Browser Fingerprinting Masterclass: How It Works & How To Protect Yourself
In today's masterclass, we're diving deep into one of the most powerful and concerning tracking technologies on the internet today, and it's called browser fingerprinting. Now, unlike regular cookies, which delete the data locally, and then you clear it from your browser, browser fingerprinting creates a persistent digital ID that more or less follows you around the web. And it's actually probably more prevalent than a lot of people think. So there's this study from 2021, which shows that they found fingerprinting has increased over the years and is now present on about 10% of the Alexa top 100,000 websites. What's even more concerning is there was a follow-up in 2024 where they used
FpTracer, and they found high fingerprinting activities in 8% of domains with some moderate activity reaching 75%. Fun detail, but they actually test this using something called Foxhound, which is an open source Firefox browser that you can actually download and play with yourself if you want to. Now, what makes this all particularly concerning is that it's all pretty invisible to you. There's no consent banners, there's no notifications, there's no cookies to clear, just silent tracking. And to make things even more interesting, fingerprinting is overall pretty new with tons of different takes that you see online that you'll hear how it works or how to deal with it and a lot of conflicting advice. So today's video will try to shed light and give you more of an evidence-based approach. And so hopefully by the end,
you'll understand how fingerprinting works, how to detect it, practical protection strategies for different experience levels. So first it's important for us to understand how fingerprinting is just different from cookies. So what a browser fingerprint is, is it's the process of something like a remote server, which collects data points concerning your browser and your operating system and anything else about your system which is unique. And these unique attributes form what we call this fingerprint, which is very similar to your real-life fingerprint, which is very unique and is pretty much only tied to you. And just like the physical world, fingerprints are really hard to change or remove. And in a digital space, same thing. It's really hard to control this or erase it through any conventional browser data clearing
mechanisms. Every attribute on your system has a unique entropy value. And these entropy values can be used to measure the uniqueness of your system. So this can be your screen window, which is the size of your screen window, device speech engines, fonts, canvas, languages on your system, your IP address. The only
thing that you really need to know here is that higher entropy for each of these attributes is more unique. And you can also start combining the uniqueness of different attributes to come together to form an entire personalized individual. And the thing about this is that it's a persistent unique identifier. So theoretically, every website you go to can actually get that same information. And if there is a person or a party that's connecting that data together, they can start saying, "Oh, this is the same user going on every website." Even though they're logging in with a different email, even though they're an anonymous user,
they're actually the same user. Now that we know the basics of fingerprinting, I want to touch on how exactly it's conducted because this is really important to understand if you want to figure out how to stop or prevent it. So there's two general camps. There is passive collection, which is information your browser automatically reveals without any special scripts. So there's always going to be a user agent or basic things that a website can just see about every user and they don't have to do anything special or unique to get that. Something like an IP address as well is something that can be unique to you that probably doesn't need any active data collection. There's also active probing, which is JavaScript that they can inject, or different custom scripts which actively test your browser's capabilities. So if you go to miunique.org,
run a test. So I'm doing this in the VM here for all of you to see. And I'll touch on the similarity ratio and my thoughts on that in a second. But I really want you to just see the values. And that's the most important thing about this. This is telling you exactly the values that this random website, which I just opened the website and ran the test. So I didn't give this any additional privileges. Theoretically, any website out there
will be able to get this same information. And so the idea of fingerprinting is a site can start compiling all this information, including even audio data, to start getting a very personalized and unique look into what your browser and your system looks like. And then if you have a different website that collects the same stuff, they can say, oh, these are the same user. Two really easy ways that you're probably fingerprinted that are easy for most people to already grasp is your user agent, which essentially just identifies your browser name and version and your underlying operating system and its version. And that combined with an IP address is typically enough to already start tracking you around the internet. But then we see things like canvas fingerprinting, which will render out a unique image. This
doesn't really work on this browser. We'll touch on that later. But it will render out a unique image and it'll essentially see how long it takes or unique attributes about how the image is generated. And it'll hash that information and send it off. And that's called canvas fingerprinting. You can see an example here of canvas fingerprinting and what it looks like. And this might seem like, well, you'll know when images generated, what if I disable images on a website? They can render images that are pretty much hidden images. They're transparent. You won't see them. So this can be implemented very
discreetly. There's even things like CSS fingerprinting. There's also something called webgl fingerprinting, which is pretty similar to canvas fingerprinting in the sense that it abuses 3d rendering. And it can also persist across even different browsers on the same device, which is pretty crazy. This one's pretty insane, but they can actually do audio fingerprinting as well, where they play audio, but it doesn't actually ever play audio. It's the same concept where it's supposed to be discrete, but it's still generated in a unique way that can be tracked. Use of ad block, do not track. Pretty much anything on your computer for the most part can be collected in some way, shape or form.
