To resist fingerprinting You want to browse the web as normal as possible to avoid identification.
-
A browser generally sends out all of this information to get specific data back from a site. Let's say you visit a site from your phone, in that case you'll automatically get the correct version of the site made for your phone because your browser sends the user agent and the site processes that. In the current world, a lot of this information is being used to track you because only a really small percentage of people share the same properties, and thus, you are identifiable. Of course you can 'anonymize' these properties in your normal browser by faking them, but some stuff will break and it won't make you necessarily more anonymous. First of all, a lot of content on the web will be broken. Sites depend on some information to serve you the proper layout of the site. Tor on the other hand actually tries to send out a baseline default response for every tor user. It's not recommended to change your resolution because even if the browser sends a 'fake' default resolution, various javascript or css elements on some sites will still be able to track your resolution. And if that happens, you directly stand out to all other tor users. There are attempts to change the resolution without standing out by changing how the viewport works, so for example only change the 'scale' of the rendered site, but for now it's just recommended to keep everything default.
So in short: your normal browser does not have to be honest about it's properties, but it won't make you more anonymous because you still stand out from the other people and content on the web will break. Tor works because everyone has the same properties, including resolution. You can surely change your resolution, but there is just simply a chance that you will be standing out from other people. It's just safer to keep it the way it is.
-
Your assumption is that people use a fake fingerprint that does not change (which is often true).
However a randomised fingerprint solves that, as does everyone using the same fake fingerprint.Similar principal with the useragent. If all browsers reported they were the same version of Mozilla netscape it would hide 1 tree in the forest.
Vivaldi swapped from standing out in the crowd for related reasons so now lies in its useragent string
-
@Dr-Flay said in To resist fingerprinting You want to browse the web as normal as possible to avoid identification.:
However a randomised fingerprint solves that, as does everyone using the same fake fingerprint.
Unfortunately, neither form of spoofing has proven to be a reliable way of preventing tracking. Randomization doesn't & can't randomize everything, researchers have successfully broken through both static & dynamic spoofing techniques with surprising success -- not only being able to track users, but also correctly guess the values that were spoofed a high percentage of the time. In same cases, spoofing is actually detrimental.
Really, the best anyone can do is not connect to trackers in the first place. And the best way to do that is using a default deny configuration in your blockers. Certainly most sites will be broken in some way if you harden your browser to deny even first-party scripting, which I do. But it's not difficult or very time-consuming to create the necessary exceptions to restore just enough functionality to a site so it behaves acceptably. Most (nearly all) of the time this can be done while still blocking third-party tracking servers, and need only be done once. If you save the exceptions you've created, then every subsequent visit to that site will work as expected, while still never connecting to the tracking servers.
The dubious effectiveness, and sometimes detrimental nature of spoofing prevents me from recommending it as a technique to mitigate against tracking.
-
I'd wager that it depends on the site you're spoofing on. I'm sure facebook has all the precautions in place to see through any spoofing.
But smaller sites with less incentive to track may have some weak/cheap tracking in place that's easy to lie to.If you're compartmentalizing your browsers though and each one is used to reach a particular group or category of sites, this helps lie to the "right people".
Of course, this all falls apart if you're not using a VPN. They won't care what your new fingerprint is when you keep showing up with the same IP.Disabling JS definitely solves most fingerprint issues, but the point stands on breaking sites.
Logging in shouldn't be overlooked. Once you provide information, that's just another scenario where fingerprinting isn't even needed.OP recommends tor but i'd think you have to be a masochist to use that as a daily driver. (Not to mention there's an entire sub-topic to this about tor vs tor-over-vpn vs vpn-over-tor)
Personally, I'd recommend either a Pi-Hole or WireGuard for your network, block as many trackers as you can outright from there. Compartment your browsers (even Tor). Some browsers may benefit from some attempt at spoofing, but by doing it right and using a VPN to compliment it - you weight the risk of dodging your own Pi-Hole/WireGuard safeguards. If you use HostsMan, you can share a redundant copy of your DNS "blackhole" though. Make sure you have redundant settings of DoH services like Quad9 setup as well. uMatrix is great for blocking 3rd party everything. Use an email alias service like AnonAddy to avoid correlating your information from site to site, and with all that said - you're probably doing pretty good while not suffering when browsing. It's not perfect, but convenient enough as far as privacy goes.
-
-