Hi fellas,
I'd like to discuss strategies for maintaining privacy from big tech and others tracking entities out there. By no means am I an expert on the topic, nor a developer, so I'll mostly be asking a lot of my own questions and concerns about my own strategies.

My Conclusions

From my time spent researching on this forum, I've come to some conclusions about privacy, security, and anonymity:

(1) Anti-fingerprinting (AF) measures in even the best browsers aren't comprehensive enough to protect against sophisticated fingerprinting techniques [I can't recall if examples were provided by members]
(2) Brave is suggested to have the best AF measures. It scores well on the EFF Cover Your Tracks site, although it has been suggested that that site only covers basic fingerprinting methods.
(3) Firefox-based browsers (FFBBs) lack the security of Chromium-based browsers (CBBs), due to a lack of tab isolation, so they are not recommended to use. I can't recall any other security concerns at this time.
(4) The only FFBB recommended by some for privacy is Mull. Tor is still recommended by most for anonymity, albeit a FFBB.
(5)Vanadium lacks AF as good as Brave, but the GOS team is working on new features.
(6) Some GOS forum users are weary of Cromite, as it's a smaller project, but, to me, at least it is a CBB, which could prove useful. I also recall it having slightly better AF score on the EFF site than Vanadium, for whatever that's worth.

Anti-fingerprinting: choose a browser with strong anti-fingerprinting, or isolate with multiple browsers? Or both?

So, my current usage looks like this:
-Always on a VPN.
-Brave, on the merits of (2), for sites that require logins, like banking, online learning, or forums.
-Cromite, on the merit of (6), for anonymous browsing, never logging in to anything.
-Vivaldi for logging into a "fake" Facebook account I use to look things up. The account is in no way connected to my real identity.
-Tor, on the merit of (4), for researching extremely sensitive topics. Honestly, I run Tor through/over my VPN, mainly because I don't like the idea of disabling "block connections without VPN" in android settings. I trust my VPN more than my ISP.
-Mulch for connecting to Google video/voice calls for an online group I am involved with.

My concerns and questions, and self-critiques

I am wondering if I should streamline my approach and do more on Brave, given its good AF. However, given (1), I am hesitant to do so. On that note, I am heavily considering taking advantage of some apps rather than their equivalent websites, to avoid being browser fingerprinted. However, on Graphene, as secure and degoogled as it is, I don't know how much I'm opening myself up to being further fingerprinted. For example, to avoid browser fingerprinting by Udemy or my bank, should I download their apps instead? Udemy's Exodus report shows 9 trackers, including Facebook Analytics and Facebook login. As long as I don't have the official Facebook or Instagram apps installed/logged-in on the same user profile as Udemy, no data would be linked, right? And, even if I were hypothetically logged into Facebook on their app, am I correct in thinking that GOS would protect me from these apps talking to each other? If so, how can a person tell how GOS isolates apps from one another unless the user wants? Is this functionality a false presupposition of mine? Lastly, with these trackers, would Udemy actually be sharing my info with Meta, Facebook/Instagram account or not?

Similarly to the above paragraph, I'm wondering how I should enjoy YouTube. Currently, I use Tubular, but can't take advantage of personalized, recommended videos. If I'm able to make a YouTube account with a burner phone number, would anyone recommend using the actual YouTube app or similar, like Vanced [I know Vanced is gone now]? With the regular YouTube app, I'd lose adblocking and sponsorblock. So, what about using Firefox with extensions like UBlock Origin, instead?

I'm currently not using Mull or Vanadium at the moment because I'm not sure how I want to deploy them. Vanadium has so much value with its strong security that, when I finally want to use it, I want to make the most out of it. I could replace my usage of Cromite with Vanadium, as I do so much anonymous browsing, that a more hardened browser would keep me safer as I traverse the web. If I'm not logging into anything anyway, and I'm always on my VPN, then I don't think I need to be as concerned about fingerprinting as I am with how I use Brave.

I am wondering if I could be making better use of Mulch. Yes, it's not as secure as Graphene, but instead of using it solely for Google video/voice chats, maybe I could delegate it to pseudoanonymous stuff like forum account access. I risk being fingerprinted that way, so I'm unsure. Might be best to leave that with Brave. I am a bit leery on leaving so many of my eggs in one basket with Brave, when it comes to fingerprinting.

Any thoughts on using Brave Beta for anything? Given that it is beta software, I assume most of you will be against its use, for security reasons.

