I got onto the trail of this idea as a result of a link in one of Panzer's freeware postings - and it appears to be a very serious tracking threat.
(https://browserprint.info/test)

Apparently using Noscript is a help and I see it is mentioned here at the forum already.

Another write-up about it is here:
http://www.thewindowsclub.com/browser-fingerprinting
And in that is suggested Torbutton, which I had not heard of before.

Other related links:
http://www.pcworld.com/article/192648/browser_fingerprints.html
http://bgr.com/2014/07/22/canvas-fingerprinting-internet-tracking-tool/
https://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block
http://www.wilderssecurity.com/threads/block-browser-fingerprinting-at-system-level-hosts-file.354700/
http://www.ghacks.net/2013/08/01/how-to-modify-your-browsers-fingerprint-so-that-it-is-no-longer-unique/
https://www.maketecheasier.com/browser-fingerprinting-and-avoiding-it/

Any info that anyone would like to pitch in will be hugely appreciated.

Thanks.

Quote
smallhagrid
And in that is suggested Torbutton, which I had not heard of before.

Bear in mind that support of Torbutton has ceased.
The End of Torbutton
The above article is dated, May 2nd, 2011.
As for Torbrowser it's overkill for everyday browsing. It will slow down your browsing and might break (some? many?) sites.

You might be interested in this as well (thanks to Siria for noticing about the site):
A comprehensive list of Firefox privacy and security settings

Keep in mind that it is always about a compromise between usability, privacy and security.
However you can set up several profiles in K-Meleon to be used for different tasks and with specific tailored settings.

That's not "offtopic" IMO, but very important for browsing.

Glad you guys keep posting such links, because I keep forgetting them, sigh.

Just want to add a tip regarding "using different profiles with different settings": My macro "Blockeria" is extremely handy for mass-switching customized settings with one click, in the same profile during the same session

Two places where to check your browser privacy in terms of fingerprinting:

IP-check by JonDo

Panopticlick test

Different profiles is IMHO good. To limit what can be found out.

But bear in mind that the fonts (if You have writing programs installed) You have installed and Your IP are fairly unique already. While JavaScript is on.

Web bugs, the content of Your cache, flash cookies can be used.

Then comes Your browser and version. http://browserspy.dk/

So You can be IMHO fingerprinted and traced by people that want it for advertising or other purpose.

Yes, the only way to hide yourself is to use anonimous profile (like one in JonDoFox), some common UA-string (like Firefox 38) and switch off np-plugins (particularly flash) and JS.

Otherwise you fingerprint will be unique always: screen resolution+UA+installed fonts set (latter is a biggest IDfier here in list) do identify you damned precisely.

I want to ask you, folks: do we need KM-paranoid-build for maximum privacy?

Please share your opinions!

Quote
guenter
Your IP are fairly unique already.

AFAIK most people in Germany have dynamic assigned IP-numbers.
Even with a static IP-number the remote server can see only the gateway. Behind a gateway can be dozens of computers.

Quote
guenter
Web bugs, the content of Your cache, flash cookies can be used.

I have disk cache disabled - no noticeable delay on a fast connection and a decent device.
Flash cookies can be deleted and for most media content you don't need flash anyway.

Quote
guenter
Then comes Your browser and version. http://browserspy.dk/

Browser versions are neither unique nor do they last forever.

Quote
guenter
So You can be IMHO fingerprinted and traced by people that want it for advertising or other purpose.

For sure you can be fingerprinted but to get traced individually on the basis of that fingerprint isn't as simple (it depends on unique variables you reveal otherwise it's merely a guesswork) implying unprofitable costs.

Quote
rodocop
Yes, the only way to hide yourself is to use anonimous profile (like one in JonDoFox)

I have my doubts regarding that magic profile of JonDoFox. I assume that it's primarily advertisment for their product.
However if you have the necessary time and intentness, you could install the JonDo-Portable and take a closer look at prefs.js of their Firefox browser.
I assume all changes are made there. In case they are, you could upload the file so we can look at it as well.

Quote
rodocop
Otherwise you fingerprint will be unique always

A billion of unique fingerprints. Let's find out (or guess) which one belongs whom. If a simple hash of a fingerprint would suffice, Google woudn't push for more and more fingerprinting and tracking variables.

Quote
rodocop
I want to ask you, folks: do we need KM-paranoid-build for maximum privacy?

What do you mean by KM-paranoid-build for maximum privacy?
Dorian's build with modified default settings?

I mean custom build set up as close to max public privacy as possible.
I have now some testing assembly, that uses 3 profiles: JonDo-profile, Privacy mode and tor-ready profile.

With some help of comrade hermes (if he will agree to combine our efforts here) we could prepare really paranoid KM ;-)
********

Now about JonDoFox - as I combined it with K-Meleon I was able to test it - and it really does the job of antifingerprinting. It was tested on 2 tests mentioned by me earlier.

********
About linking fingerprint with your real personality...
Well, try this test - it identifies you as PC user (being precise, all that stuff IDfies your system - not browser itself) and than it associates some words (things) with your ID - for illustration purposes.
Then change your browser and retest your system - it will recognize you but it'll say you are existing user with new browser.

Well, imagine you have visited any site where your real person will be uncovered. If you will be fingerprinted there - all you next moves in web will be known to somebody.

