[Requesting Help] Battle against Fingerprinting - How to get good results on fingerprinting tests with commons browsers?

Hello !
As i’ve got no answers there, maybe i will be able to get answers to my questions here.

If there is a lack of information don’t hesitate to tell me, i will provide what is needed.

Thanks for your answers,
Regards

If you are using a Firefox-based web browser your fingerprint will be bigger than a Chromium-based one, because the user base from one with the other is really small in comparison.

I really don’t know how much effective are extensions like Canvas Blocker, maybe some of them work, but there are certain things which can’t be spoofed. And the trade between less extensions and therefore less fingerprinting is not a good one, you end up exposed to trackers, ads, malicious cookies, malicious javascript, etc. A minimum is required IMO, e.g. uMatrix, uBlock Origin, HTTPS Everywhere, Cookie AutoDelete, Privacy Badger and Decentraleyes.

A good way in which you can lower your fingerprint is by setting privacy.resistFingerprinting to true on about:config. This will set your screen size to 1000x800px which is the same as Tor browser and it is a really standard size.


Everything said, you may be referring to other types of bio-metrics, should keystrokes, mouse movement patterns, etc. Still, I tried to be a little broad.

I’ve already follow nearly everything present there at privacytools website category browsers (limited to 2 links as new user…)

Acutally i’m asking for a tested and working way to pass https://panopticlick.eff.org/ test and if possible https://amiunique.org/ test with Firefox, because somes appear to pass but never communicate on " How " and " with what " :disappointed:

I need sources and relevant infos, because i’ve already spend hours with or without plugins to have a common fingerprint but i always get (at best) " partial " result.

EDIT : Exemple without - Simple new profile (recommanded settings on privacytools website + recommanded addons + disable WebRTC - Default value user-agent switcher) :
testsimpleprofilefingerprinting

Yeah, the trap we all was in before…there is no actual way to fight fingerprint i mean you can not block it fully but you can just fake it so no matter what you did it will always show data all you just can do is just fake it

If you want more protection, download Ghack’s user.js and add it to your Firefox profile, I think it’s not mentioned on PTio web page but it is really good.

I really don’t know which part of my setup did it, but I passed Panopticlick’s fingerprint test. Which mode of uBlock Origin are you using? It could also be because of my user.js, though, but maybe you are on easy mode.

These are my results:

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 141.54 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 7.15 bits of identifying information.

The measurements we used to obtain this result are listed below. You can read more about our methodology, statistical results, and some defenses against fingerprinting here.

https://upload.vaa.red/YEQg7#ceb2e07a9d0340159184c2c53fcb8dd3


Note that you WILL NEVER get a much lower fingerprint as if you were using a Chromium-based browser, and you shouldn’t worry too much about that. If you are blocking scripts, trackers, cookies and isolating compartments (which most likely your extensions do), you don’t have to worry unless you are doing some kind of illegal thing or your adversary is three letter state agency. In such case, stop using anything but Tor.

Certainly, but i pass checked the test with Tor Browser and some addons.

So it’s not impossible. And if somes can do it with Firefox there is a way to do it with it.

You passed the test with Tor because it has extra measures into the code which Firefox doesn’t, some of these can be achieved, but others as keystroke anonymization, or time-zone spoofing, not.

Did you add extra add-ons to Tor?

Already try ghacks as it is indicated in my reddit post and i have posted my user.js also… I was wondering about copy/paste it here, but maybe it will be more convenient for users ?

Didn’t manage to get same result as your, i was asking in my reddit post is there was something misconfigured in my user.js even if i have spend time to review it all and make change.

If you want intel or timeline of what i’ve done those 2 days i can for sure be more specific because i’ve made and try a lot of things.

So i will resume here the test i’ve made:

  1. Firefox - Default Ghack profile + Ublock origin untouched mode + HTTPS Everywhere + NoScript (allowing 2 items in javascript to make the test run (or it breaks)) + privacy badger/noprivacy badger + Canvablocker + Multiaccount container + Decentraleyes

Result: Unique Fingerprint

  1. Firefox - Ghacks custom (my profile : https://file.io/RFWNdZ) + Ublock origin Medium mode + HTTPS Everywhere + NoScript (allowing 2 items in javascript to make the test run (or it breaks)) + privacy badger/noprivacy badger + Canvablocker + Multiaccount container + Decentraleyes + Chameleon

Result: Unique Fingerprint

  1. Firefox - Simple profile (no privacy mode) with settings of PTio + Ublock origin Medium mode + HTTPS Everywhere + NoScript (allowing 2 items in javascript to make the test run (or it breaks)) + privacy badger/noprivacy badger + Canvablocker + Multiaccount container + Decentraleyes

Result: Partial protection

  1. Tor Browser + Canvablocker + Disconnect + Privacy Badger + Ublock standard mode

Result: Protected from fingerprinting and from ads

  1. Tor Browser alone:

Result : Protected from fingerprinting but partially protected of ads

Tell me if you need any other informations or file, anything that is revelant for you to help me.

My threat model is, every industries that relies on fingerprinting and ads mostly, but i’ve and ideology of freedom that can bother my government even if i am in the U.E. , it will be like U.S. one day or another so i prefer start protecting my privacy now then too late.

