• Off Topic

  • Help with VPN/Tor and fingerprinting

Hello everyone. I need your help with a problem I've been having for a while: I'm having a hell of a time integrating anti-fingerprinting methods and using a VPN/Tor into my everyday life.

I'm someone who's already made a lot of changes to improve my privacy, but there are still these two things that I'm desperately unable to integrate for several reasons:

  • VPN and Tor bring up captchas all the time and that drives me crazy.
  • The problem of compromised Tor exit nodes freaks me out, so I don't feel like using Tor to connect to my accounts, for example.
  • if I understand correctly, the fight against fingerprinting includes using as few browser extensions as possible (Tor even advises against using uBlock, which is unthinkable for me). I have to use several extensions (my password manager, ublock and firefox container for the "core 3" ones I can't delete because of convenience reasons), how can I use them without making me identifiable ? Are there any ways to even fight against a type of profiling no longer based on cookies/tags/tracking pixels (all of which can be mitigated) but on the hardware characteristics of my PC, my screen and my browser?

Thank you in advance !

    Bachi

    I don't feel like using Tor to connect to my accounts, for example

    If you are connecting to your own accounts then anti fingerprinting measures accomplish nothing of value (unless you are referring to pseudonymous accounts)

    Tor even advises against using uBlock, which is unthinkable for me

    If you go against the advice of the Tor project and install uBlock into their browser you could potentially be the only one who has that and stand out of the crowd as unique.

    I'm aware that I'm not really being very helpful except to talk around the issues you raise to narrow down some specifics. Have you thought about your threat model?

        MotherShipton Thanks for your reply. As far as my threat model is concerned, I see myself as an ordinary citizen concerned about how his or her data is used on the Internet. I'm not a whistleblower, journalist or politician, and I don't live in a country under an authoritarian regime. My aim is therefore to escape surveillance capitalism on a global scale (private companies, data brokers...). So I thought that hiding my IP and my activities from my ISP would be good practice, but I can't do it for the reasons given above.

        Aldo, not using an adblocker into Tor browser is quite unintuitive for me : I will receive a ton of ads that noscript can't block at all. Am I supposed to "endure" ads on tor browser ?

          Bachi

          Its very difficult as these companies are always coming up with new ways to track.

          Use a good VPN and their DNS (Proton,Mullvad,IVPN)

          Use Vanadium for sign in accounts for extra security, always clear cookies from websites each and every time you use them.

          Use Brave Browser on a separate profile for general browsing so all your eggs are not in one basket.

          Email app like Tuta/Proton that blocks tracking pixels.

          Use different search engines.

          You can change clock settings etc but it depends how far you want to go. You will need to measure between privacy and convenience to what suits your needs. Its impossible to get 100% privacy.

            Here's how I'd do it if I'd be in your place:

            1. Drop Tor completely. It's primary usage is not really to browse network and connect to your everyday accounts etc. Some may disagree but it is not a substitute of a (good) VPN and protons marketing that they use vpn-> Tor is just a gimmick.
            2. Use a (good) VPN with multihop, use only owned servers of possible. Split tunneling is a risk, don't use it if you can.
            3. You seem to be using Firefox on desktop, look into arkenfox config for it, it allows to modify the browser to fight against some of the browser fingerprinting. But this leaves you without some features and makes the browser render in a 'boxed' screen. Block js obviously.
            4. You may want to consider masking your accounts with randomly created ones with single usage. This also allows you to see who sold/leaked your data.

            Bachi
            READ WITH CAUTION, I'M A NOOB!
            I'M NOT AN EXPERT!
            DON'T DO ANY OF THIS WITHOUT VERYFICATION BY AN EXPERT!

            [ Redacted ]

            If security and privacy is crucial for you just attempt to do some of the things I mentioned if A PRO, AN EXPERT CONFIRMS THAT WHAT I WROTE IS ADVISABLE.

            This comments contents was edited to redact the generated text flagged by community members.

            Please read https://discuss.grapheneos.org/d/11951-ai-generated-text-is-forbidden-with-the-exception-of-automated-translation