this post was submitted on 27 Dec 2024
55 points (95.1% liked)

Privacy

32506 readers
1068 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I went on amiunique.com, and it says that I'm unique.

Lowest scores: list of fonts JS (0.01%), canvas (0.00%), media devices (0.00%), user agent (0.11%), and audio data (0.80%)

I use Linux Mint Debian edition, Librewolf browser, and Mullvad VPN. How do I become less unique?

top 44 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 7 hours ago (1 children)
[–] [email protected] 2 points 4 hours ago

EFF is an org that I'd run to join if they had a position I could fill. I've been on their side since the 90s, when I was too young to tell if I was choosing the right side because I didn't understand everything they advocated because I was a kid. They are the ACLU of the internet.

[–] [email protected] 7 points 9 hours ago

If you are trying to obfuscate instead of poisoning your data, you are doing it wrong. You can't be identified if your fingerprint is always different.

Fingerprinting panic is some bullshit created by brave browser, a bloated shitware than installs a lot of unnecessary crap on your device, including their own advertisement engine.

[–] [email protected] 2 points 9 hours ago
[–] [email protected] 44 points 1 day ago (1 children)

Easiest answer would be: Use a common OS, with a common browser, and no add-ons.

The moment you start using something different to Windows, Android, iOS or macOS with Safari, Chrome or Firefox, you're probably already in the 5 % (just my uninformed estimate). Add-ons also increase this value drastically.

Long story short: The sad truth is, the moment you're interested in online-prviacy, you're very unique.

[–] [email protected] 8 points 1 day ago (3 children)

Is there no way to spoof that I'm using one of those without actually using them?

[–] [email protected] 2 points 10 hours ago

Spoofing is a whole hell of a lot easier said than done. Content delivery networks like Akamai, Cloudflare, etc. all know exactly how different versions of different browsers present themselves, and will catch the tiniest mistake.

When a browser requests a web page it sends a series of headers, which identify both itself and the request it’s making. But virtually every browser sends a slightly different set of headers, and in different orders. So Akamai, for example can tell that you are using Chrome solely by what headers are in the request and the order they are in, even if you spoof your User-Agent string to look like Firefox.

So to successfully spoof a connection you need to decide how you want to present yourself (do I really want them to think I’m using Opera when I’m using Firefox, or do I just want to randomize things to keep them guessing). In the first case you need to be very careful to ensure your browser sends requests that exactly matches how Opera sends them. One header, or even one character out of place can be enough for these companies to recognize you’re spoofing your connection.

[–] [email protected] 13 points 1 day ago (1 children)

One of the points of Libre Wolf is to make you unique, but each session should be unique.

You can find some additional setting tweaks here: https://librewolf.net/docs/settings/

The "letterboxing" feature is an additional uniqueness feature you could consider enabling.

I'm particular you could check your result in this experiment: https://fpresearch.httpjames.space/

Try it in both normal and in a private tab, then record those results, reopen Libre Wolf, and try again.

[–] [email protected] 0 points 20 hours ago* (last edited 20 hours ago) (1 children)

Can you explain what I'm supposed to be looking for in that .space link? What's the server code and client code? Am I trying to see if the emojis and number at the bottom changes when I reopen the site?

[–] [email protected] 1 points 15 hours ago* (last edited 15 hours ago) (2 children)

So server code is your fingerprint based on what a server is able to see. This would be your fingerprint with JS disabled, essential. Client code is the JS generated fingerprint.

[–] [email protected] 1 points 11 hours ago

So, if I have the same client code and a different server code, I'm followable only as long as I have JS enabled?

[–] [email protected] -1 points 10 hours ago* (last edited 9 hours ago) (1 children)

So .... Again, what is the point of this test, lol. What am i looking for? It seems like no one actually knows what the hell this test is showing, lol. Idk why it was posted if no one knows what it's showing? Do you know what I'm supposed to be looking for?

[–] [email protected] 1 points 7 hours ago (1 children)

The test is simply showing two fingerprints for your browser. One, the server fingerprint, is one that any tracker can see. The other, the client fingerprint, is what can be used if you have Javascript enabled.

Instead of inundating you with test results, this one is simple - check to see if your fingerprints change between browsing sessions. If they don't change, that means you can be tracked. In which case you can mess with settings and try again.

[–] [email protected] 0 points 5 hours ago (1 children)

Mine appears to change each time between browser sessions on a semi-hardened firefox. No clue what the bottom section means though.

[–] [email protected] 1 points 5 hours ago (1 children)

The bottom result (the % certain one) is just a fuzzy match of similar fingerprints AFAICT.