I use DNSCrypt with relays also and i plan to use VPN outside of 14 eyes countries, but it’s useless if you have a unique fingerprint anyway.

It is, https://www.privacytools.io/browsers/#user.js

I am not comfortable commenting on browser fingerprinting more though, the screenshot below probably tells enough, I am not even trying and I have a conflict of interest between promoting the Finnish language and privacy (and privacy.resistfingerprinting disabling TTS :frowning: )

PS. thanks for making me notice that I am running outdated Firefox

When you say you’re not comfortable, i wouldn’t say it is because of a lack of knowledges. So, can i ask you why ?

Regards

look the best way to avoid fingerprinting:

  1. Use Tor browser
  2. Use Secbrowser (it’s like tor, exactly its same thing except it not connect to tor network so yes all tweaks made by tor team is there so i can guarantee you a good protection)

Sorry, didn’t see the Reddit post. You shouldn’t be playing with user.js unless you what you are doing, if you think there’s something wrong with yours, delete the file and install it again.

Use uB O on hard mode, basically click on “I am an advanced users” and on the left panel block “3rd party”, “3rd party Scripts” and “3rd party frames”, unninstal NoScript since it doesn’t allow you for a more granular control as uMatrix, and set to block all cookies on global, uninstall Canvas blocker and MAC. Probably so many extensions are raising your fingerprint.
Make sure your FF settings are properly configured.

A golden rule: NEVER, EVER, BUT EVER add any add-ons and/or themes, change any kind of settings (except changing from safe, to safer to safest mode and/or choosing a bridge) or moving NS, or adding a bookmark, to the toolbar; also, you should never maximize your window. This raises Tor fingerprint because you are modifying its settings and the idea behind it is that everyone shares a unique fingerprint; most likely this is the reason why you are not passing the test. Also, Tor is not designed to fight against ads profiling, since you are anonymous all possible information they could collect about you in this regard is inaccurate and it can’t be tied to you away from keyboard persona.

Do this, if you need to register or log in to a website which is know for selling users’ data, just do it through Tor. For anything else that does not require registration or that does it but respecting your privacy, use FF. Fingerprinting is not so important since a lot of the times it isn’t enough to tie it to you (there are some exceptions to this, but it would require extreme measures like not writing in public spheres, and correlation attacks to triangulate one account with the other)

1 Like

I am not sure. Maybe it’s partially that only Tor Browser handles fingerprinting by default and has the fingerprint that everyone match or letterboxing that still makes groups of people who have the same fingerprint rather than being unique and then every extension having the potential of making you look more unique and some extensions meant to make you less visible from the masses may just make you more fingerprintable by the virtue of you being the user whose fingerprint changes all the time. Or maybe I am just lost on the subject.

We also have an open issue about rewriting the fingerprint section, I don’t remember what originally inspired me to open it.

but there are comments like “[…] almost everything currently in there is just sooooo wrong. […]

2 Likes

Basically, yes, if you can live using Tor as your daily browser this is your best option.

I understand you, same goes between global warming and privacy, it’s rare that both intersect, but you have to choose one form of fight some times and as I see that global warming has a lot of popularity and people trying to do stuff to change it (although it’s still not enough), I choose the latter since I think it is in a really terminal condition -as much as climate change IMHO- but has far fewer activists creating real impact.

Same goes with English domination on culture, or disabled people, I totally think they are serious issues but with the current levels of surveillance arising, if they are not stopped, other forms of oppression will be harder to fight.

Not to say that different and other kinds of abstract struggles can’t be fought at the same time, but when it comes to option A or B, I tend to pick the most critical.

1 Like

that’s why i said SecBrowser too :stuck_out_tongue:

Seems interesting, although I don’t know if the project is regularly updated, I’ll try to check it out.

I’ve a big issue with Tor Browser, it’s slow, really, really slow (at least from scratch installation.
I don’t have " 3rd party frames " on Ublock, but have this set in my own filters:

* * 3p-script block
* * 3p-frame block
* ajax.googleapis.com * noop
* ajax.aspnetcdn.com * noop
* ajax.microsoft.com * noop
* cdnjs.cloudflare.com * noop
* code.jquery.com * noop
* cdn.jsdelivr.net * noop
* yastatic.net * noop
* yandex.st * noop
* apps.bdimg.com * noop
* libs.baidu.com * noop
* lib.sinaapp.com * noop
* upcdn.b0.upaiyun.com * noop
* cdn.bootcss.com * noop
* sdn.geekzu.org * noop
* ajax.proxy.ustclug.org * noop

I will try your settings and use umatrix instead of NoScript, letting you know if it works for me. Thank you !

Of course it make sense. I was too much in the run and didn’t see the big picture concerning how TOR is working.

Thank you for your answer and the link.

1 Like

Yes it is, and there’s nothing you can do to change it, except maybe choosing safe instead of safer/safest.

2020-02-17_15-15

It’s impossible that you don’t have this option.

It’s more comfortable, you don’t need to reactivate stuff every time you enter the same website since it can differenciate between 1st part scripts on its own website and the same script working as a 3rd party one in another website.

1 Like