What is Reddit's opinion of
Cover Your Tracks?
From 3.5 billion Reddit comments
➔ Cover Your Tracks website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
https://coveryourtracks.eff.org/
This website will tell you how unique your patterns are compared to their existing database. It's not that big of a database but the vast majority of people can be identified by a number of factors that seem innocuous and are easily shared. The more unique your fingerprint the easier it is to identify you. Something like only 1 in 300,000 browsers will have a similar fingerprint.
The days of privacy are long past. You can do things to mitigate how well you are tracked but at the end of the day it's nearly impossible to be discreet on the internet anymore.
Check your browser fingerprints
I am here to tell you, no matter what your teacher or parents told you, you are not unique ^in ^your ^browser, ^you ^are ^a ^unique ^individual ^though ^and ^you ^are ^wonderful.
The similar logic apparently can be applied to browsers.
I run a few ad blockers and privacy add-ons on firefox (uBlock, Privacy Badger etc.). I see no ads and am protected very well against trackers. So well in fact that it creates a unique fingerprint that advertisers can track me with.
You can test it out on Cover Your Tracks which is run by the EFF. The results shows my browser is being tracked along the same lines as OP's post.
> Even if that were the case, it doesnt change the fact that with a VPN you are anonymous and a website does not know your IP-adress.
An IP address is just one of many ways a website has to identify you as a unique user. They can use everything from the fonts installed on your operating system to the size of your web browser window to identify you instead - this is called "browser fingerprinting". Some of those things - like the size of your web browser window - are impossible to not leak since it'd break your web browser if you didn't provide it to the host site.
Spyware doesn't need a TPM to uniquely identify you. Heck, if your browser sends off enough signals to uniquely identify you, I can only imagine how many factors are available to software running outside a sandbox.
Out of the box (ie just install and run it) Brave leaves a smaller track on the web than Firefox.
(You can test it here: https://coveryourtracks.eff.org/ )
Personally I like Firefox more, for one it's a non-profit which I strongly support (and also means there is no incentive to sell off Firefox / Mozilla for the data) while Brave is a company and therefore principle wise is focusing on the profits (not to say that a company can absolutely be ethical, but there can be an incentive to sell the company itself if the right bidder comes around).
I've been running Firefox as my default browser for about 10 years now, and there have definitely been times where I would rather have used a chromium based browser (mostly because of performance). Now with Firefox redesign (don't know if its running on the main browser yet, since I use Firefox Developer Edition which is sort of Nightly/Beta) I like the design a lot more than Braves design as well.
I am also always a bit skeptical (or careful maybe) when there is a large Corp owning the source code (like Google with Chromium).
I will say go for whatever you feel fits you better, but I will always recommend Firefox based on the fact that its open source and developed and run by a non-profit, and that I personally can stand behind.
But any step towards a more privacy friendly browser is a win in my eyes.
The reason ads are so pervasive is because data mining is so profitable. Ads are a privacy and security nightmare, even the NSA thinks so. If you're curious to learn more, check out this browser fingerprinting tool made by the EFF https://coveryourtracks.eff.org.
You can use Ungoogle Chromium or every other Chromuim based browser like Brave and Vivaldi. And obviously Firefox.
For the search engine, you can go with Whoogle if you need google result without giving them your info. You can also go for Brave search , Duckduckgo and presearch which are working just fine for me when I code.
>Which steps could i take to minimize my fingerprint while also doing my job?
Brave is quite good at proteting you against fingerprint since it randomize stuff like your plugins details, Webgl vendor, audiocontext, etc. You can see it for yourself here
Eh, a VPN does practically nothing to stop Facebook from fingerprinting you. They already have more than enough data to track you.
In fact, in the age of mobile devices, your IP is already an extremely unreliable data point as it is. Things like resolution, fonts, browser version, extensions, hardware components, e.t.c. are much more important for long term tracking than the IP address.
You can test some basic fingerprinting at https://coveryourtracks.eff.org/ to see if they are able to track you. Mind you, Facebook is most definitely using significantly more advanced methods than that, though.
Not a Nord issue, more like browser fingerprinting. Your Time Zone Offset and Time Zone are most likely being transmitted from browser headers.
Spoofing user agent doesn’t help, it just makes you stand out more. Because your other data won’t match the user agent (eg your fonts won’t be exactly like a Windows user’s fonts).
See the section “Can my attempts to protect myself backfire?“ https://coveryourtracks.eff.org/learn
Just use uBlock Origin and also enable Enhanced Tracking Protection in Firefox. Ungoogled-chromium is fine also
Define "danger."
What's your threat model? Who is dangerous to you, and why?
What kind of content were you browsing?
Simply using privacy tools isn't enough to put you in any real danger in 99% of cases, even if it might raise eyebrows sometimes.
First off, if you aren't doing anything illegal, you have nothing to worry about in the first place (unless you live in a jurisdiction that is actively hostile toward users of privacy tools, or unless you're a person of significant interest to an adversary with unusual amounts of resources at their disposal).
Simply having JS enabled is not enough to break your anonymity on its own. You can use a tool like https://coveryourtracks.eff.org to see what data you're leaking through JS. Tor Browser ships with JS enabled by default. You can also set it up to only allow JS over HTTPS by increasing the security slider in the settings.
Your ISP can see that you're using Tor but they can't see what you're doing with it. Exit nodes can see what you're doing if you're not using an E2E encrypted protocol over Tor (HTTPS), but they can't tell who you are (unless you tell them, perhaps by signing into a personal account on an unencrypted website).
