I have been doing fingerprint research for several years. I’ve done countless builds with various browsers, configurations, extensions, and strategies. (Yes i have too much time for this).
Here is what I’ve concluded. I hope this helps someone.
CoverYourTrack is crap, plain and simple. Your best option will always be to randomize. Always. You will not “blend in”. I don’t care if you run Google Chrome on Windows 10 or Safari on iOS, JavaScript exposes way too much info, you will always have a unique fingeprint. Just go play around with fingerprint.com on some normie browser/os setups and you will see what i mean.
You must randomize all the values that you see on sites like browserleaks.com. canvas, audio context, webgl hash, clientrects, fonts, etc etc. I’d also make sure you are proxifying all your browsers and using random locations. You can do this with Brave somewhat, which has some randomization stuff in it. You can do this with browser extensions as well. Ungoogled chromium also has some randomization for canvas and clientrects i think
There are only a couple options outside of this that I recommend, in the realm of “generic fingerprint” solutions. TOR browser (they have been on the front lines of this for many years). And also Mullvad browser, which, despite its generic fingerprint goal, seems to also defeat fingerprint.com.
Tldr, if you want the best experience out of the box that is also very usable, just use Mullvad Browser. They are basically the browser i wished for for like a decade.
I personally consider this[1] to be the ultimate test of Browser fingerprint protection coverage. Let me know if you manage to find a way to defeat this test.
Anyone know how I can get improved fingerprinting results on Firefox Android? Currently its at 16.56 bits and it says I have strong protection against web tracking. NoCanvas isn’t availble on Android devices.
No problem, faking instead of blocking canvas is the way to go, for example the new captcha by Cloudflare uses countless queries to check the browsers validity: blog.cloudflare.com/turnstile-private-captcha-alt…
I’m guessing that if you block it sites will either block you entirely or give you a fallback old captcha.
My impression is the thing with modern day ad tracking, selling information to spammers, and hackers is, even if you secure your browser tighter than a drum, any one of your browser extensions, which we've given permission to read all site data on every site you visit and interact with, could be keeping extensive logs on your activity and selling that away to the highest bidder. Am I understanding that right?
I’ve got really good scores. I’m grading a bit on a curve due to mitigations/spoofs already in place for both browsers that fool the scripts effectively.
4.45 bits from Firefox. [“System Fonts” is the worst score]
4.47 bits from LibreWolf. [“AudioContext Fingerprint” is the worst score
Some Measurements are Ignored; reasons within.User Agent - Flawed. This contains no personally identifiable information and spoofing this often causes compatibility and functionality issues. It is OK to spoof for -MORE- functionality if needed. WebGL Vendor & Renderer - Spoofed/Blocked Firefox spoofs this via CanvasBlocker and LibreWolf blocks this from being accessed at all. Spoofing allows some websites to feel “satisfied” they have some fingerprint that is otherwise patent nonsense and CanvasBlocker will present the same value to the website/script later if it’s loaded in the same Container/Context. Screen Size and Color Depth - Spoofed/Blocked Both Firefox and LibreWolf will spoof/randomize/standardize these viewport values back to scripts to preserve privacy. For functionality reasons my LibreWolf installation is my minimal plugin environment. This allows me to quickly and temporarily load a website I might NEED to use without compromising on Privacy while not being forced to troubleshoot which plugins might be preventing the site from loading in Firefox. System Fonts - LibreWolf OnlySpoofed/BlockedValue is Randomized
Well that’s interesting. I’ve read more than one place the having uBlock Origin is “enough” and that adding Privacy Badger is overkill. I’ve also got AdGuard Home running on a Pi-4. I failed all three tests with Vivaldi Nightly and Arc Browser–both with uBO installed…
Simply adding Privacy Badger to the existing setup, suddenly I had “strong web protection”.
[edit] Firefox passed without having to add Privacy Badger.
thanks for the tip, i'm already on firefox, but when run it said i had "some protection" for both blocking tracking ads, and blocking invisible trackers, added privacy badgers after reading your post, because why not, and now it says YES for both
Yes, you can do it manually by enabling resistFingerprinting, but the easiest way is to just install LibreWolf browser which is a fork of Firefox. Or Mull which is practically the same thing, but Android.
It doesn’t suit me personally, I want more extensions. In particular, I use uMatrix, as it gives a little more flexibility than uBlock Origin even in authormode. I’ve been able to bypass paywalls by targeting elements from a domain, rather than the domain itself. But also there are plenty of quality of life extensions I rely on, eg gestures.
Mullvad is very good out of the box though, I’ll give it that. And I use Mull on Android quite happily (although this does allow more extensions, pretty sure the two aren’t affiliated).
edit: Nvm previous result, I got the same result OP did with Firefox and Safari, I realized I was testing on my wifi with a pihole… switched to mobile network only and protection dropped to partial.
edit2: but Firefox Focus still has strong protection:
I seem to get that same result on iPhone for Firefox, Safari and Brave
edit: see original reply
Firefox Focus still has “strong” result.
I get “Partial Protection” on Chrome and two generic named browsers, and a flat-out “No” for Opera Mini
Before anyone asks “why” about anything listed here, I have to test webpages for compatibility across browsers. Having them installed is the only way to do that.
coveryourtracks.eff.org
Hot