. network.cookie.lifetimePolicy = 2
    • cookies are deleted at the end of the session
    • 0 = Accept cookies normally
    • 1 = Prompt for each cookie
    • 2 = Accept for current session only
    • 3 = Accept for N days
  16. network.http.referer.trimmingPolicy = 2
    • Send only the scheme, host, and port in the Referer header
    • 0 = Send the full URL in the Referer header
    • 1 = Send the URL without its query string in the Referer header
    • 2 = Send only the scheme, host, and port in the Referer header
  17. network.http.referer.XOriginPolicy = 2
    • Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
    • 0 = Send Referer in all cases
    • 1 = Send Referer to same eTLD sites
    • 2 = Send Referer only when the full hostnames match
  18. network.http.referer.XOriginTrimmingPolicy = 2
    • When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
    • 0 = Send full url in Referer
    • 1 = Send url without query string in Referer
    • 2 = Only send scheme, host, and port in Referer
  19. webgl.disabled = true
    • WebGL is a potential security risk. Source
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,054
To block fingerprints

For Chrome use the following extensions

1) ScripSafe
2) Tunnelbear Blocker
3) Random User Agent
4) Add "-disable-reading-from-canvas" (remove quotes) to the Chrome icon properties on your desktop

For FF Quantum (v57 and above) use the following extensions

1) ScriptSafe
2) CanvasBlocker
3) Canvas Defender
4) Shape Shifter

For blocking browser trackers many adblockers can do the job like uBlock Origin, Nano Defender, uMatrix, NoScript, Keyboard Privacy, Cookie AutoDelete, Tunnelbear Blocker etc

Running your browsers in Private Mode/Incognito helps in lessening your chances of being tracked
 
Last edited:

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,821
Keep in mind that completely blocking your canvas fingerprint makes you more identifiable than not doing so. Sure, your canvas fingerprint won't be sent but the fact that you're blocking it will be and that puts you into a extremely small group of users that do the same, as opposed to the far bigger group of users who don't block their canvas fingerprint.
 

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,564
Keep in mind that completely blocking your canvas fingerprint makes you more identifiable than not doing so.
Indeed, to completely block tracking, there is only one alternative VPN or a linux distros like Tails. A partial blocking via extensions makes the user more identifiable, not to mention: the more you block, the more you break the webpage. I just block trackers, because they slow down the browser, not because of privacy concerns.
 

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
Keep in mind that completely blocking your canvas fingerprint makes you more identifiable than not doing so. Sure, your canvas fingerprint won't be sent but the fact that you're blocking it will be and that puts you into a extremely small group of users that do the same, as opposed to the far bigger group of users who don't block their canvas fingerprint.

With CanvasBlocker you can set it to fake the readout with a random fingerprint every time that is 100% unique. So refresh the page or visit another time and it sends another fingerprint that is also 100% unique. Very nearly impossible to correlate your two visits that way! Better than disabling fingerprinting completely, if you ask me!
 

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
Indeed, to completely block tracking, there is only one alternative VPN or a linux distros like Tails. A partial blocking via extensions makes the user more identifiable, not to mention: the more you block, the more you break the webpage. I just block trackers, because they slow down the browser, not because of privacy concerns.

Your browser fingerprint can still be tracked, even with a VPN. Better to fake the readout each visit to a site with a random fingerprint. ;)

Test your fingerprint here: Canvas Fingerprinting - BrowserLeaks.com
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,821
With CanvasBlocker you can set it to fake the readout with a random fingerprint every time that is 100% unique. So refresh the page or visit another time and it sends another fingerprint that is also 100% unique. Very nearly impossible to correlate your two visits that way! Better than disabling fingerprinting completely, if you ask me!
CanvasBlocker isn't available for Chrome.
 

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
CanvasBlocker isn't available for Chrome.

True - but since Firefox is the best browser, that matters little to me, LOL! Firefox always had the best extensions anyway. ;)

I also use Chrome sometimes and I have been using Canvas Defender over there. It's available for both browsers. Canvas Defender

Canvas Defender: canvas fingerprinting protection - gHacks Tech News

The extension adds an icon to the browser's main toolbar that you can interact with. A click displays the noise hash, and an option to generate new noise. You may disable the creation of noise to Canvas at any time using the menu as well.

The extension comes with two options that users may find useful. First, an option to add sites to a whitelist. If you notice that a site won't work properly anymore after installing Canvas Defender, you may add it there if you trust it to block Canvas Defender from adding noise to Canvas when you are on the site.

The second option configures the browser add-on to generate a new noise hash automatically. I recommend that you enable that option if you use the extension, as you'd have to generate new noise hashes manually otherwise.

Mine generates a new canvas fingerprint every 24 hours. But you can set it to every minute, hour, day, week, etc. :D
 
  • Like
Reactions: harlan4096

Tsiehshi

Level 2
Verified
Nov 11, 2017
51
With CanvasBlocker you can set it to fake the readout with a random fingerprint every time that is 100% unique. So refresh the page or visit another time and it sends another fingerprint that is also 100% unique. Very nearly impossible to correlate your two visits that way! Better than disabling fingerprinting completely, if you ask me!
You can also apply @Arequire's point to this. Even if you change your fingerprints all the time, you'll still be in the far smaller group. It only works if it's common practice. A better solution would be faking the canvas rendering of another popular browser, or using forks that don't change the original Firefox/Chrome rendering (both my Opera and QupZilla successfully pretend to be Chrome).
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top