-
Members of the previous forum can retrieve their temporary password here, (login and check your PM).
Digital Fingerprinting
- Thread starter Icon
- Start date
Lately I've stepped up my privacy game quite a bit and have been looking into ways to turn myself into a ghost on the network. An OS-level enforced DNS-over-HTTP (DoH) is a must have, but on top of that I also use the supposedly most secure and reliable VPN provider out there, jumping through a couple of servers all through a WireGuard UDP tunnel with killswitch on. On top of that, I also use LibreWolf, which is a Mozilla fork aimed at maximum security and privacy.
Among the many wonderful fine-grained privacy options it has, it also offers a very thorough anti-fingerprinting feature that blocks most known fingerprinting scripts right out the gate, as well as do things like letterboxing your websites (changing the display resolution so that the fingerprint contains false resolution values) and others.
However, I use only this browser for all of my browsing, and that's an issue, because I log in my personal accounts, and that means my fingerprint can be correlated.
For that to take place, three conditions must be true:
And as the person in this video explains, this is a tricky thing to work around. One approach is to obviously use separate browsers for public-facing browsing (gmail, facebook, etc) and private browsing. This splits your fingerprint in two and drastically reduces the chances of you being identified.
The other option is to use a containerization extension, like Temporary Containers for Firefox, which does what the name implies - creates temporary containers that hold completely separate browser sessions with a different fingerprint. You can either use those to do your public-facing browsing, or your anonymous browsing, and it all stays within the same application.
Really, there's no optimal way to solve this issue, you can just do your best to mitigate its potential impact. At least when using a good VPN, your location will not be discoverable.
Among the many wonderful fine-grained privacy options it has, it also offers a very thorough anti-fingerprinting feature that blocks most known fingerprinting scripts right out the gate, as well as do things like letterboxing your websites (changing the display resolution so that the fingerprint contains false resolution values) and others.
However, I use only this browser for all of my browsing, and that's an issue, because I log in my personal accounts, and that means my fingerprint can be correlated.
For that to take place, three conditions must be true:
- Both websites load the same third-party fingerprinting script
- That third party must have a unified cross-site tracking system
- I'm logged into an account controlled by that third party on at least one site
- "Fingerprint X belongs to a logged-in Google user, therefore the session on this other site is also them."
And as the person in this video explains, this is a tricky thing to work around. One approach is to obviously use separate browsers for public-facing browsing (gmail, facebook, etc) and private browsing. This splits your fingerprint in two and drastically reduces the chances of you being identified.
The other option is to use a containerization extension, like Temporary Containers for Firefox, which does what the name implies - creates temporary containers that hold completely separate browser sessions with a different fingerprint. You can either use those to do your public-facing browsing, or your anonymous browsing, and it all stays within the same application.
Really, there's no optimal way to solve this issue, you can just do your best to mitigate its potential impact. At least when using a good VPN, your location will not be discoverable.
I believe that is correct. No matter how far you go into your efforts in disappearing from the web, a sufficiently knowledgeable and determined expert can eventually track you down, especially if they have some legal power behind them, such as forcing a VPN provider to expose your traces. But I think such extreme cases are only limited to terrorists and other individuals residing on the far end of the criminal spectrum.
Using Tor Browser goes a long way. All Tor Browser users have the same fingerprint (it's designed to be like that), and Tor itself relies much less in trust than a VPN. However, many websites block connections from Tor exit nodes, and thus Tor users.
About someone smarter and with enough resources, that's true. However, resources are limited. Most surveillance you're exposed to is dragnet surveillance, which is perfectly possible to defeat. So, for a normal person's threat model, being protected from that makes a huge difference.
The more "interesting" you are to powerful actors, the more chances you have of many resources being invested in tracking you. If you're the leader of an international terrorist group, you better not use the Web at all. But that's not the case for most people.
I just mention this because there's a piece of defeatist propaganda that goes "if the CIA and NSA set their eyes on you there's almost nothing you can do, so why protect yourself at all?". Perfect security doesn't exist, what exists is security adequate to your threat model. If the CIA wants to enter your house they will, and yet you still lock the door.
Don't fall for that.
About someone smarter and with enough resources, that's true. However, resources are limited. Most surveillance you're exposed to is dragnet surveillance, which is perfectly possible to defeat. So, for a normal person's threat model, being protected from that makes a huge difference.
The more "interesting" you are to powerful actors, the more chances you have of many resources being invested in tracking you. If you're the leader of an international terrorist group, you better not use the Web at all. But that's not the case for most people.
