Even though i have Proton VPN blocking trackers and use firefox with arkenfox EFF always says my browser has a unique fingerprint. Same with Mullvad browser and Tor. When I switched Tor to “Safer” it said near unique fingerprint, and only when i switched it to safest did it say i am protected from fingerprinting
from my results id guess that it has no fingerprit thanks to no javascript, but 90% of websites are useless without js
You can fingerprint with just CSS and HTML
Yes, but it’s much better than if you have scripts enabled. Assuming have your useragent set to something common, you’re already covering a lot of ground, and even if you’re not totally fingerprint-proof from every html attribute, every little bit helps.
oddly enough, when i keep my default ua, it says one in 400 have the same one, but when i change it to chrome running on windows (first one on that website you shared) it says only one in 3000
though i suppose this may be inaccurate because theres a good chance that firefox users are more likely to use this site than chrome users
should i just keep it changed to chrome on windows or default?
The least unique setup is not to keep doing more special shit. You underestimate how many people run a vanilla safari or chrome browser on a MacBook with no external displays.
Linux, external monitor, special browser? That all makes you more unique
This is naive and inaccurate because unique screens have unique canvas fingerprinting. Youre giving people bad info.
unique screens have unique canvas fingerprinting.
Exactly what I just said? Don’t use unique screens and you are less identifiable. The most anonymous browser is a freshly wiped two year old Apple device running safari or chrome from a university campus or coffee shop. A million other laptops have the same base canvas fingerprint.
Fewer people use Linux. Fewer people use specialized browsers. Fewer people have external displays. All those things make you easier to fingerprint than a vanilla machine.
Is it possible you misread what I typed?
mull: Your browser fingerprint appears to be unique among the 172,086 tested in the past 45 days.
firefox focus: Your browser fingerprint appears to be unique among the 172,099 tested in the past 45 days.
tor: Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 86045.5 browsers have the same fingerprint as yours.
tor after enabling “request English versions of web pages for enhanced privacy”: Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 57368.0 browsers have the same fingerprint as yours.
tor with safest security level: Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 823.48 browsers have the same fingerprint as yours.
mull after changing android region to United States: Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 12294.86 browsers have the same fingerprint as yours.
changing region doesn’t effect tor, as unlike mull it doesn’t leak system information
If EFF always says your browser has a unique fingerprint then that means the anti-fingerprinting is working, no?
If your fingerprint is unique, that means you can’t be confused for someone else.
That is literally the opposite of anti-fingerprinting.
You want to look like 1000’s of other people, so they can’t prove it was you that visited a particular site and use that information against you.
If it’s unique every time it means they can’t create a consistent fingerprint for you.
A UUID assigned to each user is unique, but that’s not useful for tracking unless you can ensure each user keeps the same number across visits.
The idea with anti-fingerprinting is the idea that no matter who you are or what your setup is, the fingerprint is created, it matches many, many other browsers
Imagine a sea of people in Guy Fawkes masks.
Try it with Mullvad Browser or Brave. The former should give “You have a non-unique fingerprint”, while the latter should give “You have a randomised fingerprint”.
I personally prefer Mullvad, as it’s not run by a raging homophobe and it’s not based on Chromium.
You and 1000 friends go to a party all dressed in the same Mr Blobby costume. When one of you gets absolutely shitfaced at the open bar and vomits in the middle of the dance floor, they get kicked out and banned from next week’s rager. Next week rolls around, and 1001 Mr Blobbys rock up on on the dance floor, because management has no idea which Mr Blobby cost them their deposit last week.
You and 1000 friends all go to a party dressed as a unique DeviantArt Sonic OC. One of you fails to hold their liquor. They get kicked out. You all attend the party next week all wearing a completely different costume of a completely different DeviantArt Sonic OC, since the number of them is functionally infinite. Management can’t kick the vomiteer out because as far as they’re concerned, Jimmy the Hedgehog didn’t show up this week, because whoever was Jimmy the Hedgehog is now Steve the Echidna.
possible
In practice? No not really.
JShelter is the only thing I have seen that stops creepjs from working at all. But that doesn’t mean you can’t be fingerprinted. Not to mention Crimeflare has been very successful with their TLS fingerprinting methods (among other things), which doesn’t even require working JavaScript.
And compared to creepjs, EFF’s tool is a joke and works quite differently, and not in a good way.