-
Notifications
You must be signed in to change notification settings - Fork 63
Browser fingerprinting
Browser fingerprinting is the process of accumulating data about your browser with the goal to make you uniquely recognizable, or fingerprintable, without the need of any storage-related data. Some factors that can be used to fingerprint are screen resolution, canvas hashing or the list of plugins, detectable Add-ons and fonts on your system. Some Add-ons that on the one hand increase your privacy and security, like uBlock Origin or CanvasBlocker, makes you more easily fingerprintable on the other hand - because everything that makes you more unique in comparison to the majority of internet users also makes you easier fingerprintable. In practice, most of the time it's already enough to track you with your "Internet Address" (IP) in combination with fingerprinting your "Browser Vendor+Version" (UserAgent). If you want to see fingerprinting in action, you can check out e.g. Panopticlick, amiunique or Browserleaks. Examples of fingerprinting in the wild can be if websites say stuff like "we don't recognize your device". That can be a simple cookie-check, but it can also be a fingerprint mechanism.
Want to avoid fingerprinting? Well, unfortunately I have no good news for you. Essentially you can't avoid it, the closest you can do is to try to get different fingerprints for different types of browsing. Your best bet when using the same machine and Internet connection is Tor Browser, because they apply different anti-fingerprinting mechanisms and also anonymize (to some extent) your IP. Though, it doesn't support containers yet. Other than that you could of course also use different hardware and a different Internet connection, e.g. you could host a Browser on a dedicated server and forward its interface to your local machine (VNC over VPN or SSH might be a canidate for that). Be aware, that once you leak your fingerprints into accounts, e.g. by logging into a site with several different fingerprints, they can easily be connected.
The less extreme approaches are different profiles or browsers, with significant different configurations.
I'm also looking into providing ways to change the fingerprint of Temporary Containers compared to default/permanent Containers - however, this mostly lacks Firefox API support at this point - like switching on Firefox privacy-configurations per container.