Skip to content

What is a fingerprint and what is it for? Basic browser settings for online anonymity. Part 1

An urgent problem in the world today is the protection and security of personal data online. The widespread use of technology makes it easy to collect personal information. In addition, users self-share in social networks, messengers, email correspondence and other online platforms, often without even knowing that their data may fall into the wrong hands.

In today’s world, it’s no surprise that everything and anything is tracked: smartphones, tablets, computers, smart devices, software, etc. On the one hand, companies that collect information do everything to improve this or that service, to make this beautiful world even better and to improve the quality of user interaction. On the other hand, they make money on users, analyze behavioral factors, form characteristic patterns, and manipulate to maximize profits.

The first part will talk about what fingerprints are, setting up your browser, and protecting your identity online.

Fingerprint or sometimes foorptrint is a complete digital fingerprint of your device, consisting of information about your operating system, settings, active browsers, installed plug-ins, etc. Such a fingerprint is represented as a unique code or picture.

In the field of information technology, a fingerprint is commonly referred to as the ability to uniquely identify a person through their device, settings, software, and other user characteristics.

What’s the difference between cookies? To begin with, cookies are relevant within a single domain, while fingerprints allow you to track the sources of conversions to a target site and the paths of conversions from that site. Cookies, including perpetual cookies, can be cleared or blocked, which is not a laborious process. Fingerprints, on the other hand, can only be tampered with.

Fingerprinting technology can be interpreted as a significant vulnerability in information security and, at the same time, as a violation of user privacy and confidentiality. We visit certain websites, many of us have personal settings in our browsers: fonts, plugins, bookmarks, add-ons and extensions, screen resolutions, window layout, navigation button placement, etc. The combination of these elements represents a unique digital fingerprint of the device and can be conventionally compared to a person’s biometric data, namely fingerprints.

Where is the browser fingerprint used and what is it used for?

Many of us see no problem in the fact that every step and every action, is controlled and deposited in “big data”. Others, on the contrary, are extremely concerned about their privacy, that they develop special tools and programs that verify, impede, distort and block the collection of information.

Digital fingerprints are used to prevent fraud and “identity theft. The Internet user unknowingly provides data about himself, without any consent. As the amount of data collected increases, a person’s profile is formed, which is able to contain it:

  • Gender;
  • age;
  • marital status;
  • political views;
  • financial status;
  • interests;
  • habits, etc.

It would seem that this information is only superficial, without reference to a specific person, i.e. there is some subject who has certain parameters and relations to certain things, but who exactly is unknown. But this is only for the time being, if a person indicates real personal data, such as name, phone number, address somewhere, a fingerprint will allow companies to fully identify you and thereby complete the formed profile.

Users are deprived of the ability to prohibit sites from this type of data collection. Subsequently, collected databases of browser fingerprints can be shared with other companies for sharing, which inevitably leads to the identification of users.

Now let’s discuss how to get around it.
VPN and proxy servers.

Here in brief. VPN is the easiest method to bypass regional bans. Changes your IP to the one available on the service. Does not protect from multiple trackers and does not affect already picked up cookies.

Proxy is a free pad that does not encrypt your traffic. Don’t skimp on a good multi-channel VPN – and enable it even by switching to a dedicated server, which we’ll talk about next.

Browsers and add-ons
Firefox is considered to be the most reliable browser. We install plugins on it:

raleyes – gets rid of tracking through CDN.

Privacy Badger – gets rid of trackers, protects privacy.

HTTPS Everywhere – protects from MITM on the web.

ScriptSafe – removes everything unnecessary.

Ready configure: https://pastebin.com/73QwJFeK

Privacy Settings – simplifies the work with configurations + there is a privacy mode.

User Agent Swither – plugin performs browser identity spoofing.

Antidetect – similar to the previous plugin with more advanced settings. Paid and quite expensive.

Ghoster – plugin blocking analytics trackers, ads and other beacons.

Multiloginapp – a platform created to substitute different browser features. The program is designed to work with a large number of browser profiles. Each profile is in its own “container” and the option of one browser’s history, cookies and fingerprints being swapped out is eliminated.

There are also specially built browsers for anonymous web surfing:

TOR – is the most famous and popular of these.

Pale Moon – an open source browser based on Firefox.

Manually
Making your digital footprint less unique can help with manual changes such as:

  • Changing the time zone of the device;
  • Setting a different operating system language for the device;
  • Set a different browser language;
  • Changing the device’s screen resolution;
  • Changing the scale of a web page;

Disabling Flash, Javascript, and WebGL.

