Google can’t fingerprint you very well if you block all scripts from Google.
Considering how few people block all scripts, this could also make it trivial for them to fingerprint you.
plus Random User Agent.
Random User Agent.
I love this.
Yeah, I have an anti fingerprint extension installed in Firefox, and immediately no Google site will work anymore, all google sessions break with it while most other sites just continue to work.
I’m working to rid myself completely from Google, my target being that I will completely DNS block all google (and Microsoft and Facebook) domains within a year or so. Wish I could do it faster but I only have a few hours per weekend for this
Mind sharing what extension you use?
Hi, here are the extensions I use in FireFox/Librewolf (all will work in Chromium too, but I don’t recommend Chromium browsers):
Privacy and Security-focused
uBlock Origin: A lightweight and efficient wide-spectrum content blocker.
Decentraleyes: Protects you from tracking through free, centralized content delivery. (not recommended alongside uBlock Origin; see the reply below)
CanvasBlocker: Protects your privacy by preventing websites from fingerprinting you using the Canvas API.
Ghostery Tracker & Ad Blocker - Privacy AdBlock: Blocks trackers and ads to protect your privacy and speed up browsing. Also has a handy feature that automatically rejects cookies for you. (not recommended alongside uBlock Origin; see the reply below. You can disable the ad blocking functionality and keep the cookie rejection function).
KeePassXC-Browser: Integrates KeePassXC password manager with your browser.
NoScript: Blocks JavaScript, Flash, and other executable content to protect against XSS and other web-based attacks (note: you will be required to manually activate javascript on each web page that you visit, but this is a good practice that you should get used to).
Privacy Badger: Automatically learns to block trackers based on their behavior. (not recommended alongside uBlock Origin; see the reply below)
User-Agent Switcher and Manager: Allows you to spoof your browser’s user-agent string (avoid creating a unique configuration; opt for something common, such as Chrome on Windows 10).
Violentmonkey: A user script manager for running custom scripts on websites (allows you to execute your own JavaScript code, usually to modify how a website behaves or block behavior that you don’t like. VERY useful. Check out greasyfork for UserScripts).
Other useful extensions (non-privacy/security)
Firefox Translations: Provides on-demand translation of web pages directly within Firefox.
Flagfox: Displays a flag depicting the location of the current website’s server.
xBrowserSync: Syncs your browser data (bookmarks, passwords, etc.) across devices with end-to-end encryption.
Plasma Integration: Integrates Firefox with the KDE Plasma desktop environment (for linux users).
Thanks for the list! Although most of the time it’s advised to not use multiple adblocker in tandem, because they might conflict with each other and get detected by the website. For example, uBlock origin has, in its settings, an option to disable JavaScript and in the filter list, an option to block cookie banners “Cookie notices”. But if all of these work for you that’s great!
Time for a user agent switcher. Like “Yeah, I swear, I’m a PS5, that has only monospaced comic sans insrelled”
Jokes aside, keep in mind that the idea of fingerprinting is that your computer’s configuration is as unique as a fingerprint (e.g., your monitor is x resolution, you are on this operating system, you are using these following extensions in this browser, you have these fonts on your system).
Setting your user agent to something super unique is basically shining a spotlight on yourself.
It’s way worse than that.
Even if you somehow magically have the same settings as everyone else, you’re mouse movement will still be unique.
You can even render something on a canvas out of view and depending on your GPU, your graphics driver, etc the text will look different…
There is no real way to escape fingerprinting.
I have a novice coding question using the mouse tracking as an example: Is it possible to intercept and replace mouse tracking data with generic inputs? For example, could you implement an overlay that blocks mouse interactions, and instead of physically clicking on elements, send a direct packet to the application to simulate selecting those elements?
Yes, it’s possible. That’s the way a lot of automated web UI testing tools work. The problem with doing it during normal browser use is that your intentional actions with the real mouse wouldn’t work right, or the page would start acting like you clicked on things you didn’t click on.
Fingerprinting unfortunately uses more than useragent strings. It takes hashes of data in your browser from a javascript context that is not easily masked or removed. For example, it might render a gradient of colors projected onto a curved 3d plane. The specific result of this will create a unique hash for your GPU. They can also approximate your geolocation by abusing the time-to-live information within a TCP packet, which is something you can’t control on the clientside at all. If you TRULY want to avoid tracking by google, you need to block google domains in your hosts file and maybe consider disabling javascript on all sites by default until you trust them. Also don’t use google.
