Friendica Social Network

Browser Fingerprinting And Why VPNs Won’t Make You Anonymous

Damn... I guess the next idea is going offline for good

Browser Fingerprinting And Why VPNs Won’t Make You Anonymous

Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quit…

^Hackaday

#privacy

in reply to BeatTakeshi

Mikelius

in reply to BeatTakeshi • 2 weeks ago • •

Ultimately being truly anonymous on the internet is pretty hard, and thus VPNs are mostly helpful for getting around region blocks for streaming services, not for obtaining more privacy.

I disagree.

There seems to constantly be two sides of the privacy discussion with public VPN options and they're both wrong on their own. It's correct that using a VPN on its own is not enough to keep you private online, fingerprinting being one example to why. However, not using a VPN but having no identifiable browser fingerprint doesn't either, since your IP is still a fingerprint too.

I like to give the following analogies:
1. Doing only an oil change on your vehicle but no other maintenance won't keep your vehicle running forever
2. Doing all vehicle maintenances except oil changes won't keep your vehicle running forever

If the goal is to be private, remember that a VPN is only one tool in a very large tool belt.

in reply to Mikelius

Tatar_Nobility

in reply to Mikelius • 2 weeks ago • •

I think TOR would be more suitable than a VPN

in reply to Tatar_Nobility

Mikelius

in reply to Tatar_Nobility • 2 weeks ago • •

Tor is definitely another option. For my personal use however, I have my entire network covered by a VPN so all outgoing traffic uses it.

I'm sure I could setup Tor to do the same, but I imagine my family and I would get blocked more heavily on sites, as well as get our bank accounts and such flagged or something.

Like many things, it obviously depends on your threat model.

This entry was edited (2 weeks ago)

in reply to Mikelius

Auli

in reply to Mikelius • 2 weeks ago • •

They do more then fingerpring your browser.

in reply to Auli

a_non_monotonic_function

in reply to Auli • 2 weeks ago • •

Wait, did they put them on our hands?

in reply to BeatTakeshi

SteveCC

in reply to BeatTakeshi • 2 weeks ago • •

Back in the day there were apps that generated phony web searches to obfuscate your real searches.
Seems like there could be tools to mess around and change browser fingerprints periodically. No?

in reply to SteveCC

RheumatoidArthritis

in reply to SteveCC • 2 weeks ago • •

There's this but it blocks only one of the many methods voyeurs use.

addons.mozilla.org/en-US/firef…

Canvas Defender – Get this Extension for 🦊 Firefox (en-US)

Download Canvas Defender for Firefox. Instead of completely blocking canvas fingerprinting, Canvas Defender add-on creates a unique and persistent noise that hides your real canvas fingerprint.

^{addons.mozilla.org}

in reply to RheumatoidArthritis

MonkderVierte

in reply to RheumatoidArthritis • 2 weeks ago • •

And Canvas Blocker (which only optionally blocks but randomizes them). But Firefox has that built-in now; canvas fingerprinting should be pretty much useless there.

in reply to SteveCC

jimi_henrik

in reply to SteveCC • 2 weeks ago • •

It could be done on the browser level (maybe it's something browsers like LibreWolf do), however, it would break sites that require the fingerprints to be the same for "security reasons" which may or may not be a legitimate claim.

You could say "well, I'm not going to use that particular website then", but the problem is that there are less and less websites that don't require these technologies to function properly.

in reply to jimi_henrik

PowerCrazy

in reply to jimi_henrik • 2 weeks ago • •

Can you give an example of one of those websites?

in reply to PowerCrazy

jimi_henrik

in reply to PowerCrazy • 2 weeks ago • •

Off the top of my head, no. What I do remember is that I couldn't use Librewolf as my daily browser because I had trouble using every other website. Might be an exaggeration, and it could have been due to other factors, not just resisting fingerprinting.

