[bagsvaerd70]

Do you have a recommended setup to tackle fingerprinting?

I'm using a VPN + ublock origin + https everywhere + temporary containers + don't track me google + chameleon + canvas blocker + custom user.js (that disables e.g. webgl).

It's pretty good to address many tracking methods (e.g. cookies, IP) but fingerprinting is remarkably hard to prevent.

[Santosh83]

Disabling Javascript kills fingerprinting in the womb. Enable only for trusted sites as needed.

[freedomben]

This 100%. It will also make your web experience a lot better because so much of the javascript out there just does things you don't want anyway, such as loading ads and displaying popups.

If you are a web developer or are familiar with web terminology like origins, domains, frames, XHR, etc on the web, and are willing to put in some time learning how to use it (15 mins for a seasoned web dev, maybe 30-60 mins otherwise) get uMatrix (https://github.com/gorhill/uMatrix). It will change your life! If not, use ScriptBlock on Chrome or NoScript on Firefox. Block all scripts (and if using uMatrix, cookies, XHR, and frames) by default and whitelist as you go for sites you trust (or want to use bad enough to potentially open yourself up for tracking).

[username223]

> so much of the javascript out there just does things you don't want

JavaScript developers should ask themselves if they want JS to become the popup of the 2010s: initially well-intentioned, shamelessly abused, universally loathed, and ultimately killed.

[bagsvaerd70]

Thanks. Care to share a uMatrix setup that reports a non-unique fingerprint on https://panopticlick.eff.org ?

[Drdrdrq]

I think the point is not that the core domain can't fingerprint you, it is that 3rd party JavaScript is blocked by default, which makes those domains less likely to track you. Not impossible, just less likely. For example there is almost never any reason to allow Google Analytics JS.

[freedomben]

Agreed. If you take the default uMatrix setup, change javascript to be disabled, then just whitelist as you go, you'll pass most of those tests and be pretty tracker-resistant.

My suspicion is that fingerprinting by the core domain will actually get worse since your browser behaves so differently from stock browsers (which is after all the point of uMatrix :-) ). The majority of trackers tho will be third party (such as Google analytics). Very few sites roll their own trackers because it's hard to get right, and some great ones like GA is free. For those that do, I'm not too worried anyway, but that's certainly just a personal thing.

[kevin_thibedeau]

It doesn't prevent all tracking. You still leak uniquely identifying info via cookies, headers, and IP.

[intrasight]

May as well just go buy physical newspapers and magazines then since few web sites today work without javascipt

[0xADEADBEE]

I've been blocking JS for the last 6 months or so and I've found it to be a greatly improved experience overall. I can enable at the click of a button JS for a website that fails to load properly but the majority of sites I view are fine without this. It was refreshing to learn that not as many websites as I suspected are JS abominations!

[freedomben]

My experience exactly. Everyone said "don't do it, most sites need js!" but it isn't true. SPAs are certainly out there, but not nearly as common as you'd think (I most thank SEO for that since only recently would Google crawl a client-side rendered page). Will it be a seamless experience? No, definitely not, but I agree, overall it's an improvement.

[intrasight]

I do have Firefox set to noscript. When things don't display, I copy the URL to Chrome where I don't have it so locked down. But I've been dismayed to see over the last year that a lot of sites that used to be usable no longer are.

[newnewpdro]

That's funny, I consume an unhealthy amount of news via the web in a noscript browser having nothing whitelisted.

[blfr]

I don't. The only one I know is using Tor Browser without any customization, without even changing the windows size, because it makes you look like every other Tor Browser user.

However, it comes with a fairly long list of downsides: less secure than Chrome, less secure than even Firefox it's based on because it's not updated as often and quickly, and you MITM yourself by default, and it's slow, it doesn't block ads... The price to pay is steep.

[crtasm]

It's fast enough to be my main browser and plays e.g. YouTube at lower resolutions fine. I chose to install ublock origin, makes me stand out more from other users but I'm on Linux which is now revealed directly in the useragent string so I decided it wasn't a concern for me as I'm already not in the larger group of Windows users.