Dedicated servers
Using dedicates (from the word dedicated server) is still considered one of the most effective ways to preserve your anonymity. It is a separate physical machine from which no data is transmitted to your main and working machine.

Pros: Configuration of HTTP/SOCKS proxy or SSH/VPN connection of choice; Controls request history; Helps when attacking via Flash, Java, JavaScript if using a remote browser;

Disadvantages: Relatively high cost Requires technical knowledge to configure correctly.

The main reason for its popularity and effectiveness is that such a virtual computer is completely new and clean for the Internet, it works 24/7 and does not transmit any information about the end user or the characteristics of his computer (they say Facebook tracks even the MAC address).

Configuring the browser using the about:config page


This page contains links to various browser resources.

I won’t go into each resource, just point out a few interesting and useful examples.

about:support

This is where you can find out all the details about the browser, the user-agent, whether multiple threads are supported, or if you have a compositing manager for rendering the interface, for example.

This is also where you get the path to your Profile Directory. Why you need it, I will describe below. Unfortunately, the mobile version does not show the path to the profile folder, so I will share with you mine (only relevant for android).

/data/data/org.mozilla.firefox/files/mozilla/*.default

Profile folder consists of 2 parts – * – random string (a unique set of letters for each device) + .default – for the default profile.

about:memory

Here you can see what the browser memory is used for, mostly useful for web frontend developers.

about:addons

The page with your extensions, can also be accessed from the graphical menu.

about:networking

Page with detailed information about visited sites, dns and websockets. Also useful for web developers.

about:config

Finally, the page where all the available browser settings are in key-value format.

Detailed browser settings

In about:config there is a graphical value editor, everything should be understandable there.

But the user.js file, as you can see from its extension, assumes that all settings will be in a format that the javascript parser can understand. For example:

user_pref (“browser.bookmarks.restore_default_bookmarks”, false);

user_pref – is an object that contains all the settings.

Everything in quotes “browser.bookmarks.restore_default_bookmarks” is a key.

After the comma comes the value.

The key is always a string, but the value can be of different types, strings, numbers or a boolean value true/false.

The setting shown in the example is responsible for restoring bookmarks by default and has a value of false. If you change this value, all your bookmarks will be deleted and the default set of bookmarks will be restored.

Other settings.

user_pref(“browser.bookmarks.showMobileBookmarks”, true);
This setting allows the desktop to see your bookmarks from the mobile version, if you have synchronization enabled.

user_pref(“browser.ctrlTab.previews”, true);
When you switch tabs, the page previews are displayed.

user_pref(“browser.download.autohideButton”, false);
user_pref(“browser.download.panel.shown”, true);
Settings that are responsible for displaying browser downloads.

user_pref("browser.library.activity-stream.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.places", true);
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.filterAdult", false);
user_pref("browser.newtabpage.activity-stream.prerender", false);
user_pref("browser.newtabpage.activity-stream.showSponsored", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
user_pref("browser.newtabpage.activity-stream.topSitesRows", 3);
user_pref("browser.newtabpage.enhanced", true);

All activity-stream settings are responsible for your activity. “newtabpage” is responsible for displaying content in a new tab. I disabled almost everything, except “feeds.places”, which is responsible for displaying recently visited pages in a new tab. By the way, all the settings containing the word “endpoint” are responsible for the address to which the data is sent. If you use an empty string, no data will be sent.

user_pref("browser.ping-centre.telemetry", false);

One of the settings responsible for telemetry. I disable it to speed up surfing, because every action takes resources, even if it runs in parallel. Since I know firsthand how to profile programs and how much it slows down the performance, it’s better to do without it.

user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.provider.google.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.lists", "");
user_pref("browser.safebrowsing.provider.google.pver", "");
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.advisoryName", "");
user_pref("browser.safebrowsing.provider.google4.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.lastupdatetime", "");
user_pref("browser.safebrowsing.provider.google4.lists", "");
user_pref("browser.safebrowsing.provider.google4.nextupdatetime", "");
user_pref("browser.safebrowsing.provider.google4.pver", "");
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
user_pref("browser.safebrowsing.provider.google4.updateURL", "");
user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
user_pref("browser.safebrowsing.provider.mozilla.lists", "");
user_pref("browser.safebrowsing.provider.mozilla.pver", "");
user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");

“safebrowsing” – these settings are responsible for checking the visited sites to make sure they are safe. This check involves checking the site host in the local database to blacklist and check the downloaded files on google servers.(Thanks to dartraiden for the tip) In the case of a positive response is shown instead of a service page with a warning. I disabled this check to speed up my surfing. Perhaps those who use Windows should not do it.