I've just come across this article: kevinboone.me/fingerprinting.h…

The author describes the situation pretty well:

you enable fingerprinting resistance in Firefox, or use Librewolf, you’ll immediately encounter oddities. Most obviously, every time you open a new browser window, it will be the same size. Resizing the window may have odd results, as the browser will try to constrain certain screen elements to common size multiples. In addition, you won’t be able to change the theme.
You’ll probably find yourself facing more ‘CAPTCHA’ and similar identity challenges, because your browser will be unknown to the server. Websites don’t do this out of spite: hacking

Kevin Boone: The privacy nightmare of browser fingerprinting

%%DESC%%

^{kevinboone.me}

in reply to SteveCC

pumpkin_spice

in reply to SteveCC • 2 weeks ago • •

There is a browser extension called Chameleon that will spoof a fair amount of data, but after testing it against one of those fingerprint test sites, it looks like it doesn't/can't spoof everything.

in reply to SteveCC

brucethemoose

in reply to SteveCC • 2 weeks ago • •

Already done, see: github.com/uazo/cromite

When I go to the fingerprint test, a bunch of the values like canvas resolution and timezone are randomized.

...Not everything, though.

GitHub - uazo/cromite: Cromite a Bromite fork with ad blocking and privacy enhancements; take back your browser!

Cromite a Bromite fork with ad blocking and privacy enhancements; take back your browser! - uazo/cromite

^GitHub

This entry was edited (2 weeks ago)

in reply to brucethemoose

PiraHxCx

in reply to brucethemoose • 2 weeks ago • •

Interesting... Tor, Mullvad, and other secure browsers, go to the exact opposite approach, though... they try to make everyone look the same so they can't tell you apart across IPs

in reply to PiraHxCx

brucethemoose

in reply to PiraHxCx • 2 weeks ago • •

Yeah, exactly.

Cromite's explicit focus is, literally, antifingerprinting. With the goal of breaking cross site tracking I guess.

A more accurate goal for Tor/Mullvad is anonymizing, e.g. “blending in with the crowd.”

It’s like radically changing your clothes every day vs wearing super incognito stuff. Different means, each more optimal for different aspects of security/privacy.

This entry was edited (2 weeks ago)

in reply to BeatTakeshi

Twongo [she/her]

in reply to BeatTakeshi • 2 weeks ago • •

Here are some extra tips for increased privacy:
- Don´t use your browser in fullscreen
- Download Chameleon for Firefox, it periodically changes the browser and OS it pretends to be

OR: Use Chameleon and set yourself to the most common combo. Get lost in the noise.

This entry was edited (2 weeks ago)

in reply to Twongo [she/her]

AsoFiafia

in reply to Twongo [she/her] • 2 weeks ago • •

Why no full screen? The second point makes sense and I might go back to using FF, but I can fathom what not going full screen accomplishes.

in reply to AsoFiafia

Twongo [she/her]

in reply to AsoFiafia • 2 weeks ago • •

look at my reply on the other comment :)

This entry was edited (2 weeks ago)

in reply to Twongo [she/her]

AsoFiafia

in reply to Twongo [she/her] • 2 weeks ago • •

Thanks! I had no idea. I figured the resolution came from system specs. This is good to know. Although, I’m super close to just banishing the internet entirely. Tracking is getting out of hand…

Edit: corrected “vanishing” to “banishing.” Autocorrect. 🙄

This entry was edited (2 weeks ago)

in reply to Twongo [she/her]

BeatTakeshi

in reply to Twongo [she/her] • 2 weeks ago • •

What's the issue with full screen?

in reply to BeatTakeshi

Twongo [she/her]

in reply to BeatTakeshi • 2 weeks ago • •

randomlzing your window size shows trackers different resolutions.

depending on which OS you use it won't show 1920x1080, as taskbars and other extras take off a few pixels.

example: if your browser is fullscreen and only shows a resolution of 1920x1075 it could most likely mean you use macos (randomly chosen)

in reply to Twongo [she/her]

jnod4

in reply to Twongo [she/her] • 2 weeks ago • •

Oh shit

in reply to Twongo [she/her]

Xylight

in reply to Twongo [she/her] • 1 week ago • •

Librewolf has letterboxing which locks your website's intrinsic size to specific resolutions (like 1600x1000) to combat this

in reply to BeatTakeshi

FoundFootFootage78

in reply to BeatTakeshi • 2 weeks ago • •

Just use Tor or Mullvad browser (you don't need to use the Tor Network or Mullvad VPN, you can bring your own).

That said the wasted screen real-estate is a dealbreaker for me. So if I'm not gonna log in then I'll go with a fully separate installation.

in reply to BeatTakeshi

Steve

in reply to BeatTakeshi • 2 weeks ago • •

But VPNs aren't supposed to make you anonymous.
They secure your data while in transit to/from the exit node. Maybe that's your job so you can access their LAN. Or it's a public VPN that secures your dada from the local WiFi or ISP you're directly connected to. That's all it's built for.