And there's even new things now because of new API. So there's something called a battery API, which allows browsers to see your battery level. And I want to show you some real world tests now to kind of compare different browsers and what to look for. And I also want to touch on the similarity scoring slash uniqueness scoring, depending on the site that you're going to use. So the first browser I'm showing you is Mullvad browser. It's Firefox based. So it shows as Firefox, and this is running on a macOS system. It's actually set to just standard UTC. And that is part of its fingerprinting resistance,
believe it or not. If you've ever used Mullvad browser, you'll notice that's kind of an annoying usability issue sometimes. What this is just telling you is that you're running Firefox on macOS. Just to give you the context of how many people in the world probably do that. Either way, I wanted to compare this with stock Chrome to kind of show you the difference between the two browsers. So I want to clear something right off the bat, which is there's this common take online that just using Chrome, because it's the most popular browser, means that you're the least unique browser out there. And even
in this, you're going to see here that even the time zone is perhaps a more fingerprintable metric than just being on Firefox. So I really like to already challenge the notion that if you just use the most popular thing out there, that means you're not fingerprintable. And the reason for that is we just talked about how there's a million things that are unique to your system that can be fingerprinted.
And so there has to be something more that you actively do to prevent the tracking in the first place. Now, if you scroll down and really directly compare, you're going to see things like, again, the time zone, and you're also going to see the canvas, which is actually successfully rendered. Now, here's why I have issues with like the similarity scoring. My understanding is that the canvas isn't even generated in the first place on Mullvad Browns, which causes this to have a bad canvas rating. But here's again where the similarity ratio kind of fails us because we see a 27.63 similarity ratio, which is a valuable metric, but shouldn't be the reason why you do or don't do something. Because
what we'll talk about is using an ad blocker actually prevents a lot of these scripts from running in the first place. And so that's actually a very important thing that might prevent a ton of this fingerprinting from even happening. Yet it ironically makes you a tiny bit more unique, but that's why the similarity score should be used in conjunction with other decision-making processes that we'll touch on later in the video. Screen width is another thing that this might be slightly
misleading because the similarity score is a lot lower, which might be bad because that means you're standing out more. But this is actually called letterboxing, and it's a really important technique to hide the true dimensions of your window, which actually might be good in a lot of contexts. You'll also see screen available top and left are always set to zero, whereas over on Chrome that's a uniquely identifiable thing. And here's where we get to the really nasty stuff in Chrome, which is Chrome just renders WebGL, and it tells you exactly what's going on, and it actually renders it, and this being rendered, as we talked about, is uniquely identifiable. And also above, you're going to see the canvas was uniquely identifiable, and that's just already a big fail to me. Now, oddly enough, Chrome has this random win where audio data actually isn't supported, whereas on Mullvad it is. So I don't know if that's something Mullvad is going to address at some point,
and that doesn't really change my final recommendations, which I'll cover more later on. The gyroscope is something that can be used to fingerprint you, and it's enabled in Chrome, but not in Mullvad. Your battery level is actually visible to websites on Chrome, which is insane, as well as your connection and all of this stuff. So definitely not a good situation, and the rest is pretty much similar. Now, if you compare Brave to Chrome, you'll see that Brave actually does render the canvas, and there are some things that Brave does that aren't fantastic, like also rendering WebGL. With all that said, Brave does something else that's a little bit unique. To really have some fun, I also put Tor Browser out here, and Tor does not render audio data, nor WebGL, nor Canvas.
