So from what I understand, theres 2 common ways that browsers combat this. Someone add to or correct me if I’m wrong.
Browsers such as Mull combat this by looking the same as every other browser. If you all look the same, it’s hard to tell you apart. I believe this is why people recommend using default window size when using Tor.
Ex: Everyone wearing black pants and hoodies with the facemasks. Extremely hard to tell who is who.
Browsers such as Brave randomize metadata that fingerprinting collects so that it’s more difficult to piece it all together and build a trend/profile on someone.
Ex: look like a dog in one place, a cat in another place. They get data for a dog but that doesn’t help build anything if the rest of the data is a cat, hamster, whatever. No way to piece it together to be useful.
In both my examples, there are caveats. Just because everyone dressed the same doesn’t mean someone isn’t taller or shorter, or skinnier or fatter. There can still be tells to help narrow down. Or a cat that barks like a dog suddenly is more linkable to a dog if that makes sense lol.
In other words it still depends user behavior that can contribute to the effectiveness of these tools.
EDIT: got distracted. To answer your question I don’t think so. I think it’s more about user behavior blending in or being randomized. I think the only thing an extension would be able to do is possibly randomize the data but I’m unsure of such an extension yet.
These aren’t the only options, these are just ones I’ve read about recently. Online behavior, browswr window size, and I’m sure so much more also goes into it. But every little bit helps and is better than nothing.
The two were often conflated because “mull” in the name. They also used many of the same resources for the prefs.js and other tweaks. (Arkenfox, tor uplift, etc)
The first point is flawed and even TOR doesn’t execute javascript because it’s impossible to catch everything when you give the server full code running capabilities.
The second point is more plausible but there’s an incredible amount of work to do to fix this. Like, needing to rework browser engines from ground up and removing all of the legacy cruft. Brave is not capable of this and never will be no matter what they advertise because it doesn’t have it’s own engine.
That being said, these tools will get you quite far against commercial fingerprint products especially ones used for Ads but that will also ruin your browser experience as now you’re just solving captchas everywhere 🫠
No. Anything that executes Javascript will be fingerprinted.
That being said it depends who are you fighting. For common commercial tools like Cloudflare fingerprinter it might work to some extent but if you want to safeguard against more sophisticated fingerprinting then TOR and no JS is the only way to combat this.
The issue is that browsers are so incredibly complex that it’s impossible to patch everything and you’ll just end up getting infinite captchas and break your browsing experience.
Others have mentioned what Firefox/etc do, but another option is a PiHole. If you can’t look up the IP for an advertiser URL, you don’t load the JavaScript to begin with.
Would it be possible for a browser or extension to just provide false metadata in order to subvert this type of fingerprinting?
So from what I understand, theres 2 common ways that browsers combat this. Someone add to or correct me if I’m wrong.
Ex: Everyone wearing black pants and hoodies with the facemasks. Extremely hard to tell who is who.
Ex: look like a dog in one place, a cat in another place. They get data for a dog but that doesn’t help build anything if the rest of the data is a cat, hamster, whatever. No way to piece it together to be useful.
In both my examples, there are caveats. Just because everyone dressed the same doesn’t mean someone isn’t taller or shorter, or skinnier or fatter. There can still be tells to help narrow down. Or a cat that barks like a dog suddenly is more linkable to a dog if that makes sense lol.
In other words it still depends user behavior that can contribute to the effectiveness of these tools.
EDIT: got distracted. To answer your question I don’t think so. I think it’s more about user behavior blending in or being randomized. I think the only thing an extension would be able to do is possibly randomize the data but I’m unsure of such an extension yet. These aren’t the only options, these are just ones I’ve read about recently. Online behavior, browswr window size, and I’m sure so much more also goes into it. But every little bit helps and is better than nothing.
EDIT2: Added examples for each for clarity.
Mull is discontinued unfortunately, although I think it got forked?
For mobile, yes, development stopped.
However, Mullvad (from the actual VPN folk) for desktop still exists.
https://mullvad.net/en/browser
Mullvad browser and Mull were not affiliated.
That’s why I said (from the actual vpn folk)
The two were often conflated because “mull” in the name. They also used many of the same resources for the prefs.js and other tweaks. (Arkenfox, tor uplift, etc)
Yep. It’s fork is called ironfox
Yeah maybe Tor Browser was the better example. Just trying to get the point out lol.
The first point is flawed and even TOR doesn’t execute javascript because it’s impossible to catch everything when you give the server full code running capabilities.
The second point is more plausible but there’s an incredible amount of work to do to fix this. Like, needing to rework browser engines from ground up and removing all of the legacy cruft. Brave is not capable of this and never will be no matter what they advertise because it doesn’t have it’s own engine.
That being said, these tools will get you quite far against commercial fingerprint products especially ones used for Ads but that will also ruin your browser experience as now you’re just solving captchas everywhere 🫠
Thanks for adding! Could you clarify a bit on the points so I can better understand where I was wrong at?
No. Anything that executes Javascript will be fingerprinted.
That being said it depends who are you fighting. For common commercial tools like Cloudflare fingerprinter it might work to some extent but if you want to safeguard against more sophisticated fingerprinting then TOR and no JS is the only way to combat this.
The issue is that browsers are so incredibly complex that it’s impossible to patch everything and you’ll just end up getting infinite captchas and break your browsing experience.
Yes. There is a firefox extension called Chameleon that does this.
Yes but that metadata is also used to serve you the webpage, so if you spoof it, the page may not load properly.
Others have mentioned what Firefox/etc do, but another option is a PiHole. If you can’t look up the IP for an advertiser URL, you don’t load the JavaScript to begin with.