If you accessed some egregiously illegal content (by mistake, of course), you're most likely still fine unless you fall into that 1% category I mentioned earlier (if you did I doubt you'd be asking questions on this subreddit), or unless you did other things to de-anonymize yourself.
Selv med Brave gennem Tor kan din maskine fingerprintes unikt blandt mere end tre millioner andre maskiner. Prøv at tage testen på https://coveryourtracks.eff.org eller https://amiunique.org, det er lidt skræmmende.
It is not easy. Thinking it's easy just shows you have no idea.
This isn't 1996. You aren't fighting the cookie on whitehouse.gov, you're fighting the Evercookie served from every CDN you interact with which is also performing passive browser fingerprinting so that it can track you regardless of what IP your connection is coming from.
And then The Man is performing birds-eye surveillance for real time flow inspection with the ability to see through solutions like tor.
Ot but this is hardly surprising. The eff has been warning from this type of tracking for some time now. It's called fingerprinting https://coveryourtracks.eff.org/
> A digital fingerprint is essentially a list of characteristics that are unique to a single user, their browser, and their particular hardware setup. This includes information the browser needs to send to access websites, like the location of the website the user is requesting. But it also includes a host of seemingly insignificant data (like screen resolution and installed fonts) gathered by tracking scripts. Tracking sites can stitch all the small pieces together to form a unique picture, or "fingerprint," of your device.
Using a VPN doesnt inherently add anymore security. In fact it can make it easier to track you if your real IP is leaked by the VPN, they maintain logs for their customers, and your machine fingerprint now shows up in a data centre in Montenegro instead of your ISPs normal routing.
I have very little experience with mobile platforms, but didn't it by a chance say "browser fingerprint" or canvas fingerprint (which is a one of the data points used to fingerprint a web browser)?
Anyway, if you want privacy on Reddit, the easiest and less error prone way to do so is to stick with Tor Browser on your desktop use only, while following the most basic [Tor OPSEC](/r/privacy/comments/l3zqv3/how_can_i_become_more_techsavvy_and_educate/gkl5v7u/) strategies.
If you're using a hardened browser, your fingerprint will be spoofed and changed with each session refresh. You can check out a site like https://coveryourtracks.eff.org to see what goes into a fingerprint, as well as confirm that your fingerprint has changed following a session refresh. However, don't get hung up on the various numerical values displayed because they most likely don't mean what you think they mean, and they won't help you accomplish anything. I've watched people get sucked into that website, obsessing over all the header fields, and the numeric values associated with them, and at the end of the day they accomplish nothing. You'll probably find the most value is the About section of the site. They go into detail about how fingerprinting works, and how their testing works. The tests themselves are mostly useless, but understanding how those tests work, and why is invaluable.
Chrome puts Safari in their user agent due to the complex history of user agent.
It seems the OS detection in deviceinfo.me is broken, my very common OS is clearly listed in the user agent yet they can't see it. So does the browser build detection, your user agent clearly shows the version. I doubt the reliability of their other detections, just compare the output of https://coveryourtracks.eff.org/ to a vanilla install or ask your friend to load it on their machine.
If your stalker uses a specific IP all the time:
But chances are, it's not. You can try fingerprinting via user / browser behaviour, but it might be difficult pinpointing them, Check https://coveryourtracks.eff.org/ to see examples of uniquely identifiers.
After recieving the connection IP, finding the location is not that hard.
IP address are useful for tracking people, but fingerprinting is so much more than that.
Fingerprinting tools on websites know the exact browser you have (exact version, exact OS version), your screen size, fonts you have installed, addons you have in your browser, etc.
Browser fingerprinting makes cookies more irrelevant for targeting ads now days. Ironically, the more unique your browser set up is, the easier you are to track.
It’s funny and frustrating that we have all these GDPR pop ups that are solving nothing while adding extra nonsense to webpages.
Check out
https://coveryourtracks.eff.org/ Or Amiunique.org
A VPN still shields your personal IP though so good to use. Also, if you’re logged into Google, they’ve already got your login, so you would need to clear your cache and make sure you’re not logged in and thus have sessions continuing into your VPN session.
The easiest way if you’re looking to not be tracked is to use Brave or Chrome in an incognito window so all extensions are disabled.
> Ever sign up for a reward program at a store?
no, for the reasons you mention.
But you do know that you're bringing up a real world example here right? Not an internet one. The internet does not need to know your real name to target ads to you. Browser fingerprinting works entirely without your real name even, here's an example website where you can look at the process yourself: https://coveryourtracks.eff.org/
Giving real name is only relevant when it can be used as a bridge to your activities in the real world. However it is not the only identifier you can use to bridge that gap.
I feel you have no concept of what app fingerprinting means.
Please take the Panopticlick Challenge and then maybe you can understand how it is trivial to track via just one application, let alone dozens.
Its a really great browser in my opinion. I’ve been using brave and firefox and trying to compare the two and I’d say brave is a lot faster but its lacking some features from firefox. I wish it had a good reader mode, I really miss the ability to play a video as a separate little window, and I like the screenshot options on firefox. I decided to turn off the brave rewards and the brave ads because I really don’t like the browser itself recommending ads. It really fast while still being private and that’s the main benefit to it over other browsers. Its fast chromium with more privacy than basic firefox. I also like the fact that it blocks fingerprinting better than firefox which I found out here. Overall, I’d say its the best or if not one of the best browsers you could use today.
Honestly, you cannot do too much.
Extensions are one thing, but most of the information they can see regardless of the extensions. ublock origin, containers, emptying cookies (except whitelisted sites) via FF and using the builtin Strict settings are good enough for 99% of us.