So you can actually test your Tor Browser instance to see exactly what a website will see in your Tor Browser. Now, I want to quickly touch on a second site called Cover Your Tracks, which used to be called Panopticon? Panopticlic? I don't remember what they used to call it, but now it's called Cover Your Tracks. And over on Tor Browser, it's going to say just basic things. Yes, yes, and your browser has a non-unique fingerprint, which is really cool. And they do give also some detailed results, so you can see exactly how they're collecting the information. Now, it says here with this Tor Browser instance, one in about a thousand browsers have the same fingerprint as mine.
Over on Chrome, it directly says, "I appear to be unique." And it's also able to collect 18 bits of identify information, whereas on Tor Browser, it's about 10. If you throw Mullvad into the mix, you're going to get about 13, and it has about 10,000 browsers. Here's where things get a little confusing, because over on Brave Browser, you might notice Cover Your Tracks does something like something a little bit different, which it still says you have strong protection against web tracking, and it specifically says that your browser has a randomized fingerprint, which means it's automatically able to detect that you're using Brave, which randomizes your fingerprint.
Now, Brave and Chrome actually have very similar results: 17.94 bits of identify information on both sides of things, and if you actually compare side by side, you'll see a lot of similarities. The difference is that Brave is actively changing that fingerprint, and so we'll touch on that approach in a second. Now I want to talk a little bit about these two different approaches, which is standardization versus randomization, as well as kind of a third one.
I want to say that this is actively debated, and there are pros and cons to each approach, and this is probably something that's going to have a lot more information coming out about, as well as most of this video. A lot of this information will probably become outdated and will evolve with time, so definitely stay subscribed to the channel. Now, different browsers have different ways of dealing with this, so Brave specifically really likes randomization, and things like Tor Browser and Mullvad Browser really like standardization.
Now, the concept of standardization is that it's trying to make all users look the same, so they look identical. And the goal is anonymity through uniformity. Now, this happens through a standardized user agent. It uses things like letterboxing. It reports common time zones, languages.
It blocks canvas data extraction, and it does all those things I showed you earlier in the demos. Now, in terms of effectiveness, this seems to be pretty effective at providing anonymity and resisting fingerprinting, as it minimizes those unique characteristics from even being able to be snagged in the first place. Now, the main trade-off of using services like this is that it can sometimes lead to slower and just straight-up worse browsing, especially with Tor Networks routing. You'll know how slow that is, and you'll know how a lot of websites will break, and having a different time zone that's not yours when you're browsing some sites just really throws you for a loop.
Now, randomization, as far as I know, is only really being implemented by Brave, as far as I know. This focuses more on, like, disrupting tracking, because it makes the fingerprint appear different over time or across different sites. An example of this is their canvas fingerprinting. So, it does allow canvas fingerprinting, but if you do something in an incognito window versus a regular window, you'll actually see there's a different signature. So, while the uniqueness is 100% and they've never received it before, if you just close the tab, use the forgetful browsing feature in Brave, and toggle on your shields, then this will actually be unique every time you do this test.
Now, with all this said, it's not foolproof, because they even had to remove a prior demo, because this demo still was accurately giving the same ID across an incognito and a non-incognito window, because it simply just tracks through basic information about your system and your IP address, which actually is much simpler than using all these other strategies. The plus side to Brave's approach, in my eyes, is that it allows you to have a much cleaner web experience, and you don't have to go through the typical struggles you'll get when you go through the standardization process, and you can pretty much have a Chrome-like regular browsing experience with some extra fingerprinting resistance through randomization. It's not foolproof. Now, the third kind of given in these scenarios actually has more to do with blocking this stuff from happening in the first place. So, I wanted to really quote this research article here that they found that fingerprinting is almost five times more likely to be performed by a third-party script than a first-party one. So, to look at their diagram here, if you visit a site like myshop.com, they're going to run scripts to do things on a site, like give you a shopping cart, give you all these cool places to check out, maybe check out clothing, whatever they're selling.
