1. 38

  2. 3

    On my android with firefox i get the following results:

    Within our dataset of several hundred thousand visitors, only one in 200652.0 browsers have the same fingerprint as yours.

    Currently, we estimate that your browser has a fingerprint that conveys 17.61 bits of identifying information.

    How do you guys stop people tracking you on the internet?

    1. 5

      How do you guys stop people tracking you on the internet?

      Tor browser (note that their fingerprint doesn’t include IP address), or you don’t. Welcome to the modern Web.

      1. 1

        So, the only way to protect from fingerprinting is Tor? There must be another lighter-weight solution out there…

        1. 2

          Let us know, if you find something :-)

      2. 5
        • uBlock Origin: general purpose adblocker
        • uMatrix: block everything 3rd party by default, enable on a site-basis. Also enables toggling of User agent spoofing, Referer spoofing and Strict HTTPS.
        • Privacy Settings: has some nice buttons for toggling features depending on mood; using it to block things like geolocation, battery API etc.
        • Cookie AutoDelete: remove all cookies, unless whitelisted. I whitelist a few pages that I use enough that it’d be a bother to having to log in on every visit.

        And now also CanvasBlocker

        I often pop open a clean Chromium (using chromium --temp-profile) or create a new Firefox profile if I’m visiting sites that for some reason don’t work/don’t want to fiddle with uMatrix settings to get it to work.

        And of course, Tor Browser for an easy way to browse sites that I really don’t want to know me. And in the extreme that I’d want to be even more secure I’d make a Raspberry Pi dropbox with a wifi dongle and set it to run a VPN (or just SSH) as a tor hidden service and drop it with a battery near a coffee shop/McDonalds/library. …or use my Ubiquiti NanoStation to connect to an open wifi a few hundred meters away…

        1. 2

          Having so many extension that inspect and intercept all network requests is unfortunately really bad for browser performance (and the JS/C++ context switches for everyone of those really add up). I recommend picking one of those blockers and figuring out how to make a restrictive superset.

          Alternatively you could blocklist/nullroute things via /etc/hosts or somewhere else deeper in the network stack. Gives you free anti-tracking in your other applications too.

          1. 1

            Thanks for the advice – I’m well aware of the cost, but in day-to-day use it’s not really noticeable.

            Haven’t gotten around to setting up hosts files on my PCs/the gateway but I should find time to do that soon…

          2. 1

            Thanks for Privacy Settings addon. I fiddled with about:config for some time, but the addon is much more convenient.

          3. 1

            NoScript for Firefox on Android https://noscript.net/nsa/

          4. 3

            18.62 bits for the system fonts. I wonder why the system fonts are exposed from the browser?

            1. 3

              Hmm interesting, looking at this question, the culprit should be Flash.

              So, if I disable the Flash add-on, the bits are reduced to 9.98.

              1. 1

                That’s odd. I use Firefox without Flash I still get around 16 bits.

            2. 2

              Great website, but keep in mind that it doesn’t do anything remotely fancy that could be used for tracking. Nothing like using a unique ETag, nothing on the TCP layer, nothing like JavaScript feature tests, etc.

              In other words: There certainly are lots of ways to improve it and if you really invest time into that you might come up with many additional tests.

              But then I think the purpose is also to show how easy it is in general.

              1. 2

                What is the “Hash of canvas fingerprint” value I see in the test? For me it carries the bulk (10 bits out of 18) of the information they report. The rest of the parameters I see seem to be data that applications need to function correctly, so I don’t think it’s feasible to block that.

                1. 4


                  You may consider enabling certain features on a per-site basis. That means unneeded features won’t be exploited on sites where you don’t care about webgl animations and your fingerprint will not match across all these sites.

                  1. 4

                    data that applications need to function correctly

                    The problem in a nutshell.

                    1. 3

                      Had the same problem; just installed CanvasBlocker and while it doesn’t change the conclusion of the test, the hash changes on every test meaning that it just got harder to track me.