user_pref("browser.search.countryCode", "US");
user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", "");
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.hiddenOneOffs", "Bing, Amazon.com, Twitter");
user_pref("browser.search.region", "US");
user_pref("geo.wifi.uri", "");

Search settings. I put the region US, for anonymity of search queries. I also turned off the search location (“geo”).

user_pref("browser.tabs.loadInBackground", false);
user_pref("browser.tabs.tabMinWidth", 30);
user_pref("browser.tabs.warnOnClose", false);

Tab settings. I want to mention “tabMinWidth” separately. In Chrome, if you open multiple tabs, the text disappears. But in Firefox, this setting is responsible for the minimum tab length. And if you have more tabs open, they still do not shrink, but just hide and additional tab control buttons appear. For me, this system is very convenient, because I constantly open a lot of pages from the same site and without the text you constantly have to guess which page is where.

user_pref("browser.urlbar.clickSelectsAll", true);
user_pref("browser.urlbar.maxRichResults", 15);
user_pref("browser.urlbar.trimURLs", false);

When you click on the address bar, the entire address is highlighted, not the current word. Also, https is not hidden in the address bar.

user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.firstRunURL", "");

Mozilla Corporation Reports.

user_pref("device.sensors.enabled", false);
user_pref("device.sensors.motion.enabled", false);
user_pref("device.sensors.orientation.enabled", false);

This is more for the mobile version, but sometimes laptops have some sensors too.

user_pref("devtools.aboutdebugging.showSystemAddons", true);
user_pref("devtools.onboarding.telemetry.logged", false);
user_pref("devtools.theme", "dark");
user_pref("devtools.toolbox.splitconsoleEnabled", false);

Developer tool settings.

user_pref("dom.push.enabled", false);
user_pref("permissions.default.desktop-notification", 2);
user_pref("permissions.default.geo", 2);

Duplicates the disabling of notifications from the graphical menu.

user_pref("experiments.activeExperiment", false);
user_pref("experiments.enabled", false);
user_pref("experiments.supported", false);

I don’t feel like experimenting. The setup is for the amateur).

user_pref("extensions.pocket.enabled", false);
user_pref("extensions.ui.dictionary.hidden", false);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.webextensions.remote", true);

Extensions settings. Pocket off.

user_pref("findbar.highlightAll", true);
user_pref("font.internaluseonly.changed", true);
user_pref("font.minimum-size.x-western", 10);
user_pref("font.name.monospace.x-western", "Hack");
user_pref("font.name.sans-serif.x-western", "Hack");
user_pref("font.name.serif.x-western", "Hack");

The font settings, duplicate the graphical settings of the smooth scroll, picked up experimentally.

user_pref("general.smoothScroll.durationToIntervalRatio", 1000);
user_pref("general.smoothScroll.lines.durationMaxMS", 100);
user_pref("general.smoothScroll.lines.durationMinMS", 100);
user_pref("general.smoothScroll.mouseWheel.durationMaxMS", 150);
user_pref("general.smoothScroll.mouseWheel.durationMinMS", 50);
user_pref("general.smoothScroll.other", false);
user_pref("general.smoothScroll.pixels", false);
user_pref("general.smoothScroll.scrollbars.durationMaxMS", 100);
user_pref("general.smoothScroll.scrollbars.durationMinMS", 100);

user_pref("general.useragent.override", "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/64.0");
user_pref("general.useragent.vendor", "");
user_pref("general.useragent.vendorSub", "");

User agent settings, if you don’t need them, it’s better not to touch them.

user_pref("general.warnOnAboutConfig", false);

Disable the warning window when visiting about:config

user_pref("gfx.use_text_smoothing_setting", true);
user_pref("gfx.webrender.enabled", true);
user_pref("gfx.webrender.highlight-painted-layers", false);
user_pref("layers.acceleration.force-enabled", true);

Rendering acceleration.

user_pref("intl.accept_languages", "en-us,en,uk,ru");
user_pref("intl.locale.requested", "en-US");

This information is designed to automatically select the language on the site, although the sites themselves rarely pay attention to this setting. I hope this situation will change in the future.

user_pref("layout.css.devPixelsPerPx", "1.25");
user_pref("layout.css.osx-font-smoothing.enabled", "true");
user_pref("layout.word_select.stop_at_punctuation", true);

I’d like to highlight the “devPixelsPerPx” setting in particular. This setting is responsible for the scaling of the interface and will be particularly useful for people with low vision or on computers with high screen resolution. The default setting is “1”.

user_pref("media.autoplay.enabled", false);
user_pref("media.av1.enabled", true);

Video related settings. Disables autoplay and enables experimental support for the new AV1 codec.

user_pref("network.allow-experiments", false);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.dns.disablePrefetch", true);
user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);
user_pref("network.security.esni.enabled", true);
user_pref("network.tcp.tcp_fastopen_enable", true);
user_pref("network.trr.mode", 2);
user_pref("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
user_pref("network.warnOnAboutNetworking", false);
I would like to explain this group of settings in more detail.