But then they also introduce third-party scripts. This is where you'll find third parties that might collect data about you, or maybe it's to provide genuine services. But these third parties might start getting some of this browser data, and then that third party could be used on a different website that you go to later, and that now ties your data together across websites. And again, what they found is that it's almost five times more likely for this kind of tracking to be done by a third-party script. So, the third really effective thing to do is to just block trackers in third-party scripts, which things like Brave do, things like Mullvad do. Any browser that has uBlock Origin can probably do it as well. So, the pattern I'm seeing kind of emerging from the research that I've gone through is: A, blocking this stuff from happening in the first place is extremely effective.
B, whether you choose standardization or randomization or both, I highly recommend both, just understand the pros and cons of each approach and combine that with blocking in the first place. Now, I've said many times on this channel before, I like to use multiple browsers, and I think that having Brave there for your randomization needs is perfect, and it's very usable, it's very accessible, and I don't know of any other browser that's really implementing randomization the way Brave is. So, that's actually extremely novel technology, and I don't think Brave gets enough credit for that.
I also don't think Tor and Mullvad are given enough credit for the amount of work they do to blend users together, more so than all Chrome users just using Chrome out of the box, which is flat-out misinformation at this point. What would be super cool, and I don't know if this is possible, as they're kind of different approaches, I don't know if there's a way to somehow randomize and standardize in the same browser. So, I don't know if that's something maybe we'll see in the future.
Before I give you my final tips and my recommended browsers and configuration changes to really target fingerprinting, I want to briefly talk about the privacy implications of this technology, as well as why it exists in the first place. So first, targeted advertising is a big one. If all of your site traffic is now correlated, then that can be used to target you, even if you use things like ad blockers. Cross-site tracking, in a similar vein, can be used by websites that are trying to keep tabs on you across the internet. And I think it's really worth exploring the idea that in the future,
this is going to maybe serve as an alternative to cookies. There's going to be much newer ways of tracking people that are going to probably be harder and harder to defend against, and while cookies had their problems, at least they are easy to block and just never deal with. Now, on the positive side, this isn't exclusively just used to track you online.
There are legitimate uses for fingerprinting, which include fraud detection, bot mitigation, user authentication, and sometimes even account security, because they'll be able to see that a user's on a recognized device and it looks the same as the last time they logged in. Therefore, it's not an account takeover. And it's very hard to duplicate someone's fingerprint, and so if someone logs into the same account with a different fingerprint, that could raise alarms. Theoretically, fingerprinting can actually be used for good. It's not exclusively a bad technology, though
most of what we hear about is negative. Now, before continuing with the video, I want to give a major shout out to our sponsor, Notesnook. Notesnook is an open source, end-to-end encrypted, private note-taking service with no tracking and none of this fingerprint nonsense that you're probably watching this video for right now.
End-to-end encryption means that you actually own your data, unlike other services where you're trusting them to not do anything nefarious with what you're doing. This is essentially the mathy way to guarantee that your encryption key is only your encryption key. They have cool features like sharing and being able to destruct those shared notes. You can clip the web. They also have bi-directional note linking, so if you want to do things like what Obsidian does, but with more privacy and security, they support that. They have lots of other good formatting goodies and things to make your life a lot easier, including one of my favorites being Markdown support. The best thing too is that it's compatible on most browsers,
even with fingerprinting protection in place, as well as most operating systems. They're available on Windows, Mac OS, iOS, Linux, and Android. And again, it's open source and even works in your web browser. Take back your notes and your personal thoughts today with Notesnook. You can check them out down
in the description. And thank you for sponsoring us. Back to the video. So now that you have all the context that hopefully you need about fingerprinting, the different approaches, I want to touch on what you can do and the different effectiveness levels of different things. So if you go into any Firefox based browser, whether it's Tor, Mullvad, or just standard Firefox, go to about config in your search bar and say accept the risk and continue, and you can just search for resist fingerprinting. You're going to see Mullvad doesn't really let you change this, but as long as you enable this, this is going to help standardize reported values like your time zone, screen size. It's going to restrict certain APIs, and you can see all the technology that's implemented into this stuff. And I would say this is medium to high effectiveness, and you won't see that many issues as a result of it. Some websites might display
things a little weirdly, there might be some functionality differences, but there's not like a broad issue with enabling this feature. On the other side of things, you have Brave browser shields, which are just enabled by default in Brave. And you just make sure that fingerprinting is enabled globally, and that's pretty much it. Back in the day, they used to allow aggressive fingerprinting,