This entry was edited (2 weeks ago)

in reply to Steve

Auli

in reply to Steve • 2 weeks ago • •

And what do you thing HTTPS does exactly? Whe the web was HTTP sure VPN's had a point as people on public wifi could sniff your trafic. Now they can't.

in reply to Auli

Steve

in reply to Auli • 2 weeks ago • •

It only encrypts the data within the HTTPS packet. But where that packet is going is still transparent.

It also doesn't do anything for non web traffic. Email through SMTP or IMAP, FTP, lots of things don't use HTTP at all.

This entry was edited (2 weeks ago)

in reply to BeatTakeshi

Eager Eagle

in reply to BeatTakeshi • 2 weeks ago • •

no shit

I use VPN because of the ISP and the network, not to become anonymous to the websites I visit.

in reply to Eager Eagle

bountygiver [any]

in reply to Eager Eagle • 2 weeks ago • •

unless it's about geo restrictions.

in reply to BeatTakeshi

PiraHxCx

in reply to BeatTakeshi • 2 weeks ago • •

Doesn't browser with anti-fingerpriting give the same settings to everyone using that browser so they all look like the same person?

in reply to PiraHxCx

primalmotion

in reply to PiraHxCx • 2 weeks ago • •

Yes and I think that's kinda dumb. It's never going to be possible to have everyone look the same. I would go the other route. Randomize everything everytime so you never leave twice the same fingerprints. That's way easier and it polutes marketers dabases, which is a double win.

This entry was edited (2 weeks ago)

in reply to primalmotion

PiraHxCx

in reply to primalmotion • 2 weeks ago • •

If you are using a popular VPN I guess that's an option, but if you are going through the onion, where several nodes are being monitored, being the only guy that looks different, regardless if each time is a different different, just makes you too easy to be tracked :P

This entry was edited (2 weeks ago)

in reply to BeatTakeshi

partygap

in reply to BeatTakeshi • 2 weeks ago • •

don’t browse the web and actually get some work done

WEB IS HARMFUL!!!

Firefox

^{harmful.cat-v.org}

in reply to BeatTakeshi

Zerush

in reply to BeatTakeshi • 2 weeks ago • •

Fingerprinting isn't allways synonym of the lack of privacy. But there are differences between fingerprinting for tracking and profiling reasons, which certainly is needed to block or to spoof, and tecnically data needed to show correctly the content of a page, eg the first public IP numbers to show the content in your lenguage, the fonts used, screen resolution, OS, browser engine...., all data which are the same for millon other users. We can block por complete the fingerprinting, but than we'll see that half of the pages are not shown correctly or don't even work. It's always an commitment to set the fingerprint blocking.
VPNs add an privacy layer, but dont avoid fingerprintings, used as extension can't avoid that the browser connect first to the ISP before the VPN can create the tunnel, with which it may serve to skip country restrictions, but you are still seen by your ISP. It don't also blocking the fingerprinting, except the IP.
To stay private depends more on other measures, DNScrypt, not to use apps, search engines and services which logs/share our activity, using ad/t... Show more...

This entry was edited (2 weeks ago)

in reply to BeatTakeshi

Shamot

in reply to BeatTakeshi • 2 weeks ago • •

I just tried the Am I Unique site and I'm surprised by the amount of information the sites can have. Why do they know if I'm connected using 4G or 5G for example? Even using a privacy browser

in reply to BeatTakeshi

FriendBesto

in reply to BeatTakeshi • 6 days ago • •

This is a bit of a misnomer. No one PC can be fully anonymized or fully private, even if the PC provided fake data points, they will still be technically fingerprinted. Having said that, having a browser that tries to spoof stuff like LibreWolf, Tor or IronFox is decent.

The gains in using a VPN, among other best practices is that helps --assuming people do not log on to something like Google-- is to minimize the fingerprint of the PC to you, as a user. Assuming one trust their VPN provider, helps.

Tor leverages the point of having all users look and be fingerprinted mostly as the same, so you get lost in the shuffle and crowd.

⇧

BeatTakeshi via Privacy

BeatTakeshi 2 weeks ago • •

BeatTakeshi
2 weeks ago • •