Firstly, there are two main kinds of tracking that this forum talks about. (1) Naive tracking and (2) Advanced tracking.
- Naive tracking occurs when websites detect the values of your browser metrics. Browser metrics can include fonts, screen resolution, time zone, etc.
- For example: If a website has two visits whose detected values are the same (i.e., same fonts, screen resolution, and time zone), then the website owner can conclude that the two visits are from the same person.
- Browsers like Firefox and Brave prevent this kind of naive fingerprinting by randomizing the values and preventing them from leaking and stuff.
- Advanced tracking occurs when websites try to detect when you are randomizing the values of your browser metrics.
- I’m not entirely sure how they do this since this is not my field.
- But browsers like Tor and Mullvad prevent this kind of advanced fingerprinting by creating a “crowd” of browsers which all have the same browser metric values. If everyone has the same fonts, screen resolution, and time zone, then everyone has the same fingerprint.
It does not. Context is important. What @phnx was likely referring to here…
… was advanced anti-fingerprinting for people of high threat models. Although both Mullvad and Tor combat advanced fingerprinting, Tor is uniquely for those with high threat models who also need verifiable anonymity, where their browsing habits are not linked with a persistent identity.
The context here is different because you are talking about low stakes, everyday browsing. Your threat model is comparatively low and does not require anonymity, only anti-fingerprinting. Because of this, Mullvad coupled with a VPN is sufficient for the job. That is the standard advice for low stakes, everyday browsing. You do not need to couple it with a VM to reap its anti-fingerprinting rewards.
As discussed above, the advice that @phnx and @KevPham gave is for people of high threat models who are aiming for anonymity, not just anti-fingerprinting in itself. Your threat model is for low stakes, everyday browsing. It is not standard advice to use Mullvad in a VM for this low level of threat model.
Arkenfox prevents naive tracking, not advanced tracking. Mullvad Browser prevents naive tracking and advanced tracking when coupled with a VPN. Therefore, it would be a step down to use Arkenfox. Since Mullvad doesn’t require a VM for you to reap its anti-fingerprinting rewards, you are find to keep doing what you’re doing currently.
This is why threat modeling is important. What do you mean by, “whenever I need to”? Do you mean whenever your browsing is high stakes? Mullvad is fine for low stakes browsing and anti-fingerprinting. If you need to do high stakes browsing (i.e., you need anonymity), then that’s when you need to follow the advice of @KevPham and @phnx and use Tor (in a VM).