“dns.disablePrefetch” and “predictor.enabled” are responsible for pre-visiting links on the page to speed up loading if the user wants to click on any of the links. If the internet is slow, it only makes things worse, especially in the mobile version somewhere on the subway.

“tcp.tcp_fastopen_enable” enables TCP Fast Open

“trr.mode” is responsible for DNS Over HTTPS. Value 0 completely disables DoH; 1 – uses DNS or DoH, whichever is faster; 2 – uses DoH by default, and DNS as a backup; 3 – uses DoH only; 4 – mirroring mode where DoH and DNS are involved in parallel.

The “trr.uri” is responsible for the server that the browser uses to get the IP address of the visited sites.

“security.esni.enabled” is responsible for Encrypted SNI

user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.firstparty.isolate", true);
// Disables remembering the zoom level for the site
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts", false);

Privacy settings.

user_pref("privacy.userContext.enabled", true);
user_pref("privacy.userContext.longPressBehavior", 2);
user_pref("privacy.userContext.ui.enabled", true);

“userContext” enables Multi-Account Containers.

This add-on isolates cookies and browsing history into separate containers. Unfortunately, only for the desktop. I have isolated all Google, Facebook and several other important services separately. Also, if you additionally install the Multi-Account Containers extension, you can use it to bind sites to containers. Even if you open a link from one container that is linked to another, it opens in that container, in a new tab. It is very convenient.

user_pref("reader.color_scheme", "dark");
user_pref("reader.content_width", 12);

Firefox has a very handy page reader mode that removes everything but the text. It’s far from perfect, it cuts out some tags with text, but it’s still very handy to use. You can activate it here:

user_pref("security.ssl.errorReporting.automatic", true);
user_pref("toolkit.identity.enabled", false);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.coverage.opt-out", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.infoURL", "");
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);

A variety of telemetry. Again 🙂

user_pref("widget.chrome.allow-gtk-dark-theme", true);
user_pref("widget.content.allow-gtk-dark-theme", true);
// user_pref("widget.content.gtk-theme-override", "Adwaita:light");

How do I hide (change) my browser fingerprint?
There are protective measures when using browsers, but none of them will work 100%. And there is a logical question: “Does it make sense to use any specialized software or install extensions to block certain processes when you visit websites?” The answer will be ambiguous, because there is a kind of dissonance.

When you try to fight against tracking and use specific browser settings and special software, you unambiguously increase the uniqueness of your digital fingerprint, thereby making it more likely to identify you and build a user profile.

Repeated studies have confirmed that computers and software with “default settings” are more difficult to identify and “link” to a specific person, while even small changes have the opposite effect.

In practice, the most effective protection is the use of Tor Browser, the developers of which put quite a lot of effort into reducing the uniqueness of fingerprints. For everyday use, a good option would be to use an extension such as Privacy Badger. With it, you can reduce the level of tracking and the amount of information transferred. For even more confidence and privacy protection, all of this should be used on a virtual machine.

All of these methods have their place, but for the average user, they are a hassle and a waste of time.

If the topic is quite interesting and relevant for you, watch the video from Ufocoder, where he explains and shows in quite some detail how the technology of fingerprinting works and whether it can be fought:

In the next article, we’ll look at ways to spoof fingerprints, as well as other “anonymous” browsers.

You have been fucked, are being fucked, and will continue to be fucked. The government, hackers, officials.

It’s impossible to stop this swinger party. But I will teach you how to protect yourself. I’ll show you and tell you what Hacker magazine doesn’t write about and other outlets don’t tell you or just don’t know about. Here you’ll find a selection of the best articles and videos on cybersecurity. Everything from Wi-Fi audits to car break-ins (if you’ve lost your keys). As well as hot news with author commentary.

Never use the methods described in the article. This article is written for informational purposes only. The author is not responsible for the application of the skills. Otherwise, you are breaking the law.

Leave a Reply