Sure you can browse without JS all the time, without plugins, without social networks and online services (banking, shopping, booking, government puproses etc.). But it's really easier to switch internet connection off.
Also there are number of people who have nothing to hide. But there are also a number of them who really needs more privacy sometimes.

So I think it's not a bad idea to have ready build of a familiar browser for such cases.
And other point I suggest - this could be a good thing for KM itself for its popularity. Our user community isn't too large and the privacy agenda is increasingly spreading last time.

So we can make some 'mental junction' between KM and 'private solution'

Quote
rodocop
I mean custom build set up as close to max public privacy as possible.

So we can make some 'mental junction' between KM and 'private solution'

I'm with Yogi on this one. He correctly points out that "our browser" is recognisable, but our person is not. I agree that it may be possible to track my browser through a site where my personal details are (for whatever reason) visible, but at the same time my two loyalty cards are providing two supermarket chains with my family's shopping habits--highly personal stuff.

Having said all that, yes I think developing the extensions to lock down a Privacy Mode would indeed be a Very Good Idea. Just because I don't see the need doesn't mean others don't, and the effort involved can only lead to better browsers.

Much of my thinking is informed by the Tracks in the Snow: the internet is the least private environment I can think of outside a prison. It's not that privacy can't be achieved, it's that we should occasionally look at the problem: we'll never never know if we never never go.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]

Quote
rodocop
Now about JonDoFox - as I combined it with K-Meleon I was able to test it - and it really does the job of antifingerprinting. It was tested on 2 tests mentioned by me earlier.

Aren't you recognized here each time you do the test?

Quote
rodocop
Well, try this test

I did test last year with quite modest results, I mean cross-browser detection didn't work during my tests. Their software was already at v2.
I have tested now again. This time cross-browser detection worked almost perfectly and I'm not pleased about it.
With Opera Presto, K-Meleon 75 & 76rc I was recognized as the same user (during several tests).
With FirefoxESR 45.3 I was recognized as another user (during several tests).
With Torbrowser (using FirefoxESR 45.3) I was recognized as jet another user (during several tests).
So, tests with 5 browsers gave 3 identities.
I assume that the only way to avoid fingerprinting is to disable scripting. It's the 'benefit' of HTML5 and how some of its features get enforced on the user.

Quote
rodocop
Sure you can browse without JS all the time, without plugins, without social networks and online services (banking, shopping, booking, government puproses etc.). But it's really easier to switch internet connection off.

- I don't browse without JS all the time but most of the time. I've been doing so long before fingerprinting became an issue.
- There is a single plugin (NPSWF32.dll) I sporadically use in Opera Presto. K-Meleon and FirefoxESR are plugin-free.
- Call me old fashioned but I'm not a fan of social networks and the last thing I'd give up to their operators would be my real identity.
- I don't expect my bank to sell or exchange the hash of my fingerprint, in case they have it.
- Shopping is an issue but not for me at least. In my circle of friends there is somebody who does the shopping for all of us. Not because of fingerprinting but because of the discounts you get the more and the more often you buy.
---
I have to admit that contrary to what I thought and said before, these tests have convinced me that fingerprinting is today feasible, without circumstances and with negligible expenditures.



Edited 1 time(s). Last edit at 08/09/2016 01:23PM by Yogi.

Quote

Aren't you recognized here each time you do the test?

At least I wasn't associated with my insecured identity. It shows really different config. Even without using JonDo proxy-anonimizing application. If use it, I suppose, I'll get different ID every session.
My JonDoMeleon performs in part of security even better than 'native' JonDoFox' package ;-)

Note also that your test given cannot be run in the most secured config as it requires JS on.

But in real life you are to switch JS off in antifingerprinting mode. And there will be even less 'entropy' to IDfy you.

Quote
rodocop
I want to ask you, folks: do we need KM-paranoid-build for maximum privacy?

Please share your opinions!

No because You can only prevent it mostly (but not totally) by going through slowing anonymiser proxy combined with switching off Flash and JavaScript and load all pages and items always & freshly = no Cache use!

IMHO it is sufficient to have the option of a Profile that is designed for privacy.
It can include all or most of the above to minimize exposure.

It could include a Flash Plugin in ./extensions that is primed not to do Flash Cookies (old or hacked), maybe even a Tor configuration.

p.s. Usually You do not need all this together. Some things largely decrease usability.

JonDo shows the full list of Flash plugin settings needed for full privacy.

Quote
guenter
by going through slowing anonymiser proxy

Anonymisers like TOR can only mask your location (that's what they are designed for) but not identifiers of your device which can be retrieved by the remote server you are connected to.
Softare designed for the latter looks like this or this.

Quote
Yogi

Quote
guenter
by going through slowing anonymiser proxy

Anonymisers like TOR can only mask your location (that's what they are designed for) but not identifiers of your device which can be retrieved by the remote server you are connected to.
Softare designed for the latter looks like this or this.

Yes. But You stripped an AND connected passage out that points to the normal way to silence what info is offered by the browser via JS and Flash plugins.

You can test what info the browser still gives with these wholes shut on browserspy.dk.

There is a tool called Kameleo (not k-meleon). You can use Kameleo to stop browser fingerprinting.

Check out: https://kameleo.io/

Defeating JavaScript fingerprinting technologies
Beating Canvas fingerprinting technology
WebRTC spoofing
Simply start a session with 100% privacy
Saving and reloading profiles with it's cookies and history
Notes and attachments included to your profiles
Proxy management for super privacy
Automatic updates on the defender technology