I just mention this because there's a piece of defeatist propaganda that goes "if the CIA and NSA set their eyes on you there's almost nothing you can do, so why protect yourself at all?". Perfect security doesn't exist, what exists is security adequate to your threat model. If the CIA wants to enter your house they will, and yet you still lock the door.
Don't fall for that.
Wise words in here.
That's my way to stay hidden. I have zero value for the capitalistic system
fink
overthinking the unthinkable
A good friend works as a freelance cyber security specialist. He lives in a constant paranoid bubble and rightly so. He taught me about Tor and the DW.
But when he starts telling the reality of the cyber world, I have to stop him. I dont want to have his level of knowledge combined with my amateur abilities.
But when he starts telling the reality of the cyber world, I have to stop him. I dont want to have his level of knowledge combined with my amateur abilities.
Even if you are in the know, it is still a matter of how much someone wants to find you. If the incentive is close to zero, all these extra steps are not needed.
All I could get living this way is some dmt vape ad, and that is about it. Maybe it is the nature of the land I live in and my upbringing. I have no anxiety at all about anyone finding me
All I could get living this way is some dmt vape ad, and that is about it. Maybe it is the nature of the land I live in and my upbringing. I have no anxiety at all about anyone finding me
The problem is, it's not zero. Dragnet surveillance is the default for everybody precisely for that reason
Surveillance is not only about someone finding you. It's also about keeping tabs on you, predicting your behavior, and influencing it. It won't be "someone" doing it, that's reserved for high profile cases. It's completely automated.I have no anxiety at all about anyone finding me
Also, don't underestimate how "interesting" you may be. You're someone who talks about and takes substances considered harmful and/or a threat by many, and have often expressed political dissent.
I urge everyone reading this to take basic steps to make dragnet surveillance less effective on you. You don't need to be technically proficient, just a few simple steps can make a difference. Think of it as basic hygiene: it doesn't prevent you from getting sick, but it does significantly reduce exposure.
The mentality of "nothing to hide" is just the B side of paranoia. Both come from a feeling of lack of control. Paranoia is an extreme "fight" reaction that completely overshoots, "nothing to hide" defeatism is a "freeze" reaction of submission.
Instead of gut reactions, it's both possible and preferabe to react in a balanced way. The choice needn't be between sleeping with one eye open while holding your gun inside a fortified complex, or living your doors and windows open. You can just lock your door and close your windows. And you'll have avoided most of the risk that's relevant to you.
@blig-blug, your attempt to infuse paranoia into my life is worth admiration, but I won't bite 
On a serious note, I get where you are coming from, and you are very right to have this position. Maybe a part of me wants to get caught and be done with the whole charade.
Honestly though, I have no social nets, no following, or any roots where I live. The only one I care about is my elderly mom, and if something I don't like comes our way, we are going to move from Europe right that year. I sell nothing, and all I do online is in a spirit of "harm reduction." I had my share of darkness and don't want anyone else to experience it.
My case may be kind of unique, so I would advise anyone else to follow what @blig-blug suggests. Oh, and I doubt that anyone can brainwash me into anything after the corona craze. I swear I will buy a VPN account if they have good prices this Black Friday. Any more suggestions?
On a serious note, I get where you are coming from, and you are very right to have this position. Maybe a part of me wants to get caught and be done with the whole charade.
Honestly though, I have no social nets, no following, or any roots where I live. The only one I care about is my elderly mom, and if something I don't like comes our way, we are going to move from Europe right that year. I sell nothing, and all I do online is in a spirit of "harm reduction." I had my share of darkness and don't want anyone else to experience it.
My case may be kind of unique, so I would advise anyone else to follow what @blig-blug suggests. Oh, and I doubt that anyone can brainwash me into anything after the corona craze. I swear I will buy a VPN account if they have good prices this Black Friday. Any more suggestions?
Oh, it's not really about getting caught. It's not even about you specifically.@blig-blug, your attempt to infuse paranoia into my life is worth admiration, but I won't bite
On a serious note, I get where you are coming from, and you are very right to have this position. Maybe a part of me wants to get caught and be done with the whole charade.
Honestly though, I have no social nets, no following, or any roots where I live. The only one I care about is my elderly mom, and if something I don't like comes our way, we are going to move from Europe right that year. I sell nothing, and all I do online is in a spirit of "harm reduction." I had my share of darkness and don't want anyone else to experience it.
My case may be kind of unique, so I would advise anyone else to follow what @blig-blug suggests. Oh, and I doubt that anyone can brainwash me into anything after the corona craze. I swear I will buy a VPN account if they have good prices this Black Friday. Any more suggestions?
Suppose you are the perfect citizen. Not a single illegal behavior, not a single unapproved opinion. You already buy what they want you to buy, and change of opinion when you get the right message. It would still be better if that hypothetical person didn't accept dragnet surveillance (something unrealistic given how I have described this person, but anyways).
