How anti-fingerprinting extensions tend to make fingerprinting easier
palant.info
Browser extensions claiming to protect against fingerprinting will typically result in more data available for fingerprinting.

While browser extensions are often suggested as a method to improve your privacy, they could make things way worse. I linked an article about the anti-fingerprint extensions however, every extension that you installed on your browser make you stand out more.

This happens even with adblocker extensions. First of all, enumeration badness it’s not a good approach against tracking, that’s why Tor browser doesn’t use any adblocker.

Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.

Trying to resort to filter methods based on machine learning does not solve the problem either: they don’t provide a general solution to the tracking problem as they are working probabilistically. Even with a precision rate at 99% and a false positive rate at 0.1% trackers would be missed and sites would be wrongly blocked

Source.

Moreover, every site visited can detect every change you made including blocked domains and so, instead of achieve privacy you’ll stand out more. If you’re going to use and adblocker it’d be a good idea using only the standard filters.

  • Lunacy@lemmy.mlOP
    2·
    3 years ago

    You can see what information your browser leaks on browserleaks.com.

    Sites like https://www.amiunique.org/fp and coveryourtracks.eff.org/ do not complain about my browser config.

    Sites like amiunique.org/fp or coveryourtracks.eff.org are not reliably test your fingerprint.

    In addition to tracker blocking, Cover Your Tracks measures the uniqueness of your browser. We anonymously log the following information, and compare it to a database of many other Internet users’ configurations that we’ve observed recently.

    Source

    Your are not comparing your browser settings with a general audience, because the regular Joe doesn’t even know about these kind of sites. Instead, you comparing just with a small percent of people who cares enough to do a fingerprint test. amiunique.org/fp has 3737036 in their dataset however, there is a fragmentation between the differens OS. For example, android it’s just 10% of the total, so you’re comparing yourself with ≈ 373.703 users who use android, but in reality there are 1.6 billion android users in the world. Moreover, the data about fingerprint should be deleted after a while, otherwise you’ll just comparing yourself with old set of data e.g User Agent.

    Other problems:

    These sites wrongly detect Brave as identifiable because they are designed to measure a different form of fingerprinting protection than Brave uses. Most tools try to make as many browsers look identical as possible, and sites like panopticlick.eff.org look to see if your browser matches any they’ve seen previously. If not, then they determine that you’re fingerprintable.

    Source

    Why then does EFF’s page tend to tell Tor users that they are unique amongst the hundreds of thousands of users that have been fingerprinted so far? The answer has largely to do with selection bias. The majority of visitors to EFF’s site are likely not Tor users.

    Source

    If the site does give you an “anonymity score,” did you get a good result or a bad one? How do you know? If the fingerprint-testing site determines your score based on its recent visitors (like panopticlick), are their recent visitors a representative sample of the visitors of the other websites you visit? If yes, how do you know?

    What are the features the fingerprint-testing site tested for and how does that set of features compare to the ones that other websites look for? If you claim they are similar, how do you know?

    If you test your browser, make a change to it, test again, and then get the same score, is it really safe to assume that the change was benign? If you get a better score, is that meaningful? What if the score got worse?

    If the fingerprint-testing site relies on JavaScript for the detection of many features (and they generally do), is JavaScript the only way to detect those features? It often isn’t. If you disable JavaScript and get a much better score, is that actually meaningful? Why or why not?

    See how much uncertainty I have about fingerprint-testing websites? I find it mind boggling that people who don’t really understand what they’re looking at try to claim anything concrete after using one of these sites, especially after using ones that give them an “anonymity score.”

    Source