[KirinDave]

None of this stops browser fingerprinting completely. Browser fingerprints can be extracted from just using canvas calls.

[gsnedders]

Browser fingerprints can be largely extracted from fairly fundamental JS DOM/CSSOM APIs, you don't need to get into anything nearly as easily-disabled as canvas. (For one, start by measuring metrics of a list of several hundred fonts to detect their presence: that's just simple CSSOM operations.)

[KirinDave]

I'm not sure what the state of the art is, but I know canvas calls offer very rich fingerprints that almost no one disables.

But this was more concerning the "webgl" disabled bit.

[nikcub]

Well, the act of using Chrome itself on Tor is many bits towards a unique fingerprint

WebRTC is because of IP leaks via peer connections

We really need a build of chromium that removes the fancier web tech and integrates privacy features of Tor BB

Its just a lot of work to maintain - but a fork of chromium that is a little behind upstream is safer than FF

[chopin]

But this can largely mitigated by switching off Javascript. I am not sure whether this is possible in Chrome, in Firefox that is easy. This might be one of the reasons that the Tor browser bundle uses Firefox over Chrome.

[hubert123]

I dont really understand the issue with browser fingerprinting. Yes in theory it can uniquely identify you but only if your browser fingerprint never changes. Everytime I go to one of these "are you unique?" websites, I am a new guy to them.

[KirinDave]

Many aspects of your computer end up in browser fingerprinting. So even if you do end up using multiple browsers temporal coupling and secondary signals may let observers make a (low-confidence) link to you.

[hubert123]

I am not talking about multiple browsers. I use the same browser all day and my fingerprint still changes constantly, for many obvious reasons. The browser updates itself, I add extensions, etc. So browser fingerprinting seems like a really bad way to identify people uniquely. Using multiple different browsers just adds to that even more.

[jacquesm]

It appears that you do not understand the basics of how this works: even if the print changes in an absolute sense what does not change is that many bits from one print to another are constant. Those are the bits that matter, and if there are enough of them then they can be used to track you across sessions, even across session using Tor and sessions not using Tor.

Tie that all together and it may very well be possible to tie an upload using the Tor network to a particular user visiting some random website at a later date.

You're leaking bits all the time and not all that many of them are required to uniquely identify you.

See https://33bits.org/ for an easy to consume introduction.

[hubert123]

Okay I see, so somebody has to keep a massive database of all the fingerprints and constantly keep trying to cross reference every browserprint with every other browserprint. Doesnt seem like an exact science but I get that it's technically possible to find some matches.

[AtomicOrbital]

If you spin up a new docker container on a server hosting provider and run your desktop from there your browser is untainted fresh each session so no fingerprints