Also check this and read the comments/references/links: https://coveryourtracks.eff.org/
OK. I have a question about Firefox claiming to prevent fingerprinting.
On my Windows 10 computer I have Edge, Edge Canary, Vivaldi, Brave, Firefox and Firefox Nightly installed. If I go to the EFF’s website for Cover Your Tracks my results are:
Vivaldi, Edge, Edge Canary, Firefox all report “Your browser has a unique fingerprint”.
Firefox Nightly reports “Your browser has a nearly-unique fingerprint”.
Brave reports “Your browser has a randomized fingerprint”.
On my Linux partition, Firefox still reports as a unique fingerprint.
What’s going on with my browsers?
https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
In general this is one of the most effective ways to prevent fingerprinting that I know of, aside from using Tor itself. If avoiding fingerprinting is your primary concern, and you already use containers, this extension won't make a difference.
Use Cover Your Tracks to verify for yourself if the extension or your other settings make a difference.
Well your IP address for one. Your browser also sends tons of information about you.
Try this tool from the EFF to determine what information can be determined about you from your web traffic: https://coveryourtracks.eff.org/
> if you are using HTTPS, doesn't that encrypt part of the url
Correct, at most, they'll only see the domain. In addition, if you're using Firefox and the site supports ECH, they only see the IP address. Sites using CDN would share the IP with various other sites.
>if you used Google, they can tell that you used the it but they don't know the Google searches you have used
Correct, though it's also trivial to deduce what you're searching if afterwards, you're visiting specific sites (eg, a paint store in a certain city) instead of generic sites such as Wikipedia or Reddit.
Also, VPN and HTTPS do nothing against trackers and fingerprinting
Check these links if inclined, https://coveryourtracks.eff.org/ and https://browserleaks.com/ They'll help you understand for eg., a Firefox, about:config > privacy.resistfingerprinting > true, et. Hope they help ))
Great examples, but of course its so much more detailed than that. I just checked my fingerprint, and sadly its uniquely identifying.
https://coveryourtracks.eff.org/
Will check and give you a point by point list of why you're unique.
Well if your worried about a website knowing the number of cores of your processor, then you should know that there is way more that your browser leaks.
You can see that with test sites: * https://coveryourtracks.eff.org/ * https://amiunique.org/ * https://browserleaks.com/
I am not good at crystal ball gazing, so maybe you should start by telling which browser you use ;-)
Und wie üblich die Anmerkung, dass Tracking weit, weit über die paar lächerlichen Cookies oder localStorage Sachen hinausgeht. Die Einstellung regelt nur das aller einfachste was man in 5 Minuten zusammen schreibt. Sonst regelt die gar nix.
Einfaches Beispiel: Fingerprinting vom browser (mit dem tool von EFF zum Beispiel testen), speichern im backend. Alle Informationen in einer Datenbank zusammenführen mit der von anderen Seiten. Hast ja allem zugestimmt. Aber hey, die Cookies sind weg.
Basically the way your browser acts when you visit websites leaves a fingerprint which can identify you. If everyone used Firefox with default settings on the same type of device with the same operating system, the same screen size etc, then fingerprinting would not be a very good tracking mechanism. But, because people use extensions and change their settings, use different resolutions and OS's etc, everyone has a different or at least close to unique fingerprint. If you go out of your way to modify every setting you can to improve privacy, you will stick out like a sore thumb and can easily be tracked across sites. This is why TOR highly recommends users NOT to change any of the browser settings. Check this out: https://coveryourtracks.eff.org
For mainstream browsers. The only one that can help you on your requirement is Brave Browser since it can randomize fingerprinting parameters.
The other option would be Tor Browser.
In case you choose another browser. You can test it here. https://coveryourtracks.eff.org/learn
All that creepy information is your browser fingerprint. A VPN will alter it a tiny bit but not enough. https://coveryourtracks.eff.org is another site. This just tells you if your browser is unique or randomized.
You can take the word of a bunch of redditors or you can actually see for yourself with a test like https://coveryourtracks.eff.org/ or browserleaks.com Run a few tests, make sure you're where you want to be, then just do your thing and be done with it. Dwelling too much on security is sure to drive you mad because there's literally no end to the hype, threats and possible points of failure.
Try this before installing the addon and afterwards: https://coveryourtracks.eff.org/ Try different security settings within the Tor browser too. The main thing you want to avoid is fingerprint tracking, and this tool from the EFF helps you analyze your setup. But in general, yes, installing add-ons decreases your anonymity.
If you want to know the details of your browser fingerprint, please use this site instead: https://coveryourtracks.eff.org. It's by the EFF, a trustworthy non-profit organization dedicated to protecting internet civil liberties since 1990.
All common websites already have your browser fingerprint data already, as they can easily find your location, time zone, device you’re using, plus a host of other.
Here’s the EFF Browser Fingerprint Test : https://coveryourtracks.eff.org/
There is nothing you can do except maybe use a VPN, harden your browsers through addons (although this will make your browser more unique) or use the Tor Browser.
If not done right, being more privacy-conscious can make you more unique, which in turn can be used to identify more easily.
There is a section (6.1) and two references about this in this paper by Peter Eckersley from the EFF about browser fingerprinting.
Firefox with a bunch of extensions. The only no so small issue with extensions is that you make the fingerprinting of your browser even more unique as you can see here: https://coveryourtracks.eff.org/. Now there are FF extensions that change your user agent randomly and your html5 canvas but the webgl fingerprinting is hard to change. You pick your poison.
