←back to thread

Hardening Firefox – a checklist for improved browser privacy

(andrewmarder.net)
263 points amarder | 7 comments | 30 Aug 25 11:26 UTC | HN request time: 0.624s | source | bottom
1. nilslindemann ◴[31 Aug 25 02:58 UTC] No.45079958[source]
Notice, if you have all these settings enabled, you can still be fingerprinted. Test here:

https://fingerprint.com/

In my tests only Tor was able to prevent that, but using Tor will give you bad rankings on payment sites like PayPal, you may even get banned there.

I learned this from here:

https://news.ycombinator.com/item?id=35243355

That site is now black, surely a coincidence. Here the archive.org link:

https://web.archive.org/web/20250801173508/https://www.bites...

Have a local copy.

replies(4): >>45080663 #>>45081278 #>>45082430 #>>45082895 #
2. 4gotunameagain ◴[31 Aug 25 05:48 UTC] No.45080663[source]
https://amiunique.org/ is scary.
3. LeoPanthera ◴[31 Aug 25 07:49 UTC] No.45081278[source]
> fingerprint dot com

Is this an ad? Of all the things I was expecting to see when I clicked that, "Contact Sales" was not one of them.

replies(1): >>45082073 #
4. styanax ◴[31 Aug 25 10:31 UTC] No.45082073[source]
Use the EFF version, it's been around a long time: https://coveryourtracks.eff.org/
5. mzajc ◴[31 Aug 25 11:42 UTC] No.45082430[source]
AFAIK none of these check for changing fingerprints. Your browser could report a very unique screen resolution, but could be configured to change it periodically. How much does that fool fingerprinting algorithms?
replies(1): >>45083000 #
6. neandrake ◴[31 Aug 25 13:11 UTC] No.45082895[source]
Looks like the source to Bitestring's blog is still up, maybe domain registration just lapsed?

https://github.com/bitestring/bitestring.github.io/blob/main...

7. nilslindemann ◴[31 Aug 25 13:25 UTC] No.45083000[source]
I guess it would, but the problem of getting "bad karma" points on payment processors, etc. remains.

Further, this is not the only form of fingerprinting, there is also e.g. TLS fingerprinting [1].

Programmers should tell people that browsers and the internet are not private, and that everyone who claims otherwise does not tell the truth.

There should be more discussions between people more skilled than me, if and how such methods can be prevented. And that should be documented well. Including how to prevent getting blocked on sites.

A creative attempt would be when millions or billions of users have a software (self chosen!) which randomly visits sites, when the computer is not busy. This would not prevent fingerprinting, but the collected data would be useless (Someone in the other thread suggested that).

Another method would be to declare it illegal and require workers to report such methods to the authorities.

[1] https://roundproxies.com/blog/what-is-tls-fingerprint/