I've tested this on Debian and roughly:
- Mullvad (default): A+
- Librewolf (+setup): B
- Librewolf (default): C
- Firefox (default): D
- Chromium (default): F
Try out https://coveryourtracks.eff.org/
this post was submitted on 27 Feb 2025
58 points (100.0% liked)
Privacy
37039 readers
16 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
This has been my experience as well. What tweaks are you making to default librewolf?
Technically, the best way to blend in is to avoid changing the behaviour much from the default. I would still advise the below settings because they do improve your security, and anti-fingerprinting against naive first-party fingerprinting scripts (all 3rd party scripts/iframes should be blocked, see below: uBlock Medium/Hard). If you need protection against advanced fingerprinting use Tor/Mullvad browser.
uBlock:
-
Change uBlock blocking mode to Medium or Hard using the instructions on their Github wiki. Can cause site breakage on shitty websites (eg sites that import large JS libraries from remote sources). It is a substantial improvement over default, see the wiki for medium mode: https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode
-
Enable filterlist
Privacy>Block Outside Intrusion to LAN(Access to LAN is used to fingerprint or by threat actors during reconnaissance phase of hacking) -
Consider enabling other filterlists included in uBlock. Try to minimize enabling extra lists from the default to avoid further fingerprinting.
Librewolf:
-
Enable limiting of referrers under
LibreWolf Preferences>Privacy>Limit cross-origin referers -
Enable letterboxing under
LibreWolf Preferences>Fingerprinting>Enable letterboxing
Neptr covered it better than I could've. I also added privacy badger though I'm not sure that does anything🤷
The more plugins you add, the more unique you become, just FYI.
Womp womp
This.
Can't someone come up with a browser that just randomly lies when asked about the characteristics that could be used for fingerprinting?
Except for trusted, whitelisted sites.
That seems like it would be a pretty good privacy enhancer.
It would really stand out.
It would produce something completely different every time.
You either need to be indistinguishable from everyone else, or indistinguishable from your last page load.
Just randomly inserting fake fonts, changing your screen resolution by a few pixels, changing the variant of English between US, Canada, UK and Australia. Rendering text and images with unnoticeable random dither in the subpixel hinting. That sort of stuff.
No, the point is... It might be obvious you're using that specific browser, since it'd be very niche, and combined with something like your IP and maybe something like browsing patterns that might be enough to identify you.
It doesn't matter how much fingerprinting information you hide if you replace it with new information that's just as useful.
Not sure about the whitelisting part, but I think this is what Brave already does. Randomizing fingerprinted data as opposed to blending in. Makes it hard to build a profile on.
Use this site to test your uniqueness in different browsers and VPN setups:
https://abrahamjuliot.github.io/creepjs/
I have found that Mullvad Browser + VPN (with DAITA and Multihop ON) are better than FireFox or LibreWolf. Me and another user on here went through a little back and forth comparing some things. Just follow the comment thread from here:
https://programming.dev/comment/15090531
(take it with a grain of salt and DYOR, we are not experts)
Also, I love Tor, but another reason to be careful: exit nodes can be run by anyone, including bad actors and any 3-letter agency in the world. At the very least, add a VPN layer when using Tor.
ETA: Keep in mind that it's not just the browser that matters. Your screen size, GPU, operating system, and several other factors also add or take away from your uniqueness in terms of browser fingerprint. Basically, they less you change in the browser, the more generic and similar to everyone else you look like. The better your OS hides things from apps (for instance, in flatpak sandboxes) the better.
ETA2: I like creepjs for testing over EFF's tool for one main reason. EFF tells you how unique you are, theoretically. Creepjs actually takes extra steps to make a guess at whether or not the browser is lying and trying to hide from fingerprinting. That being said, might as well use both to corroborate.
For the record you can exclude certain countries from your tor options. I am of the opinion that most people aren't going to need to avoid government stuff, but if you do, exclude, say, 5 eyes countries if you live in one. It'll make it quite hard for them to get the full picture
You need to use or spoof a browser that is used by a lot of people, and have a screen resolution (or spoof) that is common (like 1920x1080), and set the browser to only use basic fonts like times new roman, consolas. Avoid sites that use canvas, or install a canvas blocker, which basically ignores this html element when loading the page. Mitigating fingerprinting is about blending in
Mullvad and Tor and it isn't close. I use it to circumvent bans on social media when I say something too communist. Don't alter it with addons in any way its perfect as it is.
If google, reddit, facebook, etc. can't figure out I'm circumventing them I consider that good enough.
I also like Mullvad for most cases it has adblock by default which lowers the annoyances.
Many websites will be pissy if you're secure as possible. Tor and Mullvad browser make them very pissy often. Its best to have a backup browser for that and normal activities. Librewolf and Ungoogled Chromium are good choices there. More secure, but fingerprintable enough that sites don't get pissy.
Facebook doesn't care about vpns or fake users/accounts because it drives enfagement.
Mullvad browser
Ironfox on Android is great.
Default settings or what are we supposed to compare here?
Yeah if default settings, mullvad is probably hard to beat if tor is off the table.
🤔Well, hmmm. How bout out of the box/to start with?
Its is pretty easy to get rid of all the brave crap. You just need a policy file:
# cat /etc/brave/policies/managed/brave_policies.json
{
"BraveRewardsDisabled": true,
"BraveWalletDisabled": true,
"BraveVPNDisabled": 1,
"BraveAIChatEnabled": true,
"NewTabPageLocation": "https://search.brave.com/",
"TorDisabled": false,
"PasswordManagerEnabled": false,
"DnsOverHttpsMode": "automatic"
}
Yeah but i don't want to recommend a browser to someone just for them to have some cryptocurrency, AI chatbot, and Ad reward program shoved in their face.
And then telling them that they Can get rid of it, they just have to go make some file they don't understand in a location on their hard drive they've never been to.
Because being real, if Brave's bloat was bundled into an antivirus software, it would rightfully raise red flags for anyone with standard computer literacy.
well yeah I guess some decide to make revenue with this "shady" practices like brave does and others just take 400 millions from google.
I mean, I fault Mozilla for that, and a lot of other things especially in light of recent developments. But Brave still fosters user dependency on a google project, ceding browser engine market dominance toward google. I might be bale to give Brave a pass for its faults if it was making strong moves in creating a truly free and open internet, but as-is they've basically taken an open-source project, applied their own branding, and baked in functionality that on a better engine can be replicated with more granular control by extensions.