How must it feel being clever enough to come up with these ideas and then implement them for companies invading everyones privacy for advertisement revenue and malicious information serving or stealing.
I guess they sleep soundly on a fat bank account.
So I guess for Firefox users it’s time to enable the resist fingerprinting option ? https://support.mozilla.org/en-US/kb/resist-fingerprinting
You can also use canvas blocker add-on.
Use their containers (firefox multi-account container add-on) feature and make a google container so that all google domains go to that container.
If you want to get crazy, in either set in about:config or make yourself a user.is file in your Firefox profile directory and eliminate all communication with google. And some other privacy tweaks below.
google shit and some extra privacy/security settings
Google domains and services:
user_pref(“browser.safebrowsing.allowOverride”, false);
user_pref(“browser.safebrowsing.blockedURIs.enabled”, false);
user_pref(“browser.safebrowsing.downloads.enabled”, false);
user_pref(“browser.safebrowsing.downloads.remote.block_dangerous”, false);
user_pref(“browser.safebrowsing.downloads.remote.block_dangerous_host”, false);
user_pref(“browser.safebrowsing.downloads.remote.block_potentially_unwanted”, false):
user_pref(“browser.safebrowsing.downloads.remote.block_uncommon”, false);
user_pref(“browser.safebrowsing.downloads.remote.enabled”, false);
user_pref(“browser.safebrowsing.downloads.remote.url”, “”);
user_pref(“browser.safebrowsing.malware.enabled”, false);
user_pref(“browser.safebrowsing.phishing.enabled”, false);
user_pref(“browser.safebrowsing.provider.google.advisoryName”, “”);
user_pref(“browser.safebrowsing.provider.google.advisoryURL”, “”);
user_pref(“browser.safebrowsing.provider.google.gethashURL”, “”);
user_pref(“browser.safebrowsing.provider.google.lists”, “”);
user_pref(“browser.safebrowsing.provider.google.reportURL”, “”);
user_pref(“browser.safebrowsing.provider.google.updateURL”, “”);
user_pref(“browser.safebrowsing.provider.google4.advisoryName”, “”);
user_pref(“browser.safebrowsing.provider.google4.advisoryURL”, “”);
user_pref(“browser.safebrowsing.provider.google4.dataSharingURL”, “”);
user_pref(“browser.safebrowsing.provider.google4.gethashURL”, “”);
user_pref(“browser.safebrowsing.provider.google4.lists”, “”);
user_pref(“browser.safebrowsing.provider.google4.pver”, “”);
user_pref(“browser.safebrowsing.provider.google4.reportURL”, “”);
user_pref(“browser.safebrowsing.provider.google4.updateURL”, “”);Privacy and security stuff:
user_pref(“dom.push.enabled”, false);
user_pref(“dom.push.connection.enabled”, false);user_pref(“layout.css.visited_links_enabled”, false);
user_pref(“media.navigator.enabled”, false);user_pref(“network.proxy.allow_bypass”, false);
user_pref(“network.proxy.failover_direct”, false);
user_pref(“network.http.referer.spoofSource”, true);user_pref(“security.ssl.disable_session_identifiers”, true);
user_pref(“security.ssl.enable_false_start”, false);
user_pref(“security.ssl.treat_unsafe_negotiation_as_broken”, true);
user_pref(“security.tls.enable_0rtt_data”, false);user_pref(“privacy.partition.network_state.connection_with_proxy”, true);
user_pref(“privacy.resistFingerprinting”, true);
user_pref(“privacy.resistFingerprinting.block_mozAddonManager”, true);
user_pref(“privacy.resistFingerprinting.letterboxing”, true);
user_pref(“privacy.resistFingerprinting.randomization.daily_reset.enabled”, true);
user_pref(“privacy.resistFingerprinting.randomization.enabled”, true);user_pref(“screenshots.browser.component.enabled”, false);
user_pref(“privacy.spoof_english”, 2);
user_pref(“webgl.enable-debug-renderer-info”, false); user_pref(“webgl.enable-renderer-query”, false);
This is why I like Lemmy, never knew canvas blocker was a thing. Thank you.
Or you just switch to LibreWolf where all these settings are already set. It even comes with uBlock preinstalled.
Does ublock do this?
No
