

Doing it to prevent fingerprinting is utter nonsense since by changing any settings that sites can detect you have made yourself far more easily fingerprinted. “Providing the offer to disable features to reduce attack surface can be useful. because it doesn’t work and is just meant to make users feel that the browser is doing something.” In general, I don’t do privacy / security theatre in GrapheneOS, so I won’t do something like censoring WebGL debug information to pretend that the GPU type can be hidden, etc. Of course, people duped by marketing / branding is a regular topic on this subreddit. Firefox is shipping theatre and Apple is shipping privacy. “If you want to see truly meaningful privacy features, look at some of the stuff Apple is shipping in Safari.

I don’t understand why this is touted as a good fingerprinting defense, I’ve said it many times and security experts like Daniel Micay from the GrapheneOS project agree with me here: Tis will mean that differing major versions of Firefox + user.js can be told apart, not to mention if you alter some setting of the user.js, then you are totally screwed. I mean, you probably fool simpleton approaches like only looking for Canvas or WebGL output, but any more comprehensive scan of the browser’s features would reveal you as unique and there is not enough of a crowd to hide in since so few people do that.įurthermore, to make matters worse, Firefox suffers from major version fragmentation every four weeks, when new major version alter its rendering procedure and / or web standard support. Scripts would notice this suspect output and record it in their database just like any other, and chances are that you have not fixed anytjing because your setup still sticks out like a sore thumb. Hardly anyone applies user.js scripts (below 1% of all Firefox users according to the below source), and these user.js scripts create a very different output from what could normally expected from default Firefox. Firefox being unique by default and not defending you against fingerprinting at all is bad, right? It’s bad for sure, but the solution offered is not very sound either.
Brave browser vs chrome vs firefox install#
Now, Firefox is unique by default, there is zero fingerprinting protection in a fresh install of Firefox… Not even fingerprinting scripts are being blocked, this is opt-in for its tracking protection by default. Firefox randomizes Canvas while Brave statically disables WebGL, it really depends on the output you mean to protect. There’s also overlap between the two, e.g. You either try to make all instances look the same with the same settings and output (Firefox) or you let all instances randomize (Brave). Fingerprinting is being defeated by all browsers looking the same, at least behaviorally.