and you could have enabled that for better fingerprinting protection in Brave, but they removed that. This, like I said earlier, will randomize things, and so you're going to have a randomized values for WebGL, Canvas fingerprint, JavaScript APIs. And I would say this is also kind of medium to high effectiveness with very little drawbacks, so I would just enable it. Now the next step is just using Tor Browser. Out of the box, really nothing else to do outside maybe adjusting your safety sliders to be safer or safest. This is going to route everything through the Tor network,
it's going to standardize things, it's going to do a lot of great stuff for you, it's going to hide your IP address, it's going to do letterboxing, so your screen size is different. You can see how there's letterboxing on the screen right there, it's going to block things like WebGL, Canvas, etc. It's extremely effective. To this day, it's the best way to resist fingerprinting. Now of course, it's the most effective, so we're also going to see the biggest drawbacks, which is slower browsing speeds. Some websites just straight up block Tor, and if you ever use Tor long enough, you know it's probably not a daily driver for most people.
So reserving it for those more private situations is definitely what you want to aim for. Similarly, there's the Mullvad Browser, which is developed in collaboration with the Tor project, which does a lot of things that the Tor project does. So it's high effectiveness, it's not quite as high, it's not quite as much as what Tor Browser does, but it's quite a bit more usable than Tor Browser. So this is kind of a nice in-between between maybe something like Brave and something like Tor in terms of protecting your fingerprint. And this is actually personally my default browser because it's usable enough for most things, and it's also ephemeral by default, so it's good for me to just search up weather in the area or just do a quick web search. And then I have Brave, which I use for logged in accounts, which randomizes my fingerprint. And then there's the Tor Browser, which is just there if I need
to do anything that requires more anonymity, or I need something like an Onion URL. Now those are the three browsers that implement some kind of fingerprinting resistance on the market, and we'll talk about other things to do in a second, but just covering those three options, I wanted to quickly touch on the fact that even Brave themselves acknowledges that they do not implement the same privacy protections from the Tor Browser if you're using something like Tor private windows in Brave. So well, you know, if you just need to open something quickly up because it's an Onion URL in your Brave Browser, that's fine. Just keep in mind, again, even the Brave project themselves. This is their official website. You don't even have to quote me on this.
It says they don't have the same protections. And now I want to touch on some different tools within almost any of these browsers that might improve things further. First is uBlock Origin. uBlock Origin is an open source ad blocker, is what it's known as, but it's also a tracker blocker and it blocks scripts. And as I mentioned earlier, one of the best things to do is simply just block these things out of the box so that they can't fingerprint you in the first place. So on any browser, regardless of what you choose, I recommend installing uBlock Origin. This is going to block those scripts. It's going to,
I say, be medium effectiveness. And this is like such an easy thing to do because it improves page loading times. It gives you a cleaner web experience and you can do it on anybody's system, regardless of what browser they're using. Chrome removed manifest v3, which means you can't anymore really use uBlock Origin
on Chrome, but they have uBlock Origin Lite on Chrome. So you can still use that and install it. And it's still a help for people that are still using Chrome. Otherwise, push them to Brave, push them to even Vivaldi, push them to any browser that supports uBlock Origin, and that should be a big help for them. The one browser that's kind of an exception to this is Tor Browser, which, unless you're on Tails, doesn't actually include uBlock Origin, but that's because it includes NoScript instead. Now, the next thing you can do is use NoScript, and this is something you can use also on any browser. It's mostly associated with Tor because it comes out of the box in Tor, but you can use it on any other browser. And again,
like I was saying, this is actually just going to disable a lot of JavaScript, if not all JavaScript by default, which is going to disable things from WebGL, audio, JavaScript attributes, fonts, etc. All of that from even being able to be tracked in the first place. This is very high effectiveness, and it gets you very far. Now, ironically, disabling JavaScript in itself is a fingerprintable attribute of your browser, but it's overall still, from my eyes, a net positive because there's so many other things that can't be collected. And the other obvious downside to this will break a ton of websites because JavaScript is kind of necessary online. So I don't think for most people this is
really a usable daily thing. So I recommend just kind of absorbing this for Tor Browser for most people. Now, you don't even have to install NoScript. If you're extreme enough, you can actually just straight up disable JavaScript in most browsers. So that's another option. If you don't want any granularity, you just want JavaScript completely disabled. But this will severely disrupt your web browser experience because even with NoScript and Tor Browser, you can add exclusions and still load individual scripts to make things work, just not by default. So I would really recommend the NoScript route instead of just flat out disabling JavaScript in your browser. Now, the next thing out there is using a
VPN. And you've probably heard about a lot of things that VPNs do for you out on the internet. And believe it or not, there is a small benefit here. It's nowhere near as much as they sell it, but it will mask your IP address, which will hide your geolocation. And it allows sites to not just track you based on an IP. However, some nuance here. One, sites won't get your IP, but most likely you're using just a static VPN IP address. And you're probably connected to that same IP address for a long time.
