No matter what fork of Firefox I use, or extensions I install (like jShelter), I have a unique fingerprint.
No matter what fork of Firefox I use, or extensions I install (like jShelter), I have a unique fingerprint.
What's the deal? I'm testing using https://coveryourtracks.eff.org/ Is it truly unique (and repeatable), or is it perhaps being randomized on every request?
I've tried normal Firefox, Mull, and IronFox. With and without jShelter.
I'm using my phone. Stock Android on a Pixel 7 Pro.
In DDG Browser I have a "nearly unique" fingerprint.
I installed CanvasBlocker and disabled privacy.resistFingerprinting in IronFox (since CanvasBlocker said to), and my fingerprint is still unique. I guess I'm not surprised since I think CanvasBlocker is designed to randomize canvas fingerprinting.
Any tips on having even a shred of privacy when browsing the web on Android?
Update
The biggest identifying characteristics are screen size and user agent. User agent can be faked with an extension. I can't exactly change my screen size.
I don't know what exactly what I did, but I managed to improve to "nearly unique" in IronFox. I think all I did was install Cookie Autodelete. It's an extension I've used for a long time in Mull, and finally got around to installing it. Then I installed "User-agent Switcher" and chose a Chrome user-agent and now I'm back to "Unique". 🤔
EFF mentioned Tor Browser having some other best anti-fingerprinting, so I tried installing that. "Unique Fingerprint". Again, maybe that's fine if it means it's randomized on every request. Does anyone know if that's the case? If part of the fingerprint is a hash of canvas data and WebGL data, etc. Then I can easily see your fingerprint being unique if a browser or an extension is intentionally fuzzing that data.
Update 2
I tried Fennec with just jShelter, uBlock Origin, and Cookie AutoDelete (not that I think those last two matter).
Obtained a "randomized fingerprint" result. Success?
scroll down and see which fingerprinting parameter gives you away
I've done that, and it's a little of everything. The page doesn't offer any advice on how to address anything.
The biggest ones are screen size and user agent. User agent can be faked with an extension. I can't exactly change my screen size.
I don't know what exactly what I did, but I managed to improve to "nearly unique" in IronFox. I think all I did was install Cookie Autodelete. It's an extension I've used for a long time in Mull, and finally got around to installing it. Then I installed "User-agent Switcher" and chose a Chrome user-agent and now I'm back to "Unique". 🤔
I suspect they're multiplying all of the 1-in-X probabilities, and if they come up with less than 1-in-8 billion, then they call that unique. If they were actually comparing your values against a hash of previous visitors, then the second time you visit, you'd no longer be unique.
eta: screen size and various hardware measures are probably the lowest probability fingerprints, but they're all highly correlated - there's a few million Pixel 7's out there, but you've probably got like 1-in-1000 screen size and a couple other 1-in-500+ hardware, and that would push you to "1-in-billions," even though there's millions of people with the same fingerprint.
The user agent string from each browser
The HTTP ACCEPT headers sent by the browser
Screen resolution and color depth
The Timezone your system is set to
The browser extensions/plugins, like Quicktime, Flash, Java or Acrobat, that are installed in the browser, and the versions of those plugins
The fonts installed on the computer, as reported by Flash or Java.
Whether your browser executes JavaScript scripts
Yes/no information saying whether the browser accepts various kinds of cookies and "super cookies"
A hash of the image generated by canvas fingerprinting
A hash of the image generated by WebGL fingerprinting
Yes/no whether your browser is sending the Do Not Track header
Your system platform (e.g. Win32, Linux x86)
Your system language (e.g. en-US)
Your browser's touchscreen support
For me only one parameter was an outlier, so I assumed that you would see something similar...
Protip: if your fingerprint changes every 30 seconds, then you've defeated their being able to track you with fingerprinting.
Install the Chameleon extension.
This isn't as simple or successful as you make it out to be, which is why tor opts for normalization instead of randomization. There are like hundreds of variables with billions of permutations in a browser, and some combinations never appear together in the real world. If all the major vars indicate Firefox 136, but your user agent is Chrome 98, and your language is English but location is Portugal, and some of those are changing every 30 seconds, you could end up being more unique and easier to track than if you'd just used mullvad or arkenfox. Browsers and trackers constantly evolve, so you can't ever really know how effective any random combination truly is.
Chameleon changes much more than just the user agent. We have no evidence to suggest that they can link your changing fingerprints. Thats the point. Its a fingerprint.
Stop trying to avoid having a unique fingerprint that's basically impossible unless you use Mullvad Browser or Tor.
https://github.com/arkenfox/user.js/wiki/3.3-Overrides-[To-RFP-or-Not]#-fingerprinting
If you rub sanding paper on your computer you can get rid of fingerprints I hope this helps
The parameter that usually gives me away is the window size, the page suggests its a brittle way of tracking someone since this will usually change from time to time. Not to mention that I'm using a browser that randomizes initial window size,
Weird, with just jShelter alone, I get "Your browser has a randomized fingerprint" on both desktop and mobile. Firefox browser
It might be because shelterjs is blocking the script.
Thank you. That's evidence that mine is not being randomized and is unique and repeatable.
I've never seen it not be unique. You can get pretty close though.
I got it to be random in Fennec. That's good. A unique, random fingerprint is probably as good as hiding in the crowd. Maybe. I dunno.
I feel like a lot of people on Lemmy will have unique fingerprints due to using uncommon operating systems, browsers, and extensions.
I get this on Firefox...
And this on DDG Browser. Both on Android
Weird that I get a unique fingerprint in DDG.
why would you need jShelter when you have uBlockOrigin?
isn't it redundant?
JShelter blocks fingerprinting. uBlock blocks scripts, cookies, and trackers. Trackers are going away, even Google says so, in favor of fingerprinting. Hence why Chrome is moving manifest v3 without third party cookie support. (I hope I got all those facts right.)
An anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection!
what if JavaScript is already disabled (by your browser or by uBlock)?