Daily driving Mullvad Browser now, it’s Firefox based and has strong anti-fingerprinting and privacy defaults - it does break some sites though and is missing some QoL features but that’s the price you pay.
LibreWolf says I have “strong” protection but it also says I’m unique which I don’t understand. Like isn’t the objective to not be unique ? Or does it mean something is being randomised so I’m unique every time?
Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 1041.72 browsers have the same fingerprint as yours.
For comparison if I test in Firefox (configured as I was previously using) I get:
Your browser has a unique fingerprint
Your browser fingerprint appears to be unique among the 304,204 tested in the past 45 days.
“Strong” protection means that your browser is configured to protect against tracking, both come back as strong here, but as far as I can tell that doesn’t take into account tracking through fingerprinting. You’re right, you don’t want a unique fingerprint.
When you customise and add extensions to your browser, you add to its fingerprint so even privacy extensions can be counterproductive. The way Mullvad Browser works is that because it comes ready configured for privacy with various privacy extensions (including UBo) installed by default you don’t have to make changes. While this doesn’t give you a “common” fingerprint exactly (hence “only one in 1041.72 browsers”), it makes you look like all the other Mullvad Browsers so there’s safety in numbers. There are a few more nuances to it than that but that’s basically the idea, and it’s a balancing act, you could be less unique than that but you would need to make other compromises.
The catch is that you shouldn’t try to configure Mullvad Browser yourself since that negates the benefit; you have to be able to live with the browser as it is out of the box which may mean sacrificing some of your favourite extensions.
So, uh… I think you’re confidently incorrect on pretty much all of that.
When your browser requests a web page it doesn’t report what extensions you have installed. It does report plugins but those are not extensions. My report says about 66% of browsers have the same plugins as me.
Ad blockers are a special case. Your browser doesn’t tell the server you have Ubo installed but the server can detect an ad blocker if you’re not requesting additional advertising related resources.
Most of the other user end configurations aren’t really going to effect your fingerprint either.
It turns out that what I said earlier about intentional randomisation is correct. Firefox Resist Fingerprinting (RFP) which is enabled by LibreWolf randomises canvas results, so you’re going to be unique for each fingerprinting attempt. That’s just as good as being common.
In my own case, my biggest weakness is the fonts I have installed as reported by my browser. I might look into that.
Oh fair enough, I’ll re-examine some of that information. I don’t think I’m completely wrong. Advice on not installing extensions to avoid adding to the fingerprint comes from the official Mullvad FAQ. The philosophy of making all users look the same to blend in is something inherited from Tor Browser.
Mullvad also uses resist fingerprinting, yes canvas is unique every attempt. The EFF cover your tracks test doesn’t penalise you for it, if you’re coming up as unique there it’s not because of that (some tests out there do though and Mullvad fails them). Having a randomised canvas itself may count as one data point I guess.
Daily driving Mullvad Browser now, it’s Firefox based and has strong anti-fingerprinting and privacy defaults - it does break some sites though and is missing some QoL features but that’s the price you pay.
What results do you get on a fingerprint testing site like the eff one: https://coveryourtracks.eff.org/
LibreWolf says I have “strong” protection but it also says I’m unique which I don’t understand. Like isn’t the objective to not be unique ? Or does it mean something is being randomised so I’m unique every time?
Mullvad Browser:
For comparison if I test in Firefox (configured as I was previously using) I get:
“Strong” protection means that your browser is configured to protect against tracking, both come back as strong here, but as far as I can tell that doesn’t take into account tracking through fingerprinting. You’re right, you don’t want a unique fingerprint.
When you customise and add extensions to your browser, you add to its fingerprint so even privacy extensions can be counterproductive. The way Mullvad Browser works is that because it comes ready configured for privacy with various privacy extensions (including UBo) installed by default you don’t have to make changes. While this doesn’t give you a “common” fingerprint exactly (hence “only one in 1041.72 browsers”), it makes you look like all the other Mullvad Browsers so there’s safety in numbers. There are a few more nuances to it than that but that’s basically the idea, and it’s a balancing act, you could be less unique than that but you would need to make other compromises.
The catch is that you shouldn’t try to configure Mullvad Browser yourself since that negates the benefit; you have to be able to live with the browser as it is out of the box which may mean sacrificing some of your favourite extensions.
So, uh… I think you’re confidently incorrect on pretty much all of that.
When your browser requests a web page it doesn’t report what extensions you have installed. It does report plugins but those are not extensions. My report says about 66% of browsers have the same plugins as me.
Ad blockers are a special case. Your browser doesn’t tell the server you have Ubo installed but the server can detect an ad blocker if you’re not requesting additional advertising related resources.
Most of the other user end configurations aren’t really going to effect your fingerprint either.
It turns out that what I said earlier about intentional randomisation is correct. Firefox Resist Fingerprinting (RFP) which is enabled by LibreWolf randomises canvas results, so you’re going to be unique for each fingerprinting attempt. That’s just as good as being common.
In my own case, my biggest weakness is the fonts I have installed as reported by my browser. I might look into that.
Oh fair enough, I’ll re-examine some of that information. I don’t think I’m completely wrong. Advice on not installing extensions to avoid adding to the fingerprint comes from the official Mullvad FAQ. The philosophy of making all users look the same to blend in is something inherited from Tor Browser.
Mullvad also uses resist fingerprinting, yes canvas is unique every attempt. The EFF cover your tracks test doesn’t penalise you for it, if you’re coming up as unique there it’s not because of that (some tests out there do though and Mullvad fails them). Having a randomised canvas itself may count as one data point I guess.
Oh cool, I had just assumed that it was Chromium-based when I first heard about it, simply because that’s what most of them are.