currently, I have set privacy.fingerprintingProtection to true. which means every time I will reload a page I will get a new fingerprint that way those big tech survaillance companies won’t be able to track me.
am I on the right track? I am using IronFox on my Android device
I am sure a more senior member will hopefully correct me if I’m way off base. But the best protection you can have with fingerprinting is to use Tor, it does the most in keeping buckets of people looking the same.
However even they admit the following:
One study that I was part of in 2018 [3] surprised us as it showed that tracking at a very large scale may not be feasible with low percentage of uniqueness. Anyhow, the one clear takeaway from these studies is the following: even though some browser vendors are working very hard to reduce as much as possible the differences between devices, it is not a perfect process. If you have that one value in your browser fingerprint (or a combination) that nobody has, you can still be tracked and that is why you should be careful about fingerprinting. There is no strong guarantee today that your device is identical to another one present on the Internet.
Tor: Browser Fingerprinting An Introduction
So is Ironfox fingerprinting enough? That’s tough to say, as it depends on your threat model and concerns, as well as how much they try and conceal those identifiers.
If you have genuine concern, you would be best to use Tor for casual browsing. Maybe Vanadium (if you use GrapheneOS) or Brave for stuff you need to login into on mobile. As Chromium based browser are a lot more secure than Firefox based browsers.
It really depends on whether you use the official Firefox browser or modified versions designed for that purpose. I use the official Firefox Beta for Android and have customized it to my liking; I’m sharing it with the community:
You can also modify the following:
Value: webgl.override-unmasked-renderer - Change to: ..
Disable → webgl.disable; if you want to reduce hardware fingerprinting even further.
Note: Do not disable `webgl.disable` just to gain a slight performance boost.
Each operating system has its own settings, whether it’s Linux, Windows, etc.
Thank you for providing the link to the tor browser research about fingerprinting but instead of feeling safer now I feel more scared. they stated that there is no easy way to prevent fingerprinting.
I will try to use tor browser as much more as possible!
Don’t panic. Tor can also be compromised by the NSA (for example) over the network, no matter how much you try to randomize the digital fingerprints.
If you’re really concerned about privacy, you can use the Firefox settings I shared and completely disable both WebGL options shown in the image; you can also use a VPN service—I recommend Mullvad—and connect to servers managed by Mullvad via multi-hop (not to rented servers).
Now, if we go down to the operating system level, the issue is more complex. I can help you with Android, but not with Windows, Mac, or Linux; since I don’t own a personal computer, if I did, I’d help you run a powerful executable script to harden the system, like Windows, for example.
Things are changing one way or another; don’t worry. If you have any questions, let me know.
Remember: maximum privacy and anonymity are not guaranteed.
I have been there. If i may, can I ask what your threat model is? I ask for the benefit of other senior forum members, so they also chip in so we can all collectively help and advice you.
Knowing where you are in your privacy and security journey can help us reassure your worries, and experienced members here I am sure will happily point you to resources you might want to consider.
As Daniel rightly mentions there is no way to be truly bulletproof.
But knowing your threat model will help adjust expectations.
Prima facie: fine. That’s one way of doing it. But are you making yourself too unique in the way you interact on that page. I guess, if your threat model is the tracking across pages, then fine. But then I don’t know how new this fingerprint is.
If, what you describe, is your threat model ‘as is’ then you’re doing a good job. If you’re talking ISP, packets and whatnot (and much, much more…), then no.
So: good job!
sure, currently I just want to reduce my digital footprint as much as possible. as Daniel mentioned even tor can be hacked by NSA. I am not hiding from the three letter agency I just want to be more private online. that’s pretty much it. I don’t want google, facebook and other random website to track me while I surf the internet. that’s why I thought of randomizing fingerprint since that way whenever I will visit the website again they won’t know it’s me!
I am already using Tuta, Proton, Mullvad and other privacy respecting services. never used tor though since pretty much every website I use blocks tor exit nodes.
also switched from gmail to tuta as my identity so now instead of signing with google I provide them a email alias provided by tuta, proton, simplelogin etc and use a password manager to store the password.
I am currently not concerned about my ISP and all, I will tackle that eventually though.
That’s great! In honesty you are probably doing better than 95% of the population who probably just use, Gmail, Outlook, Chrome and so on.
If your using something like GrapheneOS and need the playstore, they reduce what Google can potential collect. Sandboxed Google Play
I imagine you already use a more privacy respecting search engine like duckduckgo or brave search. But some other things you could consider to reduce the surveillance capitalism would be to use privacy frontends. Privacy Guides Frontends and More Privacy Frontends could be a good place to start in reducing what certain “popular” websites can grab about you.
The biggest problem (in my opinion) at present on Android is trying to blend in (or spoof) to make tracking useless. Which was one of my first topics I had asked about when I joined PG.
I think at present until we get a Mullvad Browser like option (I was hoping Brave Origin could have filled the gap but I fear $60 is going to prevent this). Tor Browser is our better option for blending in.
Tor on Mobile However you might want to consider this. For me, if I am trying to do anything sensitive, its Tor on PC.
But to end on a positive, you are clearly on the right tracks, keep it up and well done on what you have accomplished so far.
A nice simple thing you can do for now against your ISP, is if you are using Mullvad VPN is to enable DAITA. More info below:
Mullvad: Defense Against AI-guided Traffic Analysis
It’s running 24/7 on my device. It does slow things down, but even on a 4G connection it is manageable.