Recursive resolving in your locally hosted pihole means you're sending Do53 requests directly to nameservers. These are readable and modifiable by the ISP. However, even if you're using a third-party or your own VPS-hosted (which in turn requires you to trust the VPS provider) DoH/DoT server, the ISP still easily sees what domain you eventually visit in HTTP (rare these days) and HTTPS (through SNI). If your ISP offer zero-rating for some site/services, they already have SNI monitoring in place. In some countries domain blocking already uses SNI filtering.
ECH (so far only supported by Firefox-derived browsers, and mostly on Cloudflare powered websites) helps to hide the SNI, but unless the site you visit uses CDN, then the IP would be linked to that site and the ISP can easily deduce what domain you're visiting. Some countries even actively block packets with ECH entirely.
If you're concerned about being tracked, encrypted DNS, HTTPS, and ECH don't stop cookies and fingerprinting
This is a bad idea.
https://coveryourtracks.eff.org/learn
> Can my attempts to protect myself backfire? How can attempting to make myself more anonymous actually make me more identifiable?
> No matter what browser you’re using, they all send information about themselves to servers so that web content loads correctly. This information includes the browser name and version. If you swap out the identifier of the browser you're actually using with one from a more common browser, you may make yourself completely identifiable. How is this possible? If Chrome is a more common browser, how can identifying your browser as Chrome make you more unique?
> Because trackers aren’t only looking at what browser version you have. In combination with other metrics, your fake Chrome browser may stand out. This is because if you are actually using, say, Safari browser all the other metrics will point to this fact. You will have the only browser out there identifying itself as Chrome but looking like Safari.
lol. Ya never know. I just posted these links for someone elsewhere (see below), but in the meantime shore-up your browser, use a VPN ofc, and check out the links if you're not already familiar. Peace out )) https://coveryourtracks.eff.org/ and https://browserleaks.com/
Sure, using the VPS means your ISP can't see what domain you visit (yes, with HTTPS at most your browsing data only reveal the domains you visit to the ISP, not the content of the page or what you type), but your IP is pretty much static unless you like to always create new VPS all the time, and the VPS provider, in turn, can see the domain you visit. Whether you're using a VPS/VPN also doesn't change how tracking cookies and browser fingerprinting works. It would be like going to the mall in a car with darkened window but then flash your member card in the stores.
Check your Browser with privacy checker
Also a lot more privacy stuff and knowledge can be found here: https://prism-break.org/en/
> 1 means that any server you communicate with (Google, reddit) does not know your true IP -- just the IP of your VPN.
This is already true for a home Internet connection with NAT, and some ISPs do carrier-grade NAT as well. But it turns out "knowing your true IP" is only one of a ton of data points that can be used to track you. If you're actually trying to prevent Google or Reddit from tracking you, hiding your IP isn't nothing, but it's almost nothing. Check out what else they can use to fingerprint you.
Or, for that matter, if you're signed into Google for anything, check out what they know about you.
> 2 means that anyone watching your traffic between your computer and your VPN can't see anything.
Ordinarily, "anyone watching your traffic" is your ISP, or your cell carrier. It's not obvious why the VPN provider (or their ISP) is any more trustworthy.
And what they can see isn't much. Reddit is encrypted, so they can see that you use Reddit, but they can't see which subreddits you're on or what you're doing. So even on public wifi, where "anyone watching your traffic" could be random people on the same train, a VPN is protecting literally just the reddit.com part of the URL.
This is a long and complex argument ..really. I think that what you can do when you browse with Firefox is reduce identification and attack vectors, with this configuration (and some my custom options) the components with the highest "Similarity Ratio" are the audio, video components and Fonts ..among other things :(
There are some annoying things when you decide to fight the fingerprinting, some settings go against the final purpose in fact, for example Installing too many privacy add-ons has the opposite effect, there are "few" users with 10 similar add-ons installed on a browser xD
Anyway I think that these settings are useful to increase security and privacy compared to a browser configured by default. I invite you to try the setup and do your own testing by running tests on these sites:
https://coveryourtracks.eff.org/
Think that with any setup (default or hardened/sandboxed/secured etc.) you cannot totally defend yourself against some identification methods. As always it depends on your needs, for further configurations it is recommended to see VPN, Tor or I2P Networks :) ..and any other decentralized network you might be interested in...
A VPN will not protect you against this kind of tracking. It's only one part of fingerprinting and tracking you online. I won't go in depth here but on a first degree things like cookies, localStorage and client headers are widely used to uniquely identify you.
On a second order you can be tracked with fair certainty using combinations of other bits of entropy.
https://coveryourtracks.eff.org/
If you want to stay anonymous online, yes, you will need to address your IP address using for example Tor or a VPN provider - but it's far from sufficient.
Definitely don't give up on covering your presence and tracks but no single solution or provider is enough. You need defense in depth and cover diferent levels.
In short a VPN encrypts your connection between you and them. Your ISP cannot see what is sent, they only see encrypted data.
Your PC then reaches the internet via one of their remote servers which could be anywhere in the world, usually you can select the server you use and this can offer benefits like using Netflix from other countries. It gives you a foreign IP as well so be aware you can trip security systems on Amazon or eBay when purchasing items. A lot of banks won't allow VPN use. Reddit is another example of a system that limits VPN users.
It isn't complete security but if operating properly it will help evade data retention. If you select the US then of course you will be logged by their systems and they share data with Australia. Nordic countries are much better.
Your browser leaks a lot of data as well, typically your browser fingerprint is unique and can identify you online. There are ways to mask or change this but that's another story and is not something the government is doing.. unless they own advertising companies.
