Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quit…
Damn… I guess the next idea is going offline for good
Back in the day there were apps that generated phony web searches to obfuscate your real searches.
Seems like there could be tools to mess around and change browser fingerprints periodically. No?
Interesting… Tor, Mullvad, and other secure browsers, go to the exact opposite approach, though… they try to make everyone look the same so they can’t tell you apart across IPs
Cromite’s explicit focus is, literally, antifingerprinting. With the goal of breaking cross site tracking I guess.
A more accurate goal for Tor/Mullvad is anonymizing, e.g. “blending in with the crowd.”
It’s like radically changing your clothes every day vs wearing super incognito stuff. Different means, each more optimal for different aspects of security/privacy.
It could be done on the browser level (maybe it’s something browsers like LibreWolf do), however, it would break sites that require the fingerprints to be the same for “security reasons” which may or may not be a legitimate claim.
You could say “well, I’m not going to use that particular website then”, but the problem is that there are less and less websites that don’t require these technologies to function properly.
Off the top of my head, no. What I do remember is that I couldn’t use Librewolf as my daily browser because I had trouble using every other website. Might be an exaggeration, and it could have been due to other factors, not just resisting fingerprinting.
you enable fingerprinting resistance in Firefox, or use Librewolf, you’ll immediately encounter oddities. Most obviously, every time you open a new browser window, it will be the same size. Resizing the window may have odd results, as the browser will try to constrain certain screen elements to common size multiples. In addition, you won’t be able to change the theme.
You’ll probably find yourself facing more ‘CAPTCHA’ and similar identity challenges, because your browser will be unknown to the server. Websites don’t do this out of spite: hacking and fraud are rife on the Internet, and the operators of web-based services are rightly paranoid about client behaviour.
You’ll likely find that some websites just don’t work properly, in many small ways: wrong colours, misplaced text, that kind of thing. I’ve found these issues to be irritations rather than show-stoppers, but you might discover otherwise.
And Canvas Blocker (which only optionally blocks but randomizes them). But Firefox has that built-in now; canvas fingerprinting should be pretty much useless there.
There is a browser extension called Chameleon that will spoof a fair amount of data, but after testing it against one of those fingerprint test sites, it looks like it doesn’t/can’t spoof everything.
Back in the day there were apps that generated phony web searches to obfuscate your real searches. Seems like there could be tools to mess around and change browser fingerprints periodically. No?
Already done, see: https://github.com/uazo/cromite
When I go to the fingerprint test, a bunch of the values like resolution and timezone are randomized.
…Not everything, though.
Interesting… Tor, Mullvad, and other secure browsers, go to the exact opposite approach, though… they try to make everyone look the same so they can’t tell you apart across IPs
Yeah, exactly.
Cromite’s explicit focus is, literally, antifingerprinting. With the goal of breaking cross site tracking I guess.
A more accurate goal for Tor/Mullvad is anonymizing, e.g. “blending in with the crowd.”
It’s like radically changing your clothes every day vs wearing super incognito stuff. Different means, each more optimal for different aspects of security/privacy.
It could be done on the browser level (maybe it’s something browsers like LibreWolf do), however, it would break sites that require the fingerprints to be the same for “security reasons” which may or may not be a legitimate claim.
You could say “well, I’m not going to use that particular website then”, but the problem is that there are less and less websites that don’t require these technologies to function properly.
Can you give an example of one of those websites?
Off the top of my head, no. What I do remember is that I couldn’t use Librewolf as my daily browser because I had trouble using every other website. Might be an exaggeration, and it could have been due to other factors, not just resisting fingerprinting.
I’ve just come across this article: https://kevinboone.me/fingerprinting.html
The author describes the situation pretty well:
There’s this but it blocks only one of the many methods voyeurs use.
https://addons.mozilla.org/en-US/firefox/addon/no-canvas-fingerprinting/
And Canvas Blocker (which only optionally blocks but randomizes them). But Firefox has that built-in now; canvas fingerprinting should be pretty much useless there.
There is a browser extension called Chameleon that will spoof a fair amount of data, but after testing it against one of those fingerprint test sites, it looks like it doesn’t/can’t spoof everything.