oldschool

Level 37
Verified
I just read this article, poached from Wilders: Browser Fingerprinting: An Introduction and the Challenges Ahead | Tor Blog . So I started to re-think this subject after recently testing different forms of tracking protection. The most interesting point raised by the author is that it may be best to use no tracking protection of any kind.

"...
3. Today, there is no ultimate solution to fix browser fingerprinting. As its origin is rooted in the beginning of the internet, there is no single patch that can fix it for good. And as such, designing defenses is hard. A lot of approaches have been tried and evaluated over the years with each their strengths and weakness. Examples include blocking attributes, introducing noise, modifying values, or increasing fingerprint diversity. However, one important observation that has been made is that sometimes having no specific defense is better than having one. Some solutions, because of the way they were designed or coded, remove some fingerprinting vectors but introduce some artifacts or inconsistencies in the collected fingerprints. (my italics)
For example, imagine a browser extension that changes the value of fingerprints before they are sent.
Everything works perfectly except the fact that the developer forgot to override the navigator.platform value. Because of this, the user-agent may say that the browser is running on Windows whereas the platform still indicates it is on a Linux system. This creates a fingerprint that is not supposed to exist in reality and, as such, make the user more visible online. It is what Eckersley [1] called the “Paradox of Fingerprintable Privacy Enhancing Technologies.” By wanting to increase online privacy, you install extensions that in the end make you even more visible than before. ..."

I've done some very initial testing at AmIUnique.org and my experience verifies this conclusion. However, I'll continue informal testing at other sites and to ponder the implications and how best to combat fingerprinting with available technology. Some may disagree but I believe privacy protection is part and parcel of web security.

What do you think about browser fingerprinting and tracking generally? If you use tracking protection, what form do you use? Specific browser? Extensions? VPN or other? Let me know your thoughts.
 

HarborFront

Level 47
Verified
Content Creator
A VPN only changes your IP address. Yes, some providers do have other content protection features but I doubt they are effective. Some browsers offer tracking/coin mining protection but I would suggest using uBO/uMatrix with selected filters for more effective protection. Those offered by the browsers are more for the common users.

As for fingerprinting I don't think a VPN can protect you against them. It's a browser issue. Correct me if I'm wrong on this.

It's also true that using extensions to avoid fingerprints can create other problems as the extension(s) themselves are sometimes not well coded. But bear in mind that there's NO single extension which can help to avoid all types of fingerprints.

Fingerprints come in many forms. ScriptSafe/Trace extensions protect against a wide variety of fingerprints. Note that some features are not effective against some testing sites.

You can use hardware device with built-in tracking/fingerprinting protection or use software/filters/extensions in your computer.

Complementing the above with a VM and the use of TOR browser will help greatly

To summarize. IMO if you value your privacy then protection against tracking/fingerprinting/data stealers is important
 
Last edited:

blackice

Level 12
Verified
Honestly I do value my privacy and have been down this road. However, it seems all the work it takes to obfuscate your internet use draws more attention than less. But, then again, I don’t think the mega corps care about the privacy nerds huddled in the corner either (me included). The sad truth is the corps don’t care about individuals, they care about target demographics and dollars. We aren’t people to them. Which is a relief on some level. I just use uBo and privacy badger, and privacy protection on mobile browsers. But I also don’t think they are fooling anyone really.
 

Moonhorse

Level 26
Verified
Content Creator
Firefox = security browser kind & still webrtc will leak your local ip by default
Firefox = fingeprint protectionis next to nothing, unless you enable resist.fingerprintall from about:config and that will break some sites completely

With firefox you need to live with broken sites, if you enable most of about:configs, or either need extensions for anti-fingerprint + other tracking extensions (trace)

On chromium browsers, ublock origin will do everything = block ads, hide cookie banners, block tracking/domains with malicious stuff, chromium browsers wont leak webrtc by default and only problem is just header/fingerprint protection wich is achievable with trace extension

Tracking protection browsers offer, blocking 3rd party cookies is only one thats worth using, ublock origin does the rest, yet you can set-up chrome :/flag to block downloads over insecure connections and set-up ask where to safe while to avoid anykind of driveby download

Ublock origin is pretty much all you need, no need to bloat browser with such anti-tracking extensions
 

SeriousHoax

Level 11
Verified
Malware Tester
On chromium browsers, ublock origin will do everything = block ads, hide cookie banners, block tracking/domains with malicious stuff
This line is kind of misleading. You made it sound like uBlock Origin does this only on Chromium browsers. I'm sure that's not what you meant. uBlock Origin actually works better on Firefox.
chromium browsers wont leak webrtc by default
But every webrtc leak test is showing my ip address. On Firefox I can completely disable webrtc as I don't need it. I don't know if there's such option in Chromium.
 