Keep in mind that you need to use a trustworthy VPN that doesn't keep logs or sell data. There are some "free" VPN's that make their money selling your data and you'd end up with worse security.
Best2U2
Websites are using clever and sophisticated ways to identify you even when using incognito windows. Incognito modes don't make your activity inherently private.
​
>Browser fingerprinting is a powerful method that websites use to collect information about your browser type and version, as well as your operating system, active plugins, timezone, language, screen resolution and various other active settings.
>
>These data points might seem generic at first and don’t necessarily look tailored to identify one specific person. However, there’s a significantly small chance for another user to have 100% matching browser information. Panopticlick found that only 1 in 286,777 other browsers will share the same fingerprint as another user.
>
>Source
You can see how this data can be used to identify you as a unique user here: https://coveryourtracks.eff.org/
I'm unfamiliar with Firefox Focus, but it seems to take some steps towards making your fingerprint less unique, making it much harder to identify your private activity to you.
Get more information about your browser fingerprint at https://coveryourtracks.eff.org/
Hardening browsers can make your fingerprint unique. The more tweeks and the more extensions you use to stop data collection, the more unique your browser fingerprint gets.
USE TOR, IT HAS A VERY COMMON FINGERPRINT
It’s not. You should be able to test here and get “it has strong protection against tracking” as a result
https://coveryourtracks.eff.org/
If youtube was able to bypass Brave adblock, then it could be more of problem of the filterlist rather than Brave itself.
Also I have seen uBlock users are reporting over their subreddit than they have gotten ads on Youtube. So, it’s possible google is involve.
You can go search for the other sites that test adblockers
Yeah if you try multiple browsers on the Cover Your Tracks site someone linked below, they are almost all the same. In fact, the more private your browser is, the more unique your signature is. Tracking protection and privacy and cookies are each just one element of fingerprinting. Fingerprinting is taking a look at your RAM, OS, browser, cookies, trackers, screen size, CPU, GPU and more. It's like instead of using your thumb print cuz you've taped on someone else's finger, it wants every finger, palm, foot, toes, retinal scan, face recognition, gait, audio sample, blood vessel map and genetic test. How many of these can you fake?
IMO, no. I think you can use any search engine available in the "One-Click Search Engines" menu. You can use EFF Cover Your Tracks to run before and after fingerprint tests to gauge whether using different search engines affects the estimated size of your fingerprint. I doubt changing your search engine would create a measurable difference in your fingerprint unless the party measuring your fingerprint is a powerful nation-state or some other powerful adversary with sophisticated cyber equipment, conducting a "manhunt" to try to determine your physical location.
It certainly uses them, but they assuredly use browser fingerprinting as well. The EFF has a tool that can show you how "unique" your browser is. Chances are, it'll come back as unique among the hundreds of thousands tested in a given period. With a fingerprint that accurate, and an IP address, it's pretty much guaranteed that they can follow you around the web even without cookies, so long as scripts from various Google domains are allowed to run.
Browsers can fingerprint all sorts of shit about you. Preventing is difficult but possible. To see how much info a website can collect about your machine from your browser, go here and click test browser: https://coveryourtracks.eff.org/
Hopefully it wakes you the fuck up. Websites fingerprint:
- Using cookies, which they're legally forced to tell you about, but you cannot do anything about it without risking breaking the website
- Using javascript
- All your addons/extensions which uniquely identifies you the more you have
- Your OS type and browser type
- Your screen resolution and whether it's a touch screen
- Your hardware (what CPU you have, how many cores in it, how much RAM, what GPU you have, etc)
- A bunch of other things I'm too drunk to remember.
If you really want to know, which I warn is bad for your mental health when you start understanding just how much data is being collected about you, and what purpose it serves, then by all means go to the link I provided and test your browser. Note that you can reinforce the privacy on your browser to limit the amount of data that can be collected on you. That's why coveryourtracks exists.
What you're talking about is fingerprinting. A demonstration of this (not 100% accurate in its %s, but it's great for understanding the concept) can be seen here
Short answer: No, you're not going to see better/equal fingerprint obfuscation in Google Chrome as you are in Firefox, especially if you're using tweaks shown here and addons shown here
Having Javascript enabled(on a normal browser) kinda defeats your argument,since a good script can fingerprint your extension(Making you even more unique!),your browser or even the hardware of your pc.
This site explains the mechanics of fingerprinting quite clearly. You can even check how unique your fingerprint is.
If you want to camouflage yourself inside the masses,wouldn't the TOR browser be a better alternative? (Just for lurking around)
The TOR network can hide your IP,and all the TOR browsers have the same fingerprint.
If you need to access a site with your real credentials,you can always use your normal browser. They already know who you are,no?
most TBB users have JS diisabled, so you'll look nearly the same as the crowd. you can use https://coveryourtracks.eff.org with JS enabled and disabled to see how unique your fingerprint is.
It worked in the very early days of internet advertising. Ultimately, advertisers will notice they don't get a good return from that page.
A system of fraud by advertisers is having a 'click farm', where they set up many machines with different IP addresses and configurations to click on ads. Google and other ad publishers maintain lots of systems to detect activity such as this. Just a change of IP would be very easy for them to detect as the same machine.
Look up client fingerprinting. See https://coveryourtracks.eff.org/ (nee panopticlick) for a listing of all the different data a web page can get from a browser - resolution, screen size, fonts, OS, version, and nearly unique markers like JS canvas hashes.
While just changing your IP won't work, ideas that do have been used frequently to monetize botnets, hacked browser plugins, and so forth. Once they control thousands of computers, they have them view ads and it appears more like real views since it's from a bunch of different computers. This is also tied into shady people who increase clients traffic through shady means (traffic selling/dark SEO).
