I recently tried to clean up my digital life. I switched to Linux and switched to GrapheneOS and made more use of my proton subscription to replace google. But I have a few questions :
I tried https://coveryourtracks.eff.org/ on Librewolf on my PC and Vanadium on my phone and it say I have a nearly unique fingerprint. Is the benefit of using a privacy focused browser neglected by the low userbase and unique fingerprint ?
I did not have a great digital hygiene before so I have a google account, meta… How do I clean this up ? Are services like Incogni any good or is it just marketing ?
Finally I wanted to use tails with persistent storage to use as a live system if I ever need to use a PC that is not my own to connect to my accounts. However, I don’t want the ISP to know I use Tor. I see it as a big “I have something to hide” flag for the ISP. But my understanding is if I install a VPN on tails it will be Tor over VPN (bad if I understand correctly) instead of VPN over Tor. Should I use something else than tails since I only want/need always on VPN with kill switch.
Thanks a lot for your help. I want to say the journey is much easier than what I anticipated. The hardest part is making people switch around me. The lobbying has started.
TL;DR The only way to avoid a near unique fingerprint is Tor Browser
Longer explanation: There are too many styles of fingerprinting protections: randomized and normalized.
Librewolf inherits its fingerprint protections from Firefox (which intern was upstreamed from the Tor uplift project. It works by taking as many fingerprintable characteristics (refresh rate, canvas, resolution, theme, timezone, etc) and normalizes them to a static value to be shared by all browsers using the feature (privacy.resistFingerprinting in about:config). The benefit of normalizing is you appear more generic, though there are many limitations (biggest of which is OS because you cant hide that). The purpose design of these protections stems from the anonymization strategy of Tor which is to blend in with all other users so no individual can be differentiated based on identifiers. Since Librewolf has different a default settings profile to Tor (or Mullvad) and even vanilla Firefox with RFP enabled, the best you can hope is to blend in with other Librewolf users (which you really cant, especially if you install extensions or change [some] specific settings). Instead, the goal is just to fool naive fingerprinting scripts, nation states or any skilled adversary is out of the scope.
Brave (or Cromite) uses the strategy of randomizing fingerprintable characteristics. This is only meant to fool naive FP scripts but in my opinion (when done right) is better at fooling naive scripts. The biggest problem is that these attempts by other browsers and not as comprehensive as Firefox. I think Cromite does a better job than Brave: it is the only browser which fools Creepjs that I have tried by creating a new FP on refresh. Cromite required some configuring to get to place I wanted it, but so does every browser.
The advantage with Firefox forks is that vanilla Firefox has RFP and therefore so do the forks (though most dont enable), but you dont blend i with a crowd (making it far less effective than MB or Tor). The advantage of Brave or Cromite is a randomized FP, bit since it isnt upstreamed (and Google will never do that) you stand out like a sore thumb. Either way is fine though for basically everyone.
The only browsers I know that work against Creepjs are as follows:
Creepjs is not a valid metric for fingerprinting protection.
It still gives metrics. And yes, Creepjs is not very useful against randomized values, though I noted it still because Brave fails (resulting in a persistent fingerprint) whereas Cromite succeeded to fool Creepjs. Both have many methods of fingerprinting protection.
Checking the fingerprinting protections of Mullvad and Tor is better done with TorZillaPrint test page by Arkenfox. It is optimized to tell you whether you blend in correctly with RFP normalized values.
The Brave browser has much better blocking capabilities with the goal of offering all of the uBlock Origins features, while Cromite has an ABP integration which has weaker and less support for advanced filterlists. The default filterlists selection is also quite questionable. A blocked script can no longer track you.
Brave’s fingerprinting protection measures are technically speaking superior than Cromite, the only reason that CreepJS can’t be fooled by it all the time (I’ve done my own tests and it fails sometimes) is that it has specifically been designed to adapt to its protection mechanisms, which hasn’t been done for Cromite.
You can also harden Brave to increase its level of protection:
https://www.privacyguides.org/en/desktop-browsers/#brave
https://www.privacyguides.org/en/mobile-browsers/#recommended-brave-configuration
Thanks a lot for the detailed answer.
My goal is pretty simple : I don’t want to give my data with big tech and gov for ideological reason more than for security but I don’t want to use tools that makes me stand out like a sore thumb.
Mullvad has been recommended twice, I’ll have a look and see if it fits my need.
@Neptr @Username85920
by default TOR browser did not pass the fingerprint test
Your browser has a non-unique fingerprint.Definitely need to change some settings in the browser , I’ll try
They is the right result, non-unique fingerprint is what you want with Tor Browser.
@Neptr
You’re right, it was my mistake.