What privacy extensions do you use on your desktop browsers?

traveller

What privacy/antitracker extensions would you recommend? I mainly use Safari as my desktop browser and Vanadium on my phone.
I know it is not possible to fully stop tracking/fingerprinting, but at least I'd like to reduce obviosity that I am the same user with my real name/age/etc when visiting different non-relevant sites, where I never entered my personal data? The last part makes me uncomfortable.
Thanks!

pixelfairy

traveller Run browsers in virtual machines with as close to default as possible. If you want to go farther, virtual machines can their own vpns. Ublock Origin still works in Firefox.

Whonix has one setup, so you'll look like all the other Whonix users. If you use that, don't change any browser settings.

N1b

traveller Generally any add-on reduces security and privacy (as in fingerprinting). So in almost every case I'd say it's better to not install an add-on. On top of that there's always the risk that a privacy tool sells out and gets back at you.

Personally I go with the following:

Brave Browser: No additional add-ons (maybe password manager add-on for convenience, but definitely decreases privacy)
Firefox/Librewolf: uBlock Origin (maybe password manager too)
Mullvad browser: Change nothing!
Tor Browser: Change nothing!

That's my 2 Cents

Molasses

traveller

You can use Ublock Origin Lite (by Raymond Hill) for Safari. It's available in the App Store for free.

Other than that, minimalism is key in order to keep attack surface and the potential for fingerprinting low.

AcclaimSublevel19

N1b (maybe password manager too)

I wouldn't recommend that, a native password manager with browser autofill capabilities would reduce attack surface. Password manager extensions (even Bitwarden) have had vulnerabilities in the past.

monozygote

N1b I always wondered about this, I use keepassxc and keepass2android. On mobiles it's generally all fine. On desktops for autotype using hotkey, keepassxc needs to know the window title. So reading up a few posts online, I wrote my own simple extension (few lines of code) - just reads the url of current tab and puts the endpoint (https://foo.bar.com) as the window title. That helps keepassxc give me the correct/filtered selection to autotype from thus preventing some phishing attacks.

Unlike browser extensions for password managers which modify the DOM so that you can press the password fill symbols and hence totally detectable+fingreprintable by the js running on the page, such "offline" extensions should be totally undetectable by the webpage's webapp - unless webapps can simply query the browser about all extensions it has and find out - which I don't think they can? Maybe they can query for the window title and find out but not sure if they can?

However I've always shied away from installing this to Tor browser thinking there might be some disadv to doing so, but I can't think of any nor can I find much online. It would help me log into accounts created anonymously over Tor since I don't log into them over clear-net.

Would doing this be discouraged and if so why? I'm more interested in the "why" part as applicable to only this scenario I mentioned (ie. an extension self written and does not interfere in anyway with the webapp or its DOM).

randomm

N1b If I use, say, the Proton Pass extension on Brave, does that make my fingerprint more unique and therefore my web activity is easier to track?

defnotanaibot

Don't recommend extensions at all, block at the DNS level. If you use a VPN, many offer a level of built-in ad-blocking nowadays. If you don't use a VPN, consider AdGuard DNS (universal), NextDNS (universal), RethinkDNS (mobile only), etc. Mullvad has a free public DNS with ad blocking as well, can use on all devices. Less recommended though unless you like those CAPTCHA puzzles. You can also self-host with pihole, usually on an old computer or Raspberry Pi. These will supplement the mediocre ad and tracker blocking of Safari. If you have any issues after setting up one of these DNS services on your Mac, try turning off Private Relay (Hide My Email still works, if you use that). You can also try alternatives such as Brave browser which have stronger fingerprinting protections by default.

Always install the standalone app for your password managers, never use the browser based extension.

dawt

defnotanaibot

DNS ad-blocking can't block first party ads like sponsored results on google/amazon, or video ads on youtube.

AcclaimSublevel19

The one other extension I can recommend except uBlock Origin is NoScript which greatly reduces fingerprinting capabilities on sites that can work without JS (useful for e.g. news sites or articles you find in web search on sites you don't trust). These two should fully cover you and anything else will most likely make your fingerprint more unique.

defnotanaibot

dawt Maybe so, I don't use Google or Amazon and use Newpipe for Youtube. :)

monozygote

randomm I just installed proton-pass in a throwaway brave profile (I don't use proton anything) and it's at-least 100% detectable!. Ofc if everyone was using proton-pass browser extension then this datapoint alone would not make you unique, but otherwise, which I believe would be the case here with proton-pass, you would already be way more identifiable.

I also tried keepassxc-browser extension and that's detectable too (and probably makes you even more unique than proton-pass due to "nerdiness" associated with folks using keepass).

You can try that website: https://browserleaks.com/chrome and others like https://amiunique.org/fingerprint so see how unique you are.

Which was the whole point in my post above - if I make a home-grown simple extension which doesn't interfere with DOM at all and only changes the window-title, is there anyway a webapp can know (and thus fingerprint) it? If the answer is a categorical "no", then I don't see the harm in installing that even on Tor browsers and making life a bit easier with 0 (known) downsides.