User profiles

I have 4 Graphene user profiles to separate my crypto activity, work apps, personal stuff and browsing, and risky research and related downloads. I do this for extra security and privacy to avoid an event where an app somehow gains access to files I don't want it to have (sorta more overkill than storage scopes, I guess, but I use those too), to compartmentalize my life in case an entity were to have access to things in one of those profiles, and to streamline how groups of apps connect to the internet. With that said, should I be factoring big tech browser and device fingerprinting into this equation, too? I'm sorta already do that to some degree, as I don't trust the work app I use, what with all its big tech trackers, but maybe I could do more. Isolating more apps with trackers, Google stuff, etc. A profile for apps requiring Google Services? I'll leave that in your court, fellas!

Thanks so much for reading all this. Please correct me on anything I've written here. I know how brutally blunt y'all can be ;)

Regards,
Brother Swan

    Brother_Swan am I correct in thinking that GOS would protect me from these apps talking to each other

    Not yet. App communication scopes is in the works though.

      More browsers => More attack surface => Less security
      So yes I think you should streamline your approach.

      You can test your fingerprinting for example here: https://www.amiunique.org/

        Dumdum very helpful. Thank you. Should help me make some decisions in the meantime!

        lambd I appreciate your thoughts on this. I'lll think through how I could revamp my approach.

        Thanks for the link! I haven't checked this out in quite a while. Some fine-grained metrics to look at.

          Brother_Swan
          More thoughts:
          If I have to choose between more privacy or more security on this matter, I will be leaning slightly more towards privacy. If I can have both in this situation, I'll gladly take it, of course. I just feel that my privacy is constantly threatened, but my security, not as much. I get that once security is compromised, so is privacy, but Android and Graphene are pretty damn secure projects, I figure. All that said, I'm not super educated on cyber threats. Would love to learn more about how things can go sideways on Android/mobile devices!

          Brother_Swan (2) Brave is suggested to have the best AF measures.

          Tor Browser is much better than Brave in this regard.

          Brother_Swan It scores well on the EFF Cover Your Tracks site

          Seriously, forget Cover Your Tracks. And also other fingerprinting test sites. You need to know how to interpret them and the vast majority of visitors don't, leading to wrong conclusions.

          Brother_Swan although it has been suggested that that site only covers basic fingerprinting methods.

          Yes, much too basic.

          Brother_Swan I can't recall any other security concerns at this time.

          There are plenty of security aspects, where Firefox is behind on Chromium, especially on Android, where FF does not even has an internal sandbox (isolatedProcess).

          Brother_Swan (5)Vanadium lacks AF as good as Brave

          Anti-fingerprinting is not just a question of mitigations, it is especially one of homogeneity. Ask yourself, what are the distinguishing factors between users on Brave? What are the factors on Vanadium? Do users individualize their browser through settings? And how do mitigations come into play? Then you will realize that Vanadium does not fare bad with respect to fingerprinting, even though it has no active mitigations.

            2 months later

            TheGodfather
            Thanks for the reply. It's been a busy summer, so haven't been around much!

            On Vanadium and Brave fingerprinting:
            I get what you mean; Vanadium users will all be on some kind of Pixel and likely won't mess with the default settings, whereas Brave users could look more unique, given all the different devices out there, and customizations. However, it makes me wonder how many Vanadium/GOS users are out there in one's own time zone, on the same model of Pixel.

            Does Vanadium's user agent or any other characteristic read as anything other than regular old Chrome to websites with sophisticated fingerprinting? Can they read between the lines, so to speak, when it comes to user agent versions behind the current version, stuff like that?

            I am curious about advanced fingerprinting, if you have any more info on the topic. I thought canvasing techniques were advanced enough. Lol.

            Aside from that comparison, I thought I'd bring up an observation or two about Cover Your Tracks. When running it on Mull, I certainly believe that it's unfair towards it, at least on one metric: screen resolution. Mull appears to constantly report random resolutions with every page refresh—something that I see as great for anti-fingerprinting. However, EFF's site sees these strange resolution numbers and counts them towards the user's uniqueness. That's certainly one instance in which a user may see negative results and think his/her browser is a poor performer.

              Brother_Swan Does Vanadium's user agent or any other characteristic read as anything other than regular old Chrome to websites with sophisticated fingerprinting?

              In Vanadium's default state, there are some differences to Chrome, like content blocking, JIT, referrer handling, and others, which could be checked and don't need advanced fingerprinting.

              Brother_Swan Aside from that comparison, I thought I'd bring up an observation or two about Cover Your Tracks. When running it on Mull, I certainly believe that it's unfair towards it

              CYT's statistics and uniqueness are garbage. Ignore them. Good fingerprinting scripts should be able to detect commonly used defenses like Firefox's RFP and FPP and not get easily confused by these tampered values.