this post was submitted on 01 Aug 2024
172 points (97.8% liked)

Technology

59534 readers
3223 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] asbestos@lemmy.world 3 points 3 months ago (10 children)
[–] AceSLS@ani.social 20 points 3 months ago* (last edited 3 months ago) (9 children)

Well, this is a way to vast topic to explain everything here but I'll try and summarize the most important things:

Let me first explain how websites are able to "fingerprint" you: It's basically just collecting as much data as possible about your device. Simple things like your browsers size (in pixels), your screen size, your CPU's core count an many, many more. Having all this data makes it possible for websites to create a profile that only matches one of your specific devices (world wide!). Some websites/fingerprinters even go as far as scanning your local network for other devices, which could even tell them where you live, with whom etc. This wouldn' be such a big deal if every website had their own database, but almost every page uses ads from Amazon, Meta or Google which makes these companies able to reliably track most of your internet usage even across different devices

So fingerprinters can be very intrusive nowadays, the best way to be anonymous is for everyone to share the same fingerprint which is what the tor browser tries to attempt. Obviously this needs everyone to conform to some predefined norms to work, otherwise you'll become an outlier which can be tracked again

Tor browser sadly is very slow and by definition not very customizable, so I chose to forsake it in favor of Librewolf in combination with uBlock Origin in Strict Mode, all filterlists and all privacy settings enabled. Additionally I use JShelter to restrict websites Javascript usage and spoof some of the data which can be fingerprinted. Also for Android I use Firefox with some settings from the Arkenfox user.js (Librewolf uses this by default, I mostly use DNS over TLS and Resist Fingerprinting) and Firefox's own Enhanced Tracking Protection in Strict mode. Additionally I like LibRedirect to access Reddit when I need to without having to login.

This setup stops most fingerprinters from even being loaded, those that still get loaded won't run most of the time. It also sadly doesn't work very well with pages behind Cloudflare, so you sadly need to (temporarily) disable some protections to get arround cloudflares captcha (or alternatively delete the webpages cookies each time you request another page from the same domain, this can be automated with addons/Firefox)

Keep in mind though that my setup might be considered pretty overkill by most and that privacy is a spectrum. It's possible to block all tracking, but that would make almost the whole web unusable so keep that in mind. Your goal should be to limit the data that can be harvested from you to an acceptable degree, not to eliminate it. Most of the time this is a tradeoff of convenience vs privacy

If you wanna learn more look arround uBlock Origin Wiki, the Arkenfox user.js Wiki and the JShelter webpage

Additionally here's some websites to test your overall fingerprintability:

  • Browserleaks (My favorite, as it explains most things it shows you)
  • Cover your tracks: Let's you look at your fingerprint generated by real tracking companies, mine is unique but changes every browser session (restarting my browser/wiping the pages cookies)
  • CreepJS: Strongest fingerpriner I have found to date, almost impossible to fool. Goes as far as knowing when your browser lies about some things and much more!
  • IPLeak: Some more identifiable information about your ip address and DNS settings

Shoutout to LibreJS as well, sadly it breaks wayyy to many websites without doing endless tweaking for me to consider it usable and also LocalCDN

Also to finish this I should tell you that I'm by no means an expert and that you should do your own research. Having a semi random fingerprint can itself be a trackable vector but atleast I feel safe enough doing it this way

Feel free to ask more if something's unclear/you want to know some more about privacy outside of your browser

[–] InnerScientist@lemmy.world 2 points 3 months ago (1 children)

Something I don't get is, why try to make all browser look the same when you can do the easier thing and just make each browser session have a new fingerprint?

A unique fingerprint doesn't matter much if it's only valid till I close that website, right? So why not change a lot of variables by some small amount to make the data useless?

[–] AceSLS@ani.social 1 points 3 months ago

That's exactly what my setup does. But like I said, this could in theory lead to you being more trackable

load more comments (7 replies)
load more comments (7 replies)