No matter what browser I use, every time it states my browser has unique fingerprint for Mull with uBlock and Badger installed and “randomized” with Brave. I don’t even know if there are any other than unique or randomized. It will be more of an OPSEC post rather than referring to Cover Your Tracks in particular.
I got the worst results in
1. Screen size and colour depth
- one in 92k with Mull
- one in 200 with Brave and Vanadium
2. Http_accept headers
- one in 3k with Mull
- one in 6k with Brave
- one in 2,1k with Vanadium
3. Language and time zone (target’s community is located in the same country as mine, so score above 200 doesn’t bother me much)
4. Touch support
- one in 143 with Mull
- one in 4.35 with Brave and Vanadium
5. User agent
- one in 151.26 with Mull, probably bad, cause Chrome and Chromium browsers have nearly 70% market share in my country.
- one in 44 with both Brave and Vanadium
6. WebGL Vendor & Renderer
- one in 8.58 with Mull
- one in 314 with Brave
- one in 604 with Vanadium
7. Hash of WebGL fingerprint
- one in 8.81 with Mull
- one in 3.27 with Brave
- one in 939 with Vanadium
The rest of categories has score <10. If you think others will be crucial in my case, feel free to ask what score they got. The post would get too long if I were to list all results.
Device:
- Pixel 6 Pro with GrapheneOS
- Optionally I can look up for my good old Oppo A52 (slow af but has OEM Android 12 if remember right)
Browsers I tried:
- Vanadium 131.0.6778.104
- Mull 132.0.0 with uBlock Origin and Privacy Badger
- Brave 1.73.91, Chromium 131
Is there any way to make sure I am not recognisable by my browser data? I can’t block every single cookie or data requests, as I am sure too many rejections of them will probably result getting flagged as a shady user, then admins will personally inspect fingerprints of all my accounts. This is just a downward spiral to me getting banned for making multiple accounts (my target). The goal is not to make me as anonymous as Snowden, but to spoof my fingerprint so good to get unrecognisable from the typical mouth-breathing internet users who don’t give a flying fuck about so called, broadly understood online privacy. Ironically, that’s pretty much reverse goal than when I was installing GrapheneOS.
Threat actor: discussion forum with invite-only registration. Something like Reddit, but they take multiple account prevention seriously. I am 99,9999% sure they ban all access via VPN, proxies and TOR in advance, so those are out of discussion. Burner SIM cards with internet access are the solution here, both for getting unique IP from LTE provider and for SMS verification during registration. Furthermore, different providers will probably give every single account’s fingerprint a pinch of uniqueness (if admin staff has any way to see which mobile comm provider I used)
There’s a catch: if I switch my SIM card to another one and the second one will get the same IP address as the previous one - I have to get in radius of another BTS and get different IP, or It will look like one person is using the 2 (or more) accounts. The inviter and all his invitees will get banned. Tbh I don’t know how big chance there is for this making happen.
Convenience link https://coveryourtracks.eff.org/
I just tested mull, Firefox, Firefox nightly, tor, and Vivaldi.
tor was the only one that produced results under 10 for every test. Except touch (70) screen (61k randomized anyway), and user agent (128 Firefox)
None of the tests produced an accurate result for screen -each one said my screen size had a different resolution.
Fingerprinting resistance randomizes or fakes certain api responses, as does a plugin like canvas blocker. So, those would definitely be higher numbers. But, they are always unique. Meaning they change. So it’s difficult to track.
If you try the same test and you’re unique EVERY TIME. That’s actually good.
But, there are things that can still be tracked if they stand out too much, and are static. (You can still be unique with static results in combination with randomization)
Like having a user agent “this is my phone”.
Too much customization / extensions makes you a giant orb of glowing user data.
You need to disable JS to achieve good scores
I’ve tested several browsers and it’d always around 17 ish bits.
I’m at 15.9 bits of info and an almost fully unique browser. Of course, that uniqueness changes every time and they don’t test for that.
I’m on iOS.
It’s going to be really difficult in a standard setup.
If you really care maybe try something like Tails.
Low effort reply. I don’t have a single reason to use it, as I am confident admin staff blocks incoming traffic from VPN servers and TOR relays.
