Firefox w/ the Arkenfox user.js is probably as good as it gets in terms of privacy. By default, this config burns cookies on exit, standardizes the time zone to UTC, spoofs the canvas fingerprint, and does other helpful things. Basically, it makes Firefox expose the same information as the Tor browser.

In addition, I block most known advertizing/tracking domains at the DNS level (I run my own server, and use Hagezi's blacklists).

Finally, another suggestion would be to block all third party content by default using uBlock Origin and/or uMatrix. This will break a lot of websites, but automatically rules out most forms of tracking through things such as fonts hosted by Google, Adobe and others. I manually whitelist required third party domains (CDNs) for websites I frequently visit.

▲

codedokode 3 hours ago | parent | next [-]

Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?

> block all third party content

It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.

Also imagine if browser didn't provide drawing API for canvas (if you would have to ship your own wasm rendering library). Canvas would become useless for fingerprinting and its usage would drop manyfold. And the browser would have less code and smaller attack surface.

▲

drnick1 3 hours ago | parent | next [-]

> Does it hide GPU name that is exposed via WebGL/WebGPU? Does it hide internal IP address, available via WebRTC?

My GPU is reported as simply "Mozilla" by https://abrahamjuliot.github.io/creepjs/.

The number of cores is also set to 4 for everyone using this config and/or Tor.

> It's not going to work, because the fingerprinting script can be (and is often served) from first-party domain.

This may be true, but allowed third party content makes it trivially easy for Google and others to follow people around the Internet through fonts delivery systems among others.

	▲	tempest_ 15 minutes ago \| parent [-]
		I had forgotten I was running Ublock origin / Privacy Badger / Ghostry so I was a bit confused with the results from that site. I think it is Ghostry that is faking the responses but I still have a pretty unique fingerprint according to https://abrahamjuliot.github.io/creepjs/

▲

dminuoso 2 hours ago | parent | prev [-]

If I infiltrate someone else’s computer, secretly run code in order to to exfiltrate data I risk prison time because objectively it seems to satisfy criminal laws over where I live.

How do prosecutors in any modern country/state not charge this behavior when done by a website owner?

▲

gruez 2 hours ago | parent [-]

The difference is that there's implied consent to run arbitrary (albeit sandboxed) code when you visit a website. Moreover it's not the website causing the code to be executed, it's your browser. Otherwise if the bar is "code is being run but the user doesn't know about it", it would lead to either any type of web pages with javascript being illegal (or maybe without javascript, given that CSS turing complete), or a cookie banner type situation where site asks for consent and everyone just blindly accepts.

	▲	mh- an hour ago \| parent [-]
		> if the bar is "code is being run but the user doesn't know about it", .. would lead to all modern electronics being illegal, not just web pages with javascript.

▲

kachapopopow 2 hours ago | parent | prev | next [-]

All javascript based anti-fingerprinting is detectable and is also a major source of uniqueness!

	▲	vorticalbox 43 minutes ago \| parent [-]
		Sure but if you are always unique for every website then you can’t be tracked overtime.

▲

alcide 3 hours ago | parent | prev | next [-]

Orion Browser (Kagi Product) prevents fingerprinters from running by default.

https://help.kagi.com/orion/privacy-and-security/preventing-...

▲

ashman5 36 minutes ago | parent | next [-]

Orion browser is also capable of running uBlock Origin (not Lite) on iOS.

▲

codedokode 2 hours ago | parent | prev [-]

How do they reliably detect fingerprinting? Did they solve the Halting Problem? Sounds fishy.

▲

gruez 2 hours ago | parent [-]

>The only efficient protection against fingerprinting is what Orion is doing — preventing any fingerprinter from running in the first place. Orion is the only browser on the market that comes with full first-party and third-party ad and tracking script blocking, built-in by default, making sure invasive fingerprinters never run on the page.

sounds like they block "known" fingerprinting scripts and call it a day.

	▲	0xy an hour ago \| parent [-]
		This makes you inherently trackable, ironically. No trace is a massive trackable attribute, since almost nobody is untraceable.

▲

0xy an hour ago | parent | prev | next [-]

As someone who utilizes these tools for anti-fraud purposes, Firefox is just as trackable if not more trackable than Chrome (especially because you stand out by using a niche browser in the first place).

Firefox exposes a massive amount of identifiable information via canvas, audio device and feature detection methods. There's also active methods to detect private windows, use of the developer console and more.

	▲	vpShane an hour ago \| parent [-]
		Of course. There's data where there isn't data. -make client load something -client doesn't load it -add.fingerprint.point(client,'doesnltloadthings',1) -detect if client does something only a certain browser does -client does it -add.fingerprint.point(client,'doesthisbrowsderthing',1) -window was resized/moved, send a websocket snitch to the backend - keep a consistent web socket open, or fetch a backend-api call for updates on X events - more calls are made, means user is probably scrolling, inject more things/different things. I see some js obfuscators out there where I look at the js file and it's all mumbo jumbo. It is indeed a privacy nightmare, where whatever we do feeds the algorithms to aide in making other people do things. But it's also used in network security, organizations etc. Staff/employees will use the system a certain way, if something enters it without the behaviors, it's detectable. I assume that's what you mean in anti-fraud. Sad part is we don't know what the data is ever used for, and it's often bought and sold and the cycle repeats.

▲

maks198 2 hours ago | parent | prev [-]

[dead]