An interesting take on browser extensions which hope to prevent fingerprinting
With respect to native browser functionality:
Browser vendors have already invested a considerable amount of work into anti-fingerprinting. However, they usually limited themselves to measures which wouldn’t break existing websites…
And extensions:
Privacy protection extensions on the other hand aren’t showing as much concern. So they will typically do something like:
screen.width = 1280;
screen.height = 1024;
There you go, the website will now see the same display resolution for everybody, right? Well, that’s unless the website does this:
delete screen.width; delete screen.height;
And suddenly screen.width and screen.height are restored to their original values…
Same thing with Firefox’s “Don’t track me” feature. Turning it on might have the adverse effect of making you more trackable.
Makes me still a little sad every time I think about it. :/
This is why I use multiple web browsers for different sites and workflow :)
Actually. Everybody tries to get rid of tracking by making everyone look the same. Wouldn’t it be easier to just randomize a person to every site/session instead?
What do you mean in practice ?
All the properties that are fingerprinted (resolution, canvas output, etc) should be made as unique as possible, but different for every site a user visits. So instead of trying to make everyone have the same face, make everyone’s face change every minute.
Disabling Javascript shoud decrease the fingerprinting for the most part right?
That probably goes a long way, but there are several ways of fingerprinting without javascript (Firefox appears to be working on beating many of them) including:
-
tracking favicons: https://www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online, https://lemmy.ml/post/53874
-
tracking https session handshake tokens: https://www.theregister.com/2018/10/19/tls_handshake_privacy/
-
css: New Browser Attack Allows Tracking Users Online With JavaScript Disabled: https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
and just the general header information the browser sends by default can put users in a bucket by geolocation, platform, browser etc.
But Firefox seems to be getting many of the most egregrious problems under control.
I suppose in that case we should choose the sites we browse carefully.
-