The other person mentioned browser fingerprinting. See https://coveryourtracks.eff.org/ for an example, though there's many fingerprinting techniques and some are more effective than others (as well as less intrusive or obvious).
Though there's also low tech means. e.g., style of writing, similarity of email addresses that you registered with, and usage history (e.g., what pages you've viewed).
https://coveryourtracks.eff.org/
Used to be called panopticlick.
You'll see that even with incognito mode there is still plenty that they can track you with.
Not even a VPN will help in that situation.
Brave is actually far more secure than Firefox. According to tests like:
https://coveryourtracks.eff.org/
and this table:
Brave and Librewolf actually dominates the tests
I can't speak to what NYT does with the data they collect and how it's monetized but your information isn't as simple as "wordle player"
For starters browser fingerprinting exists and can be used to track the sites that you visit across the web. From there a profile can be built about you based on some of what you look at online.
Connecting that profile to a real identity is a separate question but not impossible depending on data protection laws/etc.
Even with all those mitigations, browser fingerprinting is generally pervasive and hard to avoid: https://coveryourtracks.eff.org/
Some tech changes might help with this (like Client Hints headers) but it's an arms race and we need more legislation like CCPA and GDPR to really make a dent in the steady loss of privacy.
You might be thinking of CoverYourTracks (formerly PanoptiClick). Doesn't just show what a hacker can know about your device, but what any website you visit can determine.
I don't use the BAT ad I can't be bothered. The only reason I use it is that every once in a while I'll have trouble with a site when using Firefox. Rarely. But when I do, I have Brave.
But Brave is the ONLY browser I have tested at the EFF's Cover Your Tracks that says "Your browser has a randomized fingerprint". Firefox's results are "Your browser has a unique fingerprint" as does Edge. (No surprise with Edge)
The M1 should be significantly faster but I’d hold off because rumor has it that a new Air is coming this year (and get 16 GB RAM). My Intel MBP is running faster and the battery lasting longer since I followed the instructions here to completely dig Chrome out of my system. I’ve found Brave to be an excellent replacement that runs much faster and works with every Chrome extensions I’ve thrown at it. It also does better on the EFF’s Cover Your Tracks fingerprinting and tracking test than any other browser I’ve tried. Vivaldi and Firefox are excellent, too.
They have different purposes. I would not recommend using Start as your browser. It is going to be very limited. A quick glance at the settings alone will show you that there are significant differences.
That said, it isn't the worst browser in some aspects, see the results on EFF's Cover Your Tracks. But it will lack a lot of the conveniences of a full browser, even a mobile one. It scores lower on Html5 tests but does about as good as Edge on Acid Tests. I don't know anything about its potential security, but I believe it will probably be using Webview, so that's probably why some of the tests are similar, but Edge and Chrome were the same for me while Bing was different. I don't have Start right now because I prefer the older News App and I already have Bing.
Personally I use it only for search convenience, but that would be up to you. I don't think it will sync with Edge, but I haven't really looked into it deeply. Edge Mobile will sync with Edge Desktop if you are signed into both.
I went the other way, from Firefox to Brave because like you, I tried all the same browsers (except Chrome), and agree with your assessment of Edge being good except for the telemetry (I feel like I owe Google an apology!) and the reason I chose Brave was that it was the ONLY browser that didn't have a unique fingerprint at https://coveryourtracks.eff.org/
But in your post you said you didn't like Vivaldi because you have to take their word that they're not collecting your data because they're not open source, and that you have to take Firefox's word that they're not collecting your data when you turn off their Suggestion. Firefox is open source and you can check the code yourself to see if they're still collecting when you turn it off.
But, I should imagine there will be a small number of users switching/returning to Firefox after Google's recent announcement that you won't be able to remove the search engines.
Funny, I have the opposite. Brave Browser, send DNT request is enabled in settings, https://coveryourtracks.eff.org/ tells me that it's not cover your tracks website tells me it's not.
I toggled the setting and restarted my browser (just in case there is some kind of bit flip on CYT's end), no change in CYT results whether I have DNT enabled or not.
Yes. There are ways to sort this out (and break functionality in the process) but eventually platforms will deny or create hurdles to combat efforts, think captchas and frequent re-authentication.
If anyone is interested in fingerprints: https://coveryourtracks.eff.org/
> Your browser fingerprint appears to be unique among the ~250,000 tested in the past 45 days.
>Currently, we estimate that your browser has a fingerprint that conveys at least < 17 bits of identifying information.
Basit bir tanımla çoğunluğa dahil olarak göz önünden kaybolmana yarayabiliyor. Web site sunucuları kullandığın cihazın ekran çözünürlüğüne kadar tanımlayabiliyor (Tor browser gibi konfigüre edilmiş tarayıcılar bu sebepten ötürü tam ekran değildir).
Bu linkten tarayıcını test edebilirsin. https://coveryourtracks.eff.org/
about the extentions, yeah too many, ublock origin is more than enough. best browser for me: brave, and it has very good adblocking capabilities even without ublock (personal experience), best results in cover your tracks (use this site too see how well you are protected). Firefox is good alternative though, but requires lot of time and tinkering to suit your needs. I would suggest to have Brave as your normal everyday browser with high quality protection and privacy, and use Tor Browser as a secondary browser for all the complete anonimity stuff.
> I've been trying out various anti-fingerprinting protections in Firefox under Windows 10 (eg NoScript) against the tester at https://coveryourtracks.eff.org.