[–] [email protected] 0 points 5 hours ago (1 children)

So should both the server and client codes change each time you reopen a new browser session? Or just the client?

[–] [email protected] 1 points 2 hours ago

Both should if your goal is to not have a reusable fingerprint (which for a privacy focus would be). Server should change more frequently since it has access to less information about the browser. Server based fingerprinting is fairly unreliable, client side uses Javascript to generate more bits of unique data.

[–] [email protected] 1 points 23 hours ago

librewolf hopefully supports changing user agents. if not, uninstall it

[–] [email protected] 24 points 1 day ago

You’re unique and everyone loves you.

[–] [email protected] 16 points 1 day ago (1 children)

Essentially using Linux with Librewolf and various browser addons is making you unique, since there are not many similar fingerprints.

[–] [email protected] 9 points 1 day ago (4 children)

To my knowledge Librewolf spoofs useragent to Windows by default

[–] [email protected] 2 points 7 hours ago

Useragent doesn't do much as your browser navigator settings expose the real OS

[–] [email protected] 9 points 1 day ago* (last edited 1 day ago) (1 children)

It does as well as setting your locale to en-us, timezone to utc and giving random output from canvas every time.

Edit: You can also enable a fixed size for you window. More precisely the area which is visible to content (and also to javascript). https://librewolf.net/docs/faq/#what-are-the-most-common-downsides-of-rfp-resist-fingerprinting

[–] [email protected] 1 points 1 day ago

Oh I have noticed the timezone change, some websites were misbehaving because of it

[–] [email protected] 4 points 21 hours ago

It can still tell you're on Linux via WebGL

[–] [email protected] 1 points 1 day ago

It seems to me with JavaScript it doesn't work

[–] [email protected] 8 points 23 hours ago

Using Tor Browser with default settings is probably the least time consuming way of reducing a site's ability to uniquely identify you.

[–] [email protected] 6 points 22 hours ago (2 children)

isn't mullvad browser a better choice than librewolf? (i use both)

[–] [email protected] 5 points 14 hours ago (1 children)
[–] [email protected] 1 points 10 hours ago (1 children)

yes, except for the "DNS privacy tests" they seem to be equal on privacytests.org

[–] [email protected] 1 points 7 hours ago

Enabling DoH with max protection probably solves that.

[–] [email protected] 2 points 21 hours ago (1 children)

Is it? I haven't heard much about mullvad browser.

[–] [email protected] 4 points 10 hours ago

It's basically Tor Browser without using the Tor network.

[–] [email protected] 3 points 21 hours ago (1 children)

Less unique is equal to what majority of other's do.

So

  • Windows
  • Chrome (stock settings, maybe some addons like grammarly)
  • No VPN
[–] [email protected] 1 points 5 hours ago (1 children)

I know you're saying to use widely-used extensions, but for privacy-conscious users I wouldn't suggest grammarly

[–] [email protected] 2 points 2 hours ago* (last edited 2 hours ago) (1 children)

well. as another said, one is pretty unique the moment they seek online privacy. this is the sad reality of it. You want to blend in, less unique? Ditch privacy is a way to go. Is this a shit choice, of course it is. The otherway around is embrace the uniquess on every refresh of the page. However, I still have a hard time to beat some very sophisticated fingerprinting engines. Or you can disable Javascript and you won't be fingerprint-able at all along a VPN.

[–] [email protected] 1 points 1 hour ago

Sure I after with that first point. But actively feeding all of your typed text to a corporate owned server isn't the only way to so that.

[–] [email protected] 2 points 22 hours ago (1 children)

I mean...VM, run Tor as a container within the VM, and don't change any default settings. Amiright guys?

[–] [email protected] 1 points 7 hours ago* (last edited 6 hours ago)

If you're gonna put this much effort in you may as well just use tails or qubes OS

[–] [email protected] 1 points 23 hours ago (1 children)

Use a computer that you bought off the shelf at a big box store. Don't add any hardware, software, fonts, or change any settings. Use MS Edge with no extensions, and clear your cookies and cache after each session.

That will make you about as generic as possible.

[–] [email protected] 4 points 14 hours ago (1 children)

Use MS Edge

Use Chrome. Edge is a minority browser (has a market share of ~10 %). Using chrome though gives all your data to google ( so not recommended).

[–] [email protected] 1 points 12 hours ago

I was thinking Edge becaudse that comes stock with every new system you buy; Chrome is something you have to install proactively. But yeah, you're probably right. You eith look anonymous because your system looks generic, or you have some small degree of privacy without anonymity. It's a shitty choice to make.