And so combined with other metrics out there, you can still be fingerprinted even though you're using a VPN. They can see that you're on the same operating system coming in from the same IP address, and they can pretty much reasonably assume that those are the two same people. With that said, though, if you don't have a VPN at all, then they can just look at your IP address and you're the most unique person on the internet because no one else really has that IP address. So I think VPNs are
necessary, but they are not silver bullets and they need to be combined with other tools for you to actually have proper fingerprinting protections. Now, there's also a tool called Safing and they have something called an SPN. And essentially what this allows you to do is it allows you to use multiple IP addresses fairly easily across different websites and across different browsers. And so this might make
it a little bit easier for you to obfuscate and use different IP addresses for different things, which makes it a little bit harder to fingerprint you. Just something to think about. I have yet to even use the SPN as a matter of fact. I love the Portmaster tool, so this isn't even a recommendation, but this just gives you an idea of the kind of concept and the kind of system required to actually obfuscate your IP address in a standardized systematic way. Now, this is one of my favorites to debunk. There are these like user agent spoofing standalone extensions that claim to do this that only modifies the user agent string. And this is very low in terms of effectiveness and it can actually make your fingerprint more unique, especially if it's inconsistent with other attributes and it may even break some websites. And actually, sometimes it might make certain websites work. Like some websites have a very loose check to make sure
you're not using certain browsers and sometimes spoofing it makes them work. That's probably the only use case I see for those extensions, but they come at the cost oftentimes of making your fingerprint even more unique than regular. Way back in a day, the general advice for browser fingerprinting and all of the stuff was to install 10 extensions in Firefox, harden your Firefox manually, go into your about config setting, change everything possible. And while there were a lot of privacy and security benefits that came along with some of those configuration changes, it actually also came along with a lot of unique fingerprint ability within those browser sessions. So the common advice nowadays, it's evolved quite a lot, is to do as little as you can to get the most amount of effectiveness. And this is going to boil down for a lot of you just using Tor Browser out of the box as is, using Mullvad out of the box as is, using Brave out of the box as is. And besides those things, you can do other things like
installing a VPN, playing around with NoScript if you want to also do some JavaScript manipulation on different websites. And those are kind of like the core basic things for most people to explore. In terms of more advanced tips out there, you can use dedicated operating systems or virtual machines like either Tails OS or Whonix, which actually go a bit further and even trying to standardize things on your operating system level. So this is going to give you a larger degree of granularity. Using different browsers can each have their own unique fingerprints. So it's another perk of using different browsers for different things, which is something I've supported for a long time. And also using virtual machines just in general, you can have a virtual machine for Windows, which has its own user agent with its own browsers. And so really compartmentalizing and using different things as an advanced user will give you more of that granularity and you can choose different browsers for different use cases based on your browser.