Unfortunately you won't be successful by tweaking your browser for anti-fingerprinting, because of the statistical nature of this problem. In fact, the Tor browser design document states this as the most negative influence on your fingerprint. You always need a lot of users that share the same configuration.
> With firefox alone the tester says I'm giving away 17.5 bits. With the protections, that drops to 14 bits. I'd like to know how much effort it is worth putting into this fight as a ordinary internet user.
Don't rely on these numbers. They are based on a tiny and very biased subset of the browser population.
> (a) what is the fewest bits you can get?
There is no absolute limit. The lowest I have seen was 12.x
> (b) what is the fewest bits you can get and still have websites work OK? NoScript breaks such a high pcerentage of sites that it's not worth it to get from 17.5 to 14.
If you want somewhat reliable fingerprinting protection you need to use Tor browser on desktop. Alternatively you could use Brave browser, which doesn't provide as good privacy as Tor browser, but is on a good way.
On Android Bromite is a solid choice.
iPhones with Safari are one of the best choices, since each iPhone type forms a relatively homogeneous big crowd. In general the Apple world is quite good at this, because of the high selling numbers per device type and WebKit has additionally a few anti-fingerprinting protections built-in.
https://coveryourtracks.eff.org
This website doesn't even begin to use all available fingerprinting techniques, and even then I am unique every time. The only browser I've used where I haven't been unique has been Brave with no add-ons.
Okay so my friend has been banned like a million times and has learned how to evade ban so they never get caught. First, download brave make sure to block fingerprinting (strict NOT normal), trackers and ad blocking aggressive, and go into social media settings and unclick all the boxes (don't think it will effect reddit but it is good practice). Also, delete all your cookies and saved site data regularly (just good practice).
If you want extra privacy/ safety against ban use tor and route all your brave traffic through tor. You can do this by installing tor starting/enabling it then starting brave by doing running:
brave --proxy-server="https=socks5://127.0.0.1:9050;http=socks5://127.0.0.1:9050"
For windows users who want to use tor, nice try. Don't use windows. Download whatever popular distro you want, I like Manjaro XFCE since it is lightweight beautiful and is basically Arch with more stability and you don't have to spend a day just getting the OS to work. (DON'T DOWNLOAD UBUNTU PRIVACY ISSUES).
Privacy tip in general:
- Don't use Chrome use Brave. (don't listen to the stupid people claiming brave has privacy issues)
- Don't use google. Use searchX which uses google results but without any of the privacy issues.
- Don't use youtube use Invidous or Freetube which are front ends for Youtube without tracking.
- Don't use reddit use https://teddit.net/ which is a reddit front end with privacy no tracking.
- Use a disposable email address to sign up for reddit or use an alias.
Here is a good privacy tool list for an idea of what you should be using: https://privacytoolslist.com/
Use this to see how much websites can track you, so you can avoid making an account just to get banned: https://coveryourtracks.eff.org/
Also, the privacy subreddit has a pretty good wiki with a lot more info.
I think that browser fingerprints are a bigger threat to privacy than any of these aspects.
The concatenation of: user agent, time zone, language, screen size, etc. is usually unique, and known to the websites you're connecting to, so it's a pretty good way to track you.
You should check https://coveryourtracks.eff.org/
I don't think he needs to give a source. These things are all absolutely true. Check this site out. It's a good way to test your browser privacy. https://coveryourtracks.eff.org/
In 2011 it was found that 87% of the US population could be uniquely identified by using only your birthdate, gender, and zip code -- three variables that you were extremely unlikely to share with any other individual in the US. If you add more variables, you get finer and finer matches. Modern ad tracking companies boast that they have thousands of data points on everyone that they track.
Fingerprinting is basically the process of uniquely identifying an individual due to a collection of such variables. You, an anonymous visitor of a website, may be uniquely identified based on your operating system, screen resolution, fonts installed, browser plugins installed, and a bunch of other factors. Now, a lot of people might run Windows on a 1080p display with a default Google Chrome browser and default fonts, but there are so many variables at play that you're still likely to be uniquely identified. The Electronic Frontier Foundation runs a test website where you can see what your fingerprint looks like: https://coveryourtracks.eff.org/ and how unique you are compared to every single user that they've seen use that tool.
So with the keyboard API a website might detect you have an Apple keyboard layout based on the presence of the ⌘ key, and charge you higher prices because Apple users tend to pay more for things (as app developers who release on the Apple and Google Play Store have written about, often). Or they can detect a QWERTY vs. DVORAK layout, or a US vs. UK layout, or so on. It's yet another data point that can hone in their fingerprinting accuracy from 99.999% to 99.99999% maybe. They already have enough techniques up their sleeve that I'm not sure this right here actually makes a difference anymore.
> Many websites will break and that's why those add-ons allows to set specific configurations per website. Probably a good trade-off for internet browsing is the tor-browser. It works quite well, as far you are not logged into the website (otherwise it's pointless to use). I've been testing several browsers with this website: https://coveryourtracks.eff.org/, and the tor-browser so far gave me best performance. It's available in debian contrib.
Yes Tor is definitely more privacy respecting than most browsers, but be very careful with it since "bad onions" might exist.
Setting configurations to every website you visit might be feasible option, but i think it is not that convenient enough for shipping with a general use operating system, which points to the issue you refer in the first place.
> Regarding the connection, you can see it with netstat -tcp. I also have firefox configured with initial blank tabs
Tbh i still can't see it and found the reason for it, according to this post duckduckgo(?) search suggestions work with aws, and seems like i've turned off search suggestions for speed(i have atom cpu, tbh firefox barely works on it)
- Many websites will break and that's why those add-ons allows to set specific configurations per website. Probably a good trade-off for internet browsing is the tor-browser. It works quite well, as far you are not logged into the website (otherwise it's pointless to use). I've been testing several browsers with this website: https://coveryourtracks.eff.org/, and the tor-browser so far gave me best performance. It's available in debian contrib.
