It would be nice to hammer a manually created fingerprint into the browser and share that fingerprint around. When everyone has the same fingerprint, no one can be uniquely identified. Could we make such a thing possible?
Not really. The “fingerprint” is not one thing, it’s many, e.g. what fonts are installed, what extensions are used, screen size, results of drawing on a canvas, etc… Most of this stuff is also in some way related to the regular operation of a website, so many of these can’t be blocked.
You could maybe spoof all these things, but some websites may stop behaving correctly.
I get that some things like screen resolution and basic stuff is needed, however most websites don’t need to know how many ram I have, or which CPU I use and so on.
I would wish for an opt-in on this topics: So only make the bare minimum available and ask the user, when more is needed. For example playing games in the browser, for that case it could be useful to know how much ram is available, however for most other things it is not.
And this is really important. If you go on Google tracked websites without tor, Google will still know it’s you when you use tor, even if you’ve cleared all your cookies.
Tor means people don’t know your IP address. It doesn’t protect against other channels of privacy attack.
Tor browser is an additional piece of software built on top of it. Using the network(what everyone else means when they say tor) is unfortunately not enough to prevent fingerprinting.
Good point, that difference does matter. I guess other browsers like Brave use the Tor Network, and it would be misleading to suggest Brave has good anti-fingerprinting.
What kind of fingerprint avoidance are you suggesting then that the Tor browser cannot do that makes a difference?
If you enable JavaScript, you open Pandora’s box to fingerprinting (e.g. tracking mouse movements, certain hardware details, etc). If you don’t, half (or more) of the internet is unusable.
It’s been a long while since I looked, but I remember it being a thing in tails to specifically not resize your browser window or only have it full screen to match a ton of other fingerprints.
Plus since it was a live distro that reset on every reboot it would only have the same fonts and other data as other people using tails. Honestly, I hate that all that info is even available to browsers and web sites at all.
I don’t quite understand – does this feature let you resize the window again to the size you want, and you are still sharing the same fingerprint with everyone else? Or do you still have to keep the browser window the default size to minimize your unique fingerprint?
It rounds the browser window to the nearest 100x100 window size. Using the default will likely be the biggest dataset to hide yourself in, but maximizing the window will still have some amount of obfuscation.
It would be nice to hammer a manually created fingerprint into the browser and share that fingerprint around. When everyone has the same fingerprint, no one can be uniquely identified. Could we make such a thing possible?
Not really. The “fingerprint” is not one thing, it’s many, e.g. what fonts are installed, what extensions are used, screen size, results of drawing on a canvas, etc… Most of this stuff is also in some way related to the regular operation of a website, so many of these can’t be blocked.
You could maybe spoof all these things, but some websites may stop behaving correctly.
I get that some things like screen resolution and basic stuff is needed, however most websites don’t need to know how many ram I have, or which CPU I use and so on. I would wish for an opt-in on this topics: So only make the bare minimum available and ask the user, when more is needed. For example playing games in the browser, for that case it could be useful to know how much ram is available, however for most other things it is not.
Unfortunately the bare minimum is in most cases already enough to uniquely fingerprint you.
Tor browser
And Mullvad browser
This is called Tor
No it isn’t.
And this is really important. If you go on Google tracked websites without tor, Google will still know it’s you when you use tor, even if you’ve cleared all your cookies.
Tor means people don’t know your IP address. It doesn’t protect against other channels of privacy attack.
Yes, it is… Tor prevents against fingerprinting as well. It isn’t just relay plumbing to protect your IP… This can easily be tested on any fingerprinting site with default config of Tor demonstrating a low entropy https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/
Tor browser is not Tor.
This is Tor https://en.m.wikipedia.org/wiki/Tor_(network)
Tor browser is an additional piece of software built on top of it. Using the network(what everyone else means when they say tor) is unfortunately not enough to prevent fingerprinting.
Good point, that difference does matter. I guess other browsers like Brave use the Tor Network, and it would be misleading to suggest Brave has good anti-fingerprinting.
What kind of fingerprint avoidance are you suggesting then that the Tor browser cannot do that makes a difference?
If you enable JavaScript, you open Pandora’s box to fingerprinting (e.g. tracking mouse movements, certain hardware details, etc). If you don’t, half (or more) of the internet is unusable.
It’s been a long while since I looked, but I remember it being a thing in tails to specifically not resize your browser window or only have it full screen to match a ton of other fingerprints.
Plus since it was a live distro that reset on every reboot it would only have the same fonts and other data as other people using tails. Honestly, I hate that all that info is even available to browsers and web sites at all.
Letterboxing has significantly reduced threat presented by window sizing. https://support.torproject.org/glossary/letterboxing/
I don’t quite understand – does this feature let you resize the window again to the size you want, and you are still sharing the same fingerprint with everyone else? Or do you still have to keep the browser window the default size to minimize your unique fingerprint?
It rounds the browser window to the nearest 100x100 window size. Using the default will likely be the biggest dataset to hide yourself in, but maximizing the window will still have some amount of obfuscation.
No, it is not. Tor Browser != Tor. Get your shit right or be pwned.
*Tor browse
Leave everything default and you’ll look like every other Tor browser user.