The problem is that it fosters social acceptance of dragnet surveillance, based and in good measure caused by propaganda that tells you that there's nothing you can do, they already know everything, etc. (which are lies, if they were true there would be no need to promote those messages or say anything at all about it). If it's accepted that there's no point in following basic hygiene unless "you have something to hide", the mere act of following basic hygiene becomes suspicious and raises your profile. People that actually are in vulnerable positions and need more protection than normal become more noticeable and exposed.
Other aspect of this is that you contribute datapoints on your behavior that will contribute not only to attempts to manipulate you, but to improve social prediction and manipulation (and thus, control) at a larger scale. Even if you aren't manipulated in the end, you are contributing data as to how to better control everyone else. And how to predict your behavior and the behavior of others. For example, how to better predict if someone is "a drug user".
I'm not trying to convince you specifically, but to counteract the message that there's no use in following basic hygiene. It's a social and cultural problem, not an individual one. That's why I don't want to let the (very successful) propaganda message of "there's nothing you can do to completely prevent sickness, so don't ever wash your hands" go unchallenged.
Last edited:
Oh, I see that you are very serious about it. Sorry for my sarcasm, then. Life is hard here, so I try to joke as much as possible.
I do think that we have no choice, though. This surveillance is the future of countries' stewardship, but I get your position and respect it.
Can you lay out what you mean by basic hygiene, then? I already use secure DNS. A VPN and a dedicated secure browser are the next step from what I understand.
Yes, here are some specific suggestions.
- Do use a VPN, but it needs to be a trustworthy one. Using a VPN is transferring trust from your ISP to the VPN operator, and for many VPNs that can actually make things worse. I don't want to promote anything myself, but here are a few suggestions likely to be fine for a normal user: Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides
- Use uBlock Origin. Chrome doesn't support the full uBlock Origin anymore (it's made by Google, an ad company, so that's not surprising). So that means:
- Use Firefox (or a Firefox-based browser). Activate "Strict" mode in Settings > Privacy & Security > Enhanced Tracking Protection.
- Set your browser to either delete cookies at the end of the session or use Firefox Containers to contain your Google, Facebook, and similar logins. If you avoid having an account there to begin with, even better.
- Avoid communicating through known unsafe channels as much as possible. That includes: social media direct messages, Facebook messenger, SMS, unencrypted email, WhatsApp (despite their claims to end-to-end encryption, if someone wants me to talk more about why just ask). Signal is a good alternative for most people and used by many already, there are others (I use a different one).
So, I'm not a lost cause already… Good to know. I see that I can make some improvements in my safety routines. Any opinions about Telegram?
Thank you for this list; I'll make it a to-do one
Here&Now
Titanium Teammate
I think some people are just more prone to deeply valuing their privacy. I would definitely count myself among them. But I can also see the other side, where the effort seems unimportant. There really is a tinge of paranoia in my lifestyle, but I wear it proudly, lol.
I agree with everything said here on the topic, and I'll link a site that has helped steer me towards useful software for use with the goal of privacy in mind.
www.privacytools.io
I agree with everything said here on the topic, and I'll link a site that has helped steer me towards useful software for use with the goal of privacy in mind.
Best Privacy Tools & Software Guide in in 2025
The most reliable website for privacy tools since 2015. Software, services, apps and privacy guides to fight surveillance with encryption for better internet privacy.
www.privacytools.io
It's an interesting case. The E2E encryption protocol that Telegram follows is legit, as there are alternative clients (that is, not made by Telegram) that implement it. So, Telegram is probably mostly fine if your chat is a "Secret Chat" (I think that's the name of it).
However, that's not the default. By default, Telegram chats are not end-to-end encrypted, so they have full access to them.
So, with Telegram, you are safer than with most if you use "Secret Chats", but when you don't do it, you are actually much more exposed.
Here&Now
Titanium Teammate
With stuff like this coming, I feel like the battle for personal privacy may be a losing one.
gizmodo.com
Palantir CEO Says a Surveillance State Is Preferable to China Winning the AI Race
He also had strong opinions about people's "god-given" rights to eat a hotdog and flirt with someone who isn't their spouse.
gizmodo.com
These guys would be exempt from any surveillance, as always. It is the same with European Chat Control, where politicians are not under any control at all.With stuff like this coming, I feel like the battle for personal privacy may be a losing one.
Palantir CEO Says a Surveillance State Is Preferable to China Winning the AI Race
He also had strong opinions about people's "god-given" rights to eat a hotdog and flirt with someone who isn't their spouse.