> your browser shares a surprising amount of information, like your screen resolution, time zone, device model and more. When combined, these details create a “fingerprint” that’s often unique to your browser. Unlike cookies — which users can delete or block — fingerprinting is much harder to detect or prevent.
Ironically, the more fine tuned and hardened your device, OS, and browser are for security and privacy, the worse your fingerprint liability becomes.
more idle thoughts - it's strange and disappointing that in the vast space and history of FOSS tools, a proper open source browser never took off. I suppose monopolizing from the start was too lucrative to let it be free. Yet there really is little recourse for privacy enthusiasts. I've entertained the idea of using my own scraper, so I can access the web offline, though seems like more trouble than its worth.
That's... not accurate at all. Firefox was extremely popular at one point, and completely ate the lunch of everything else out there. (And then Google used anticompetitive practices to squash it, but that came later.)
> then Google used anticompetitive practices to squash it
Not exactly. Apple happened.
Every "web designer" had to work on a macbook to be different like every one else. And firefox had dismal performances on those macbooks so said designers turned to the only browser with good tools and good enough performances: Chrome.
Next time you're told "performances don't matter", remember how it can be a differentiating feature and could cost you your market share.
All the front-end devs I knew at the time switched to Macbooks after the Intel switch, because you could get a Unix-based machine that could run Safari and Firefox natively, and Internet Explorer in a VM. Chrome wasn’t even released at that point.
Google didn't use anticompetitive practices to squash it. They just made a better browser. When Chrome came out it was significantly better than Firefox. That's why people switched.
To be honest it's still better (at least if you ignore the manifest V3 nonsense).
I think it's pretty debatable that Chrome is currently better, but you're definitely correct. When Chrome first debuted (and for years afterwards) it was clearly superior to Firefox.
> Ironically, the more fine tuned and hardened your device, OS, and browser are for security and privacy, the worse your fingerprint liability becomes.
1. You could (however, I doubt the effectiveness) use something like brave which tries to randomize your fingerprint.
2. You could "blend in with the crowd" and use tor.
2. is almost immediately fingerprintable even with JS enabled. 0.00% similarity for canvas, 0.09% similarity for font list, 0.39% for "Navigator properties", 0.57% for useragent. with JS disabled (best practices for tor) it's even worse. maybe this works for windows users?
(debian, latest tor browser 14.5.3, no modifications)
if there's 0.00% similarity for canvas, then I think there would be some issue with the letterboxing. You shouldn't resize your tor window from 1400x900. Tor pretends it's windows, so I don't know why it would do that for the useragent.
I've always used it inside of whonix, and when I tested it, it seemed like everything was fine.
When you disable js you need to do so by setting tor to Safest.
The font list should be spoofed by tor?
Anyway, you can fix all of that just by using whonix and setting tor to safest.
What's surprising is that, over time, Firefox has done virtually nothing to reduce the impact of fingerprinting.
Why on earth are we, in 2025, still sending overly detailed User Agent strings? Mozilla/5.0 (X11; Linux x86_64; rv:139.0) Gecko/20100101 Firefox/139.0 .... There are zero legitimate reasons for websites to know I'm running X11 on x86_64 Linux. Zero.
Why are Refer(r)ers still on by default?
Why can JS be used to enumerate the list of fonts I have installed on my system?
We need way more granular permission controls, and more sensible defaults. There are plugins to achieve this, but that's a big hassle.
Because the users of web browsers expect compatibility. If one vendor unilaterally decides to stop supporting some browser APIs, the result isn't better privacy. The result is that people switch to other browsers.
If you have Firefox with "resist fingerprinting" enabled then you are feeding it some dummy data. People worry about the fact that this might make you "unique," but fail to grasp that if you look differently unique every time you're not necessarily identifiable.
I think its matter of "least common denominator" as in the sum of all fields will surely be unique, but what's the _minimum_ number of fields needed to isolate one user? You can download the JSON from each test and compare the diffs yourself - there's a lot of noise from "cpt" and "ratio" fields, but some that stand out are "referer" and "cookie" fields as well as a few SSL attributes. Not sure if controlling for those is all it takes to de-anonymize, but either way it's not great.
FOSS is a flexible term but carries the connotation of community ownership, and therefore independence from for-profit interests. That was an original selling point of FF, and to this day the user base is mainly comprised of individuals (who were at one point or another) seeking free and open alternatives. Sadly Mozilla as an organization has made increasingly user hostile decisions (deals with Google, recent changes in privacy policy, some telemetry on by default) and FF no longer lives up to the original promise. But yes, thanks to the code being open source there are off-shoots like LibreWolf and WaterFox that may be worthwhile (I haven't vetted them) but its the same dilemma as with chrome, the upstream code is captured and controlled by an organization that I don't trust to respect user privacy.
> FOSS is a flexible term but carries the connotation of community ownership, and therefore independence from for-profit interests.
That's certainly not true. Unless Red Hat, MongoDB, Chef, etc. are not open source.
While I love to believe that the FOSS world is an anarchist utopia that believes in wellbeing for all, I think there are plenty of profit driven people there. They just don't sell access to the code/software.
At one point, Firefox (3.5 specifically) was #1, for a brief moment:
> Between mid-December 2009 and February 2010, Firefox 3.5 was the most popular browser (when counting individual browser versions) according to StatCounter, and as of February 2010 was one of the top 3 browser versions according to Net Applications. Both milestones involved passing Internet Explorer 7, which previously held the No. 1 and No. 3 spots in popularity according to StatCounter and Net Applications, respectively - https://en.wikipedia.org/wiki/Firefox_3.5
Then Chrome appeared and flattened both IE and Firefox.
> your browser shares a surprising amount of information, like your screen resolution, time zone, device model and more. When combined, these details create a “fingerprint” that’s often unique to your browser. Unlike cookies — which users can delete or block — fingerprinting is much harder to detect or prevent.
Ironically, the more fine tuned and hardened your device, OS, and browser are for security and privacy, the worse your fingerprint liability becomes.
more idle thoughts - it's strange and disappointing that in the vast space and history of FOSS tools, a proper open source browser never took off. I suppose monopolizing from the start was too lucrative to let it be free. Yet there really is little recourse for privacy enthusiasts. I've entertained the idea of using my own scraper, so I can access the web offline, though seems like more trouble than its worth.