[KronisLV]

> To use a VPN correctly wouldn't have to use a fresh OS and absolutely not login to any accounts connected to the IP you are trying to hide?

Even then fingerprinting would still present an issue, even without explicitly logging in, with most browsers.

For example: https://coveryourtracks.eff.org/

Also have a look at this: https://www.amiunique.org/

So you might need to have a browser that lies and presents configuration information that is common enough not to be unique, probably an OS inside of a VM might be one of the possible starting points. Outright denying access to some of that might actually help identify you, but pretending to be a common setup might not even work that well.

I'm frankly not sure whether privacy on the web is even truly possible nowadays, at least without a lot of effort. Even with a VPN, I treat the web as something that is more or less "spying" on me regardless, in the metadata collection and storage sense.

[wing-_-nuts]

And if you do go out of your way to avoid fingerprinting, get ready for endless captcha prompts, automatic shadowbanning, etc as punishment

[swapfile]

>automatic shadowbanning

Yes that seems to be the case here on Hacker News as well as it seems like my submissions and comments don't show up unless I'm logged in. Let's see about this one.

[kevviiinn]

I see your comment just fine but iirc accounts with few posts might show up as dead

[ranger_danger]

Ever used creepjs? It's literally impossible to escape fingerprinting that actually works now. Also if you use not-Windows, no browser currently properly spoofs its javascript OS value, especially if queried within a WebWorker, so that alone makes you stand out way more just by not using Windows, at least until browsers make a way to spoof that too.

And the people that say "just disable CSS/JS"... guess what? Almost nobody does that, which makes you stand out even more!

[autoexec]

> So you might need to have a browser that lies and presents configuration information that is common enough not to be unique,

there are so many ways to fingerprint a user that trying to blend in with the crowd is pointless. If anything, it's better to have your browser present a unique fingerprint that regularly changes than to have to pray that you've somehow managed to avoid every single thing that could possibly flag you individually.

[jenadine]

I believe the "a fresh OS" makes fingerprinting useless.

[akyuu]

Not really. Modern web browsers expose a lot of information, such as your language, time zone, screen resolution, CPU and GPU details (number of cores, vendor, model...), etc. There's even <canvas> fingerprint which depends on your GPU driver version.

If you use a custom built desktop computer, you're going to have a pretty unique browser fingerprint because few people will use the same exact hardware configuration. On the other hand, if you use Apple hardware you'll look the same as other Mac/iPhone users. The other option is to use Tor Browser or Tails OS, but I don't think that's feasible for everyday browsing.

As other people have said, it's suprisingly difficult to have privacy on everyday browsing today. Personally, I blame Google. I believe they purposefully pushed modern web standards into maximum user data exposure for their own profit.

[steve1977]

So, one could think a solution would be to not use modern browsers. But then this alone makes you stand out again I guess.

Maybe VPNs should start to offer “browser anonymization” as a service.

[akyuu]

That's also surprisingly hard. Even assuming that every feature you need will work (which won't probably be the case), many popular websites as well as nearly all banking/shopping sites are behind Cloudflare, captchas or something else that doesn't like non-standard browsers at all. You will be automatically flagged as a suspicious user or a bot and will be prevented from accessing the site or be presented with tons of captchas. Google won't even let you access your account or Gmail.

At least that's been my experience. In fact, I've even encountered problems while using Chromium and Firefox on Linux, just because some sites didn't like the user agent.

In short, to use the modern web you need a modern browser, and modern browsers are very leaky and fingerprintable by design.

> Maybe VPNs should start to offer “browser anonymization” as a service.

The problem is that they'd need to render the website server-side and then serve it to you. That has their own problems, as the VPN provider now has total control of all web content you see.

That already exists, by the way: https://www.puffin.com/secure-browser

I'd say the most realistic options to avoid browser fingerprinting is either using Apple hardware or sandboxing the browser inside a virtual machine. And it's better to use Chrome because it has the most users by a large margin. Firefox, Brave and the new Mullvad browser do implement some anti-fingerprint mitigations, but they have few users so you'll stick out more.