And if you ever wanted to learn more about how a browser works, I recommend using MI Unique. And, you know, the similarity scores aren't that, you know, useful. I think what's more useful is seeing the actual values that you're given in the context of what the browser is supposed to be used for and based on how you know the browser is trying to resist fingerprinting.
A quick note on mobile devices, because most of these discussions revolve around desktop. First, fingerprinting on mobile tends to actually be slightly more effective in a lot of contexts based on what I've seen, because mobile browsers just have fewer customization options, which makes standard installations just more identifiable. Apps can access more device sensors and identifiers like your accelerometer, gyroscope, device advertising ID. Mobile browsers are just a little bit more limited. With that said, some browsers that implement some of these strategies on mobile, starting with Android are Chromite, Brave, Firefox Focus, and for the best protection on Android, there's Tor browser.
There's some options that try to accomplish similar things to the desktop side of things. And then on iOS, we have Safari with an ad blocker like AdGuard and also try to utilize Apple's native tracking protection. And there's also Brave and there's also Firefox Focus. There's also Onion Browser, which is the closest thing to a Tor browser on iOS. Now, I wanted to give a quick note because I've been asked about some cloud providers.
Essentially, what they do is they run like a server that has a browser built into the server and you essentially remotely access it. And then you engage with it there. What this essentially does is it allows hundreds, thousands, hundreds of thousands, however many users, to all be using fundamentally the same browser. So, therefore, there is no browser fingerprint because it's all just coming from one server. A couple thoughts on these services.
One, you're giving up a lot of direct trust. The cool thing about doing this stuff on your end is it's on your system and you're able to control exactly what's going on. You can customize this, you can change exactly what's been collected, and you can change how usable the browser is.
And this is a lot more personalized and it's you, your configuration, your system. When you're outsourcing this to somebody else, you're handing over a lot of trust to an external entity that trusts that they're doing things properly. You're trusting that they are configuring things properly, that their browsers are up to date. You're also trusting them with potentially sensitive account information.
You also put a lot of trust into how they collect information about you. You're introducing a third party here. So, you have to trust that they're not also doing their own data collection of their users. So, those services are kind of new and popping up and I want to see a little bit more research and more evidence behind them to see how well they work.
Before I start giving that as a recommendation and it's not a service that I've yet to use myself either. Quick note, fingerprinting extends beyond browsers. So, there's desktop applications, especially those with internet access.
They can also create some unique profiles. Email clients, for example, can leak information through tracking pixels and HTML rendering. Office applications could have telemetry or document identifiers. And there's also even cross device fingerprinting, which is starting to evolve where companies can link activity across your phone, your tablet, your computer and smart devices by analyzing like behavioral patterns, network characteristics. Generally speaking, this is pretty novel and probably further down on the list of priorities. But if you want to minimize these risks, you can try using open source alternatives to commercial software whenever possible.
Disable telemetry when possible and be just generally conscious about which applications have internet access, which don't. Try to use firewall tools if you're unsure. And also our Become Anonymous and Go Incognito course are a good starting point if you want to address these more broader concerns that might also impact fingerprinting. Let me consolidate that once more.
If you're listening to this and you want the easiest thing to do, I recommend just using a privacy-focused browser that takes care of this stuff for you and don't make this your life. So use something like Tor Browser, download it on your system. You don't have to use it as your default browser, but have it on there, play with it, see how it works. Same with Mullvad Browser. I do think a lot of people can probably use Mullvad Browser for just basic searches and even make it their default ephemeral browser so that they open links in an area that doesn't save everything about them. And then they can also use something like Brave Browser, which has a lot of this resistance built into it.
Now, if you don't like any of these browsers, totally fine, totally acceptable. You can find similar protections in other browsers, though some of them will probably need a little bit more tweaking. And in those situations, I highly recommend looking into privacy-enhancing extensions like uBlock Origin, as well as looking into things like NoScript if you want to get a little bit more advanced. From there, you have network-level protections like your IP address and also just keeping your operating systems and your browsers up to date, clearing cookies, clearing data whenever you can. And if you're in a situation where you need even more sensitivity, that's when you might want to consider dedicated hardware or software configurations like Whonix, Tails OS, or even dedicated machines that you configure from the ground up to help deal with this issue.
