A conversation here the other day with respect to browser fingerprinting, uBlock Origin modes, and Mullvad Browser, got me curious to test for myself. What follows are the results of some semi-unscientific testing using coveryourtracks.eff.org from the Electronic Frontier Foundation.
What I tested
I used the EFF’s Cover your tracks fingerprinting test, to test fresh, clean installs of Librewolf (LW), Mullvad Browser (MB), and Tor Browser (TBB) in a few different configurations. I encourage everyone to test their own browser and report back.
Takeaways and points to ponder:
- This is just a test, and not necessarily representative of reality, or privacy more broadly (fingerprinting is just one aspect, and an aspect that sometimes conflicts with other privacy goals).
- Out of all tested configurations, MB and TBB set to “Safest” mode had by far the least identifiable fingerprint (1 in 92, and 1 in 182 respectively).
- It is possible that enabling uBO hard mode enabled would be similarly effective (since both uBO’s hard mode and TBB’s ‘safest’ mode block javascript) but I can’t say that with any certainty since uBO in hard mode blocks/breaks the test.
- Using the ‘safer’ mode probably has security and other privacy benefits but it performs moderately worse in the fingerprinting test.
- Using uBO’s Medium Mode (blocking 3P scripts and iframes) neither helped nor hurt the browser fingerprint in either LW and MB. However, while that is true in the test, Medium mode in the wild might be less (or more) identifiable since it only affects 3rd parties, and this test seems to be a 1st party fingerprinting test.
- For anyone not willing to block javascript, it looks like the least identifiable option would be MB in standard mode, full screen (1 in 775). At least that is what my test data showed, but it may not be representative for various reasons (including small-ish sample size of 200K)
Results/Data
- Librewolf (default): 1 in 40k
- LIbrewolf (default with letterboxing): 1 in 12K
- Librewolf (uBO medium mode): 1 in 40k
- Librewolf (uBO hard mode): Blocks the test
- Mullvad Browser (‘standard’ non-fullscreen): 1 in 2900
- Mullvad Browser (‘standard’ fullscreen): 1 in 775
- Mullvad Browser ('standard, fullscreen, uBO Medium Mode): 1 in 775
- Mullvad Browser(‘safer’ fullscreen): 1 in 3100
- Mullvad Browser (‘safest’): 1 in 92
- Mullvad Browser (uBO hard mode): Blocks the test
- TBB (‘standard’, non-fullscreen): 1 in 1700
- TBB (‘standard’, fullscreen): 1 in 1200
- TBB (‘safer’, fullscreen): 1 in 2600
- TBB (‘safest’): 1 in 183
(The “1 in x” numbers refer to uniqueness, i.e. out of the 200k browsers tested in the past 6 weeks, 1 in x matched with my test results, because of the somewhat small and self-selecting sample, its unclear how representative these numbers are, I would trust them enough to make observations about general trends but not enough to make specific concrete inferences based on that data)
(Click each > heading to expand that section).
