An interesting take on browser extensions which hope to prevent fingerprinting
With respect to native browser functionality:
Browser vendors have already invested a considerable amount of work into anti-fingerprinting. However, they usually limited themselves to measures which wouldn’t break existing websites…
And extensions:
Privacy protection extensions on the other hand aren’t showing as much concern. So they will typically do something like:
screen.width = 1280;
screen.height = 1024;
There you go, the website will now see the same display resolution for everybody, right? Well, that’s unless the website does this:
delete screen.width; delete screen.height;
And suddenly screen.width and screen.height are restored to their original values…
That probably goes a long way, but there are several ways of fingerprinting without javascript (Firefox appears to be working on beating many of them) including:
tracking favicons: https://www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online, https://lemmy.ml/post/53874
tracking https session handshake tokens: https://www.theregister.com/2018/10/19/tls_handshake_privacy/
css: New Browser Attack Allows Tracking Users Online With JavaScript Disabled: https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
and just the general header information the browser sends by default can put users in a bucket by geolocation, platform, browser etc.
But Firefox seems to be getting many of the most egregrious problems under control.
I suppose in that case we should choose the sites we browse carefully.