- Regarding the connection, you can see it with netstat -tcp. I also have firefox configured with initial blank tabs
- I'm glad that you agree with me on this (debian default install options)
A browser fingerprint is basically how identifiable your browser is to a website. It's kindof a combination of all your browser settings, fonts, languages, and it means that if your browser has a distinctive combination of those, you can be identifiable on sites that you visit as a specific user, although they might not have that much information other than those settings and that the user is you. This toolkit should help identify the level of tracking and fingerprinting protection on your browser. https://coveryourtracks.eff.org/
Chrome still doesn't share full vs windowed.
And for most people, they're using a standard sized screen or screens and it is going to make zero difference to their fingerprint.
https://coveryourtracks.eff.org/
For me on mobile there was 17 bits of identifying information that made me unique, and it actually had the screen res wrong I assume due to my mobile browser.
On desktop it was the same, it did not share if my window was full screen or not.
So yes it is a factor. It is just that it is such a massively minimal factor that it doesn't matter - assuming you do not ever change your window size then it'll always be the same anyway. Full screen or not.
And that is fair if that is your interest. This is literally what I do for a living, I'm a web application security engineer so I may be a bit hyper focused on it. Let me just leave you with this. First check out duckduckgo.com, and check out https://coveryourtracks.eff.org/ with different web browsers.
I couldn't find the list used to generate the file Bromite uses for blocking, but a test on the EFF's "cover your tracks" (formerly Panopticlick) claims Bromite has "strong" tracking protection: https://coveryourtracks.eff.org/
Cookies are not the only means by which to track a visitor to a website. Browser fingerprinting using request headers and javascript can identify the browser in the absence of a cookie providing a UUID.
Check the EFF demonstration here: https://coveryourtracks.eff.org/ that will tell you how unique your browser fingerprint is.
If you consent to your data being shared, then your data will be shared, cookies or no cookies.
If you refuse to consent to your data being shared, then your data might not be shared, depending on whether the site is actually compliant.
I am jumping into this in the middle, but you might find this web page interesting. It shows what a "browser fingerprint" consists of:
https://coveryourtracks.eff.org/
Also, take a look at what kinds of data Microsoft Location Services can use to identify you:
I think it's not 100% true because the IP is only a part of the mechanism.
You can have a heavy browser fingerprint and then even a shared IP won't do much to blend you with others.
​
You can test your browser to see what i'm talking about with some details.
I don’t know whether it’s the lightest, but I’ve found Brave to be very fast. Its anti-fingerprinting is the best I’ve tested using the EEF’s tool, and it’s open source. 64 bit only on Linux, however.
What sold me on Brave (other than the BAT), was it was the only browser I was able to find that passed the EFFs privacy test.
https://coveryourtracks.eff.org
All my other browsers leaked identifying information.
Regular browsing sessions usually include tracking cookies from multiple companies which work regardless of IP, and most VPN usually do nothing about it. Fingerprinting also works quite reliably while ignoring IP change and cookie blocking, a VPN can't do anything about it.
What website is this? Are you logged in to an account there? Even without cookies and real IP, fingerprints still carry enough information to link your browser with a previous visit. Not to mention your timezone usually can be linked to your country.
As I said, a VPN/proxy can't change user agent unless you allow it to do the very thing you don't want anyone to be able to do. Changing the user agent alone doesn't stop fingerprinting, just tell him to take a break from Reddit for a while.
To highlight it, your comment overall says why DNT doesn't work, but
> It's also a new setting, so the majority likely doesn't have it enabled, which means you stick out.
This part says why DNT actually help sites to track you: tracking is done by combining multiple data points from your browser (to build a "fingerprint") and the more data points you voluntarily offer, the easier to track you.
Since most people don't manually enable DNT, if you do that's a way to distinguish you from most other people. Combine this with other data about your browser, and you've got a fingerprint that uniquely identifies you.
This website is about this https://coveryourtracks.eff.org/ by clicking "test your browser" it gives a subset of your browser fingerprint (a subset because websites nowadays are very creative on discovering new ways to fingerprint you)
Most of the trade offs you get for privacy over ease of use, in my eyes, are worth it.
Never changed the DNS, and I certainly won't be changing it to Google's DNS. I wouldn't recommend that, either.
The browser blocking popups can, very rarely, get annoying but I prefer being given the option to show the popup rather than some garbage bloat showing up out of nowhere. I think the trade off in that sense is worth it.
The Brave Rewards thing is sort of cool for those who want to use it. I don't think you earn very much and I personally don't want to sell away my life for a few dollars but if you don't really care I don't see a reason to remove it for those people that do use this feature which I think the amount of people that do use it will suprise you.
​
Most browsers these days give zero sh*ts about your privacy which is why I like Brave. Most Browsers act like they are the safe, secure, and private options but mostly its a load of BS. Go to deviceinfo.me on Brave and compare it to Chrome or Firefox. Or better yet here to test the ability of a browser to fingerprint you. Brave is the only browser (other than TOR) I've ever used that properly resists fingerprinting. So any performance trade offs (which there seem to be almost none), or ease of use trade offs are well worth it.
That's true. But compare Browser fingerprinting on "https://coveryourtracks.eff.org/" with Brave and hardend Firefox and you'll see that brave does a better job than firefox (while also being faster and more secure because it's chromium-based).