One more simple but often overlooked strategy is to be selective about which websites you visit in the first place. So using privacy-respecting websites and services that explicitly commit to not fingerprinting their users. And if you have to use a website like Reddit or Twitter, there are private front-ends to access the same information if you want a layer of privacy when accessing those websites. Even better is just directly taking your business to other websites like Duck.Go for search, Proton for email, or platforms that follow just privacy-by-design principles that just avoid this tracking and fingerprinting altogether.
So not only does supporting those services protect you directly on a day-to-day basis, but it also encourages more ethical practices for the entire industry. So you're also being part of a bigger movement here and helping other people. So while you can't avoid all fingerprinting this way, just being more intentional can be very helpful. So I want to give my final practical action plan for all of you listening.
If you're a beginner, enable built-in browser protections. Firefox and Brave offer really strong protections. I also recommend switching to a privacy-focused browser for general usage like Mullvad browser or even Tor browser. And that doesn't need to be a default, but at least install it. There's no risk in installing it. I also recommend testing yourself and actually getting your hands dirty by testing this and seeing what this looks like.
So go to MI Unique and go to cover your tracks. And don't take the values super seriously, but use this as information so that you can learn a little bit more about how this works and compare between your browsers. Try turning on and off your ad blocker. Try turning on and off different pricing security features and rerun those tests. And you're going to learn a lot by doing that and you're going to see exactly what websites can see about you.
And just knowing that I think is like 80% of the work. So I want to add some important perspective here. While this is a masterclass on fingerprinting, I want to zoom out a little bit because browser fingerprinting is a concern. But I do want to just clarify that it's one part of a broader tracking ecosystem.
And it's still to this day, probably not the default way that you're tracked online. So for most people, most of you watching, there are more immediate and prevalent tracking methods to address first. Like third party cookies, basic trackers on websites that things like uBlock Origin would block, account based tracking.
So just accounts and data that you willingly give them. And that carries over to just your daily apps and services that you use and how they collect your data. So I wouldn't recommend choosing a specific browser or tool solely based on its fingerprinting resistance in most situations. Instead, I view fingerprinting protection as one factor in your overall strategy to keep in mind. But I would focus on the basics first, which is using a good privacy respecting browser with good content blocking, being careful about the accounts you create, use multi-factor authentication, and limit the amount of personal information you share online. Those steps will generally give you more privacy benefits for less effort than obsessing over every aspect of fingerprinting resistance.
Though it just so happens that a lot of these tools to help with fingerprinting resistance also help other parts of your privacy journey. And that's even more reason to use them. And of course, for any of you there who have more specific or more sensitive privacy needs or concerns than these fingerprinting protections we're about to discuss, can definitely provide protection as part of this comprehensive approach. So let's do it.
The last thing for beginner users, both for you and people you know, is to just install uBlock Origin on their browsers. That takes them a long way and is a big help. Now for intermediate users, you can go into your advanced privacy settings and try to enable things that are a little bit more intense, like maybe no script, and also try looking into browser compartmentalization and try to figure out which browser excels in each area and making decisions from there. I also recommend really leaning into the Tor browser if you're more intermediate because it does a lot of this stuff for you in a really convenient yet powerful way.
And then finally for advanced users, we talked about things like Tails OS, like Whonix, like using virtual machines, different operating systems, dedicated devices. So that's another approach that you can take if you're more advanced. And think people like the EFF and myself and based on a lot of the research seems like you really need a tiered approach to deal with fingerprinting and you can never guarantee it's going to be 100%.
Your goal shouldn't be to just stop all fingerprinting, but to reduce your uniqueness as much as possible within reason. Now, before I wrap up, I want to thank the sponsor of this video, NotesNook, and I also want to thank our amazing TechLaurians who make this content possible. If you want to support our mission of creating privacy education, you can join them by clicking the link in the description. I'd also love to hear your thoughts and experiences in the comments below and any other privacy topics you want me to touch on. Thanks for watching and I'll see you next time on TechLaur. TechLaur.
you you you you you you Thank you.
2025-05-11 01:10
