Does partial resistFingerprinting make any sense?

I’ve been playing around with resistFingerprinting in Firefox.

I started out with privacy.resistFingerprinting = yes.

Then, I noticed this would break the dark mode in websites. So I disabled resistFingerprinting again and instead added privacy.fingerprintingProtection.overrides = +AllTargets,-CSSPrefersColorScheme.


This basically means: RFP disabled [default], FPP enabled [default], FPP to use all RFP protections, except for the CSSPrefersColorScheme one

Then, I noticed that in my web calendar and other places, it would always show me everything in UTC time. So I added -JSDateTimeUTC as well.

Then, I noticed that Google Maps (the only Google product I’m still using) wouldn’t allow me to enable the 3D/Globe View. So I added -WebGLRenderCapability.

Then, I noticed that in browser-based OnlyOffice I couldn’t use keyboard shortcuts anymore. So I added -KeyboardEvents.

So now I have privacy.fingerprintingProtection.overrides = +AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-WebGLRenderCapability,-KeyboardEvents

So far, I haven’t had any issues. Web apps seem to work fine, nothing breaks (as long as I sometimes give canvas access), and I feel like I’ve got a good balance between the compatibility of vanilla Firefox and the privacy of Librewolf/MullvadBrowser/Arkenfox.

Is there any point in having such a Frankenstein configuration? On the one hand, I’m still benefitting for the majority of the resistFingerprinting protections. On the other hand, I’m not really blending in with the rest of the RFP crowd anymore. How sophisticated are the fingerprinting scripts used in practice? Is a little bit of RFP better than none? Or is it all or nothing?

Well, realistically all you need to do to avoid most third-party trackers is use uBlock Origin, and to avoid most first-party trackers use a VPN (in both cases “most” = the vast majority). Anything beyond that is bonus points already.

Not very.


If the question is whether you can be fingerprinted then it is all or nothing: You can be fingerprinted.

If the question is whether you will be fingerprinted, then it is not all or nothing, and you probably won’t be.

1 Like

Does partial resistFingerprinting make any sense?

Plain and simple: No.

RFP is an all-or-nothing approach. If you don’t want to do that, use FPP, also as-is.

Note that they are doing so.

Given that most of your overrides are site-specific, you could use privacy.fingerprintingProtection.granularOverrides instead though. The syntax (JSON) is:

[ { "firstPartyDomain": "" , "overrides": "+Example1" }, { "firstPartyDomain": "" , "overrides": "+Example2" } ]

That’s an excellent idea, thank you