|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 56,751
|
How to help protect against browser tracking/fingerprinting
https://panopticlick.eff.org/about#defend-against
Quote:
Is it possible to defend against browser fingerprinting?
Browser fingerprinting is quite a powerful method of tracking users around the Internet. There are some defensive measures that can be taken with existing browsers, but none of them are ideal. In practice, the most realistic protection is using the Tor Browser, which has put a lot of effort into reducing browser fingerprintability. For day-to-day use, the best options are to run tools like Privacy Badger or Disconnect that will block some (but unfortunately not all) of the domains that try to perform fingerprinting, and/or to use a tool like NoScript for Firefox, which greatly reduces the amount of data available to fingerprinters.
Use the Tor Browser
The Tor Project has spent considerable effort trying to "standardize" various browser characteristics like the User Agent string, in order to prevent them from being used to track Tor users. In response to Panopticlick and other fingerprinting experiments, the Tor Browser now includes patches to prevent font fingerprinting (by restricting which fonts websites can use) and Canvas fingerprinting (by detecting reads to HTML5 Canvas objects and asking users to approve them). The Tor Browser can also be configured to aggressively block JavaScript. Taken together, these measures make the Tor Browser a strong defense against fingerprinting. Unfortunately, browsing through Tor is currently a lot slower than browsing without it.
Disable JavaScript
Disabling JavaScript is a powerful defense against browser fingerprinting, because it cuts off the methods that websites can use to detect plugins and fonts, as well as preventing the use of most kinds of supercookie. Unfortunately, JavaScript is necessary to make a lot of sites work well.
At least two ways to block some sites from using JavaScript while allowing others to use it are available. One, NoScript, is more of a power-user tool than a solution for everyone: it will block JavaScript everywhere and allow you to manually reenable it for some sites. This is a lot of work, and requires good intuitions about when a site isn't working because JavaScript is disabled. Common adblocking tools tend to be quite good at blocking ads, because users can instantly see when they're present. Tracking or fingerprinting scripts are generally invisible, so even if users enable features that focus on privacy, some trackers may still slip past the net.
Try to use a "non-rare" browser
The most obvious way to try to prevent browser fingerprinting is to pick a "standard", "common" browser. It turns out that this is surprisingly hard to do. It appears that the most likely candidate would be the latest version of Chrome running on a modern Windows version. But even so, many of those Chrome on Windows browsers can be distinguished from one another by the enormous range of plugin versions and fonts that can be installed with them. The first generations of smartphone browsers were comparatively hard to fingerprint, but as these devices have become more diverse and supported wider ranges of features, they have also become very fingerprintable.
|
I think other than using TOR with no javascript, you're probably screwed unless you just don't get on the 'Net.
__________________
Steve
'08 Boxster RS60 Spyder #0099/1960
- never named a car before, but this is Charlotte.
'88 targa  SOLD 2004 - gone but not forgotten
|
10-25-2019, 12:56 PM
|
|