Google (and Facebook, alas) have passed the point where they need anything from your browser. Just the fact that you're blocking their scripts is a beacon identifying you. There's ways your activity can be fingerprinted indirectly, especially if your OS is Linux.

To identify you all they need is the cooperation of the websites you visit; not for the sites to serve up tracking scripts, just the back end analytics will do.

Are there anonymizer sites that pool their subscribers' activities, mixing in fake stuff, to defeat this?

Sent from my VFD 822 using Tapatalk

Might not a VPN give you enough anonymity?

No, that hides your just IP address, but HTML let's sites find out lots of info about the browser and OS, their versions and configuration, what extensions and fonts are installed, and of course the cookies left on previous visits.

There are browser extensions that try to fake a lot of that, but they break lots of sites. And the pattern of script blocking is revealing, as I mentioned above. Even your time zone, as indicated by when you're active, might be revealing (it is for me, how many Linux users are in UTC+13?).

Firefox claims to be taking measures against fingerprinting, but I don't understand how they can achieve anything.

A VPN service that frequently switches the exit server at random could help, I suppose, but it would have to be combined with other measures I imagine.

Sent from my VFD 822 using Tapatalk

What's your viewpoint on TOR? It has disadvantages, such as slower speed, but I could accept that for occasional uses.
I'm also not sure it provides sufficient anonymity.

As far as I know Tor is pretty good in hiding your IP-address. But you should have JavaScript disabled, because with JavaScript enabled the chance to identify you grows. So a lot of sites won't work (completely) in Tor. Here's a discussion about it: https://forums.whonix.org/t/how-dang...ascipt/8194/18

If you want to see what your browser sends, and how it is possible to identify your browser as unique among the billions of browsers in use, you can do this test:
https://coveryourtracks.eff.org/
Or this one:
https://privacy.net/analyzer/
Or https://www.nirsoft.net/show_my_ip_address.php
The results from these tests are for a lot of people pretty shocking...

It's virtually impossible to protect you completely against this kind of fingerprinting. A website needs to know, for example, the size of the screen, and what fonts are installed. Some browser are starting to block some information, like geographical information, but you can't block too much, or a site simply won't render anymore. The combination of all this kind of information make your browser (almost) unique.

Another way of tracking somebody is via the cache. To render a site quicker, images etc. are stored in the cache of the browser. If the image has to be rendered again, the browser gets it from the cache. Much quicker then again downloading it. This also can be used to track you:
https://lucb1e.com/randomprojects/cookielesscookies/
Firefox and Chrome are recently blocking this kind of tracking by using a separate cache for every site. But this makes sites slower, because for example something like jQuery is used on a lot of sites, and has to be downloaded now for every site separately (if I've understood well how it works...)

Firefox block fingerprinting (if you enable that) by simply blocking sites that are known to track users by fingerprinting (the combination of all that information the browser sends). But some sites stop working if you block fingerprinting. It's a pretty primitive way of blocking, because it's simply a list of IP's that are blocked from connecting.

I'm absolutely no expert in this area, but my personal opinion is you simply can't be completely sure you're anonym.
A lot of (heavy) criminals in The Netherlands used some app to communicate. Completely encrypted etc. Police had hacked the server (or something like that) and they could listen to everything they said or wrote for about half a year. Lots of criminals were arrested for murder, drugs, etc., etc.
You never know if something like that happens with a vulnerability in Tor, because of course police, or CIA, or ... will not write it in the papers if they found a hole.

Thanks for the testing links.

RE TOR, I've long been suspicious of it because of its use by government agencies.

Bottom line: Nothing we say/write on the 'net is really private. If we operate from that point of view, moderating our comments and postings, we will train our minds to be better at OPSEC. Keep telling ones mind to STFU while typing. Some people object to self-imposed censorship, but it's a jungle out there.

Sadly, I have "friends" who type in a "train-of-thought" mode and don't really read what they are typing. If your "friends" don't exercise OPSEC on what they put online, then stop communicating with them online. Yeah, that is harsh, but it is your privacy that is at stake...

I see this happening on a forum of which I am a mod. Some members simply assume that they can incriminate themselves freely and, at the same time, expose the forum to the prying eyes of whatever XYZ groups are scanning us. Yes, it happens.

I hope our local mods, here on KubuntuForums, don't consider this as being off-topic. We are talking about Google et al and they are one (not the only) of the problem children for all Internet users.

Just be aware of where we are today...

Tor and Brave on this laptop and on my Android give similar results on the coveryourtracks.eff.org website:
Waterfox and Firefox, not so much:
This laptop has a huge /etc/hosts file from https://github.com/Ultimate-Hosts-Bl...osts.Blacklist that, while it doesn't stop fingerprinting, does stop a lot of the tracking agents.
I also use the hosts.deny file from that website as well.
Over 1,000,000 websites do not get past 0.0.0.0

You'd think that with such a large hosts file my browser would be slow, but the exact opposite is true. With fewer websites placing trackers, cookies, etc... less of your bandwidth is taken by them. Much less.

PS:
I forgot to mention this extension: https://fpmon.github.io/fingerprinting-monitor/

Firefox with ublock and privacybadger extensions installed

One does not need to be very concerned about unique or non-unique fingerprints. Even if a fingerprint is unique it tends to change over time (as you update your software or change some settings, for example, there are also add-ons that randomize parts used in fingerprinting regularly, like every few minutes)...so using a full fingeprint isn't a terribly effective way to track.

That's why most fingerprint tracking uses only some parts of fingerprinting information that could be gathered (like the canvas hash)...and that isn't fully effective either, and most 3rd party script blockers do a fine job of cross-site tracking blocking.

The more your browser is customized (with add-ons, for example) and the rarer your OS/browser are, the better the chance your browser fingerprint is more unique (but that does not mean your tracking protection is worse). For example, someone using Chrome on Windows 10 without installing any add-ons or changing any privacy settings has a higher chance of having a non-unique fingerprint, but that does not mean she's better protected from tracking, quite the opposite.

Unique/non-unique in the tests only means if a browser with the same fingerprint has been tested using the site, so technically you could get a "non-unique" result by just doing the test multiple times (although they might also check the IP for the comparisons, which means you'd need to use a different IP...like with using Tor)...so it doesn't mean much anyway.