How do you sandbox your tor browser on linux? I’d like to use it more frequently but I haven’t been able to get it to work in bubblejail
1 Like
Vanadium with brave search is basically all I use haha. It’s not great, but it was enough work for me to switch browsers for different stuff that I didn’t feel it was worth it. I do open links in incognito though which helps some.
As for aliases, I’ve got 113 on simplelogin haha. I’ve been using them for almost 3 years now and have aliased almost everything since then. (No I didn’t count them 
you can see how many you have if you look at your mailbox)
2 Likes
On Linux with VPN cycling through locations:
For anything I need to be logged in with my real name - Plain ol’ FF with uBo and containers.
Literally everything else: Private browsing on Floorp, LibreWolf, Mullvad, Tor, or Vivaldi, with uBo and then as needed: NoScript, JShelter, Chameleon, Random User Agent, and the EFF Privacy Badger extension if I want to turn a tracker on/off. I have Brave as another Chromium backup, but rarely ever use it because I don’t trust the association with the owner of Palantir and marketing over substance.
On mobile: Ironfox, Waterfox primarily, FF, Vivaldi, Brave.
On occasion I’ll use FF or Chrome in a Windows VM.
Search engines: Ecosia, Startpage, or Qwant, depending on the browser. I’ll use DDG to let it play a YT video in search, nothing else. I’ll give Mojeek a try now and then. Tried SearXNG and it’s OK, but I’m not going to self-host, and my trust of other instances… I dunno, gives me a weird feeling.
1 Like
I’m genuinely surprised by how many people use browsers I wouldn’t even consider installing on my machine. Of course, everyone’s free to do as they please, and I’m not judging.
1 Like
Which do you mean? Vanilla FF, or Brave? Or some of the more exotic ones?
I’m not the one you asked, but for me Floorp, Librewolf, Vivaldi, Konqueror, Falkon and DuckDuckGo all come to mind as browsers that I would never use. Half of them can be replaced by Brave or Mullvad Browser, while the other half don’t even need to be replaced because they don’t serve a purpose anyway.
2 Likes
Way too many
1 Like
The previous posters already answered for me.
For productivity, I use Zen with about 5-6 profiles. For privacy, I use Mullvad (and occasionally Tor). I’ve also been using Brave with 5-6 profiles on Qubes more recently. I have Firefox installed, but I rarely use it. I think I use Tor more often than Firefox.
I use my own SearXNG instance, but if it goes down, I use DDG. I want to test other search engines for image search, but have not needed to do any extensive image search recently.
2 Likes
In my Linux,
I use Firefox for general purpose browsing with cookies auto cleared on exit.
Brave for sites which require a quick login and for Tor browsing (I know it’s not ideal, I just want to bypass my service provider)
Zen Browser for always login websites with cookies cleared on exit. (exceptions for login sites).
I don’t generally use profiles feature. On occasions I use Firefox containers or Zen workspaces.
In my Android,
Firefox for general browsing and Brave for site logins (which I use very rarely). Tor Browser in Work profile for anonymous browsing.
Brave is the default search engine. In case a search doesn’t fetch the results I am looking for I make use of Search in Google/Bing option in Brave Search. Here, I use Redirector extension to forward the ‘Search in Google ‘ to Mullvad Leta and ‘Search in Bing’ to DDG HTML.
1 Like
Well, the purpose they do serve is that they all have different fingerprints. Even fingerprint-resistance has a fingerprint.
I’ve tested via CreepJS and if the IP is changed, each browser pings differently. Tor is the only browser that pinged widely enough to mix me into a crowd.
I’d rather just use Mullvad Browser in a disposable VM. I’ve ran Mullvad Browser in Windows Sandbox and I get a new fingerprint everytime I restart the virtual machine.
Overall, I feel like fighting something as meaningless as a fingerprint by having 7 different browsers will result in more annoyance than it’s worth.
I’d just use one browser for sites that require a login, and Mullvad/Tor Browser for sites that don’t.
See, to me the VM is the annoyance. Ultimately, we’re getting mostly the same results with different methods, so it’s just personal taste to some degree. And I have all those options available - I only use 2 or 3 daily. They all have their purpose and it’s muscle memory at this point.
FWIW, though, I just did a side-by-side test with LibreWolf, Mullvad, and Brave on CreepJS, AmIUnique.org, and coveryourtracks.eff.org just now and Brave gives up canvas and font data without a fight. A year ago, not a big deal, but at this point Google trackers can and do use that data to track users. Fingerprinting is the new frontier of tracking, and patterns are hard to shake. LibreWolf with a random header extension pings me as a Windows machine, so that alone is worth it to me, rather than spinning up a Windows VM.
1 Like
There’s a whole conversation about how EFF seems to favor Brave that you and I both participated in: EFF Fingerprint Test Favors Brave?
I get the same results, and I can see exactly in detail what in CreepJS what Brave gives up.
Mullvad and LibreWolf both leave these areas effectively dead.
Don’t you think it’s odd that EFF and AmIUnique disagree so drastically? Like, just objectively - which is right, then? It seems like EFF’s version just isn’t as up to date in the judgement of what’s “random” really is.
Yeah, but this shouldn’t show anything of value. That’s what I’m saying about Brave allowing actual canvas fingerprinting.
Mullvad shows this, while my LibraWolf setup shows a spoofed font set:
I mean, it’s kind of splitting of hairs practically speaking, but it’s just weird that EFF shows a “randomized fingerprint” with the real canvas data fully out there. I also don’t love that Brave shows my actual time zone as set by my desktop. Mullvad and LibreWolf both show UTC by default, and my time zone and language set are not typically paired, so it’s an actual tell for me, which is why it’s weird that EFF calls that “random” and AmIUnique gives me a 0.00% for the same info.
1 Like
So, have I got this right, it’s a good thing if my fonts match my OS, for example, so I blend in better? And the lower the CreepJS score, the better?
Fonts are an identifying data point if revealed. For example if I have 20 random fonts because my family asks me to make their Christmas Card for them every year, having specific unique fonts is data that can be tied to me directly because the chance of 2 people with exactly the same combination of unique fonts is low. For people that have never downloaded a non-default font and don’t have uncommon language packs, it’s not a huge distinguishing factor.
In looking at both of our sets, it looks like Brave spoofs fonts, so that’s actually good for Brave, I wasn’t aware of that. I hadn’t noticed my set included “Noto Sans Canadian Aboriginal Regular.” So I stand corrected there, I wasn’t aware Brave did that.
For me “undefined” is just that CreepJS doesn’t have an identifier associated with my font set because the base set with the Noto fonts are Linux based. EFF and AmIUnique use the data differently as a pattern to be compared against others. So spoofing is better.
CreepJS doesn’t do scores, it’s just the raw data. I’m not sure what you mean by a score. If you’re talking about the percent of RGBA noise, that’s how much noise is in the image rendering, so more is better, but it’s sort of immaterial. If you mean the font number, then either zero is good, or a spoofed font set is good.
1 Like