P

Pkjfkknm

I just read this article, poached from Wilders: Browser Fingerprinting: An Introduction and the Challenges Ahead | Tor Blog . So I started to re-think this subject after recently testing different forms of tracking protection. The most interesting point raised by the author is that it may be best to use no tracking protection of any kind.

"...
3. Today, there is no ultimate solution to fix browser fingerprinting. As its origin is rooted in the beginning of the internet, there is no single patch that can fix it for good. And as such, designing defenses is hard. A lot of approaches have been tried and evaluated over the years with each their strengths and weakness. Examples include blocking attributes, introducing noise, modifying values, or increasing fingerprint diversity. However, one important observation that has been made is that sometimes having no specific defense is better than having one. Some solutions, because of the way they were designed or coded, remove some fingerprinting vectors but introduce some artifacts or inconsistencies in the collected fingerprints. (my italics)
For example, imagine a browser extension that changes the value of fingerprints before they are sent.
Everything works perfectly except the fact that the developer forgot to override the navigator.platform value. Because of this, the user-agent may say that the browser is running on Windows whereas the platform still indicates it is on a Linux system. This creates a fingerprint that is not supposed to exist in reality and, as such, make the user more visible online. It is what Eckersley [1] called the “Paradox of Fingerprintable Privacy Enhancing Technologies.” By wanting to increase online privacy, you install extensions that in the end make you even more visible than before. ..."

I've done some very initial testing at AmIUnique.org and my experience verifies this conclusion. However, I'll continue informal testing at other sites and to ponder the implications and how best to combat fingerprinting with available technology. Some may disagree but I believe privacy protection is part and parcel of web security.

What do you think about browser fingerprinting and tracking generally? If you use tracking protection, what form do you use? Specific browser? Extensions? VPN or other? Let me know your thoughts.
useful only if you control all data from start
you have digital footprint from day born
all of it out of your control
much of it easy access to all
all efforts to remain hidden thus fruitless
 

TairikuOkami

Level 23
Verified
Content Creator
The most interesting point raised by the author is that it may be best to use no tracking protection of any kind.
I would not say none, but basic to get rid of the most obvious ones, but lets not push it, like canvas and such. Otherwise you might end up like this:

download.jpg



Anyone, who wants the real privacy, will use VPN or Tails and will not rely just on extensions, because they ultimately fail on the browser itself.

ScriptSafe/Trace extensions protect against a wide variety of fingerprints.
True, like tracking the mouse movement, that is almost as unique as the real fingerprint itself. The way people move mouse while browsing.

If you use tracking protection, what form do you use?
1. DNScrypt within the browser, that is pretty much basics for privacy and security. It is not as good as VPN, but it is better than nothing.
2. Blocking port 80 to make sure, webpages will not open resources, which could be easily tracked by ISP, not to mention security as well.
3. Adguard to block an excessive tracking, it can slow down browsing and to block referrers to avoid webpages knowing, where I came from.
4. Cookie-Autodelete to remove first/third party cookies, blocking them cripples some webpages, so they are allowed, but removed ASAP.

What do you think about browser fingerprinting and tracking generally?
As far as the internet is concerned, I am not unique at all, I am average, even bellow average. I use the same name and username, all over the place, sometimes even the password. My FB is linked to steam, which is linked to Discord, etc, so I am not sticking out too much. Of course, I do not post my personal details, like the real date of birth, address or phone, but you can freely see, what I like, so can buy me my favorite drink. :D
 

Attachments

Atlas147

Level 30
Verified
Content Creator
Honestly I have no idea how effective is my tracking protection because I block ads too. Currently I am using Privacy badger for tracking protection and uBlock Origin for my ad blocking. I am also currently on firefox and I use firefox containers to separate my social media from my normal browsing (although I'm not sure how effective they are and if they work like that).
 

Arequire

Level 23
Verified
Content Creator
Btw, this is based on EasyList & EasyPrivacy only. Advanced/semi advanced users should add some other filters too. uBlock Origin in medium mode/uMatrix/NoScript helps a lot too.
True, but it represents the majority of people using ad blocking software.

Yes, the bottom line is governments need to take action - but how much hope is there when so many are in debt to the same companies?
I for one have very little hope. Even if we our respective governments suddenly became benign and decided to act in the public interest by taking action against these companies, they've consistently proven themselves to be wholly incompetent and I wouldn't trust them to draft legislation that isn't filled with loopholes and/or wouldn't be subject to corporate pressure to have any such legislation weakened or repealed.