I’ve run cover your tracks test on Brave and it randomizes webgl rendor etc, though sends the timezone offset, GPU model info. These amount to more “bits of identifying information” than other browsers, yet the result is “you have randomized fingerprint”. I could not produce this result in any other browser including Tor, though I know Tor creates a non-unique fingerprint to blend in the crowd and I understand the protection Tor gives is far better than Brave. I just wonder if there is some other intention to show non-unique fingerprint as red, and randomized fingerprint result you achieve with Brave as green, portraying Brave as more private for the average user.
2 Likes
Fingerprinting tests are never accurate.
They only measure statistics from their own users which might not represent all browser users. Disabling JavaScript gives better test results but in reality you’ll be identified by the fact you disabled it because the overwhelming majority of internet users don’t.
If anything, you’re letting the EFF and their tracking companies datamine you each time you take their test.
2 Likes
first of all you are right that fingerprints tests are not accurate, for better benchmark see the Carbon copy I shared
No their tracking companies do not datamine, and there is also an option to opt out of real tracking companies on the EFF test and uses a dummy tracking link.
Please fact check before posting next time for stuff like that you may be unaware.
3 Likes
Did you try it with Librewolf ?
My resutls were good with Librewolf+ublock Origins.
1 Like
EFF is fine. AmIUnique.org is also worth checking. Both don’t always agree.
CreepJS ( CreepJS ) is a better metric IMO, as it doesn’t make a big show of the factors it tests, it just tells if you if you’ve been there before and therefore have a specific fingerprint. Do you get a consistent fingerprint across 10 IP addresses? Then so will Google trackers. If you visit with a TOR browser, it shows like 80 visits, meaning that the TOR fingerprint is not uniqie and blocks hardware and OS-level data.
As a non-TOR browser, I suggest LibreWolf (ensure in about:config resist fingerprinting is on) with uBlock on all the time. Then also have a header/user-agent randomizer or two (Chameleon also works) and a couple JS blockers (JShelter and NoScript) - and then turn those on and off as well. Each combination of those also gives your browser a different fingerprint, and resists low-effort tracking. Extensions ARE part of the tracking profile, so don’t leave them on all the time. But if you, like me, aren’t on Windows or Mac OS, the user agent can be the giveaway that makes it worth adding another layer.
Yeah, I tried Librewolf too. NoScript is the puzzling one for me, I know it basically disables common tracking methods like screensize etc, but yeah it also makes my browsing profile unique. My goal is to just to stay away from big tech’s eyes, so if it makes me only vulnerable to state-level actors it would be fine for me.
NoScript is sort of a blunt tool, and it’s not necessary 24/7. I prefer JShelter as it doesn’t impact browsing as much. My threat model is the same, don’t create data points for big tech to add to a db. By spreading out your profile surface, it helps diffuse things.
Some lecture:
Old links I know. Information should still be valid
In short, the more you mess around the worse you make it.
https://www.reddit.com/r/GrapheneOS/comments/bg03np/browsers/
After endless edits it should work. Weird stuff here 
Over at GrapheneOS I posted the same links without this hassle 
1 Like
Well, we all know TOR is the one thing that actually works, fortunately. But it’s not good for everything.
For Mullvad and LibreWolf, they block enough that it’s a “mostly unique” fingerprint with just uBlock running when I try them. If you get into data revealed from CreepJS and AmIUnique.org, I’m of the (possibly misinformed, but supported by CreepJS tests over and over) opinion that extensions that limit what data goes back are one thing, but the fact that extensions ping as a fingerprint data point are a benefit in that it’s something you can change when you want.
So you use a header data changer to show you’re on Safari on an Mac OS machine, with JShelter running with an IP from Netherlands. An hour later I’m on the same site showing FF with NoScript with an IP from France. So of the data you do give up, anything that helps to spoof it is worth the cost of showing extensions running. My theory is that there’s no way to hide all the data, so spoofing data to poison what data you give up is the better option.
Someone in Brave is blocking that link and I can’t be bothered to check what it is. The Triviliant chain and @RoyalOughtness convinced me enough that I uninstalled Firefox. The only thing that makes me wonder about Brave is the GPU leaking when fingerprinting isn’t strict, which you can enable from the flags. However, I see this as a lesser evil than Firefox, even though I’d keep it as default…
It should work if you copy and paste the link text. I have no idea why, or how, the link was converted like that 
If use the direct link it shows up like above🤷🏽
Weird as well.
It’s not working, and there’s gotta be a good reason for it.
1 Like
Thanks yeah, very good read. I respect the GOS dev a lot.
Also, yeah. You will give some data to when you visit a website, but giving fake/random data works as long as it can’t be tied to you, separating activities with browsers/VPN is useful I guess.
1 Like
If you want viable fingerprinting resistance you need a substantial crowd.
Use Tor Browser. Anything else is ineffective. End of story.