In this guide we will discuss the issue of browser fingerprinting and how it can de-anonymize you based on a variety of different inputs – even if you are using a good VPN.
What is browser fingerprinting?
Browser fingerprinting is a highly accurate way you can be identified and tracked whenever you go online, even if you’re using a VPN service and other privacy measures.
Luckily there are some easy steps you can take to protect yourself from this risk.
But first let’s cover some basics.
Whenever you go online, your computer or device provides the sites you visit with highly specific information about your operating system, settings, and even the hardware. The use of this information to identify and track you online is known as device or browser fingerprinting.
As browsers are becoming increasingly entwined with the operating system, many unique details and preferences can be exposed through your browser.
How accurate is browser fingerprinting?
Some researchers have found this method of identification to be extremely effective:
Why is this being done?
Browser fingerprinting is just another tool to identify and track people as they browse the web. Corporations can use this method to identify people, which is useful for targeted advertising, and other purposes.
Some websites also use browser fingerprinting to detect potential fraud, such as banks or dating websites (so it’s not all bad).
Government surveillance agencies could use this to identify people who are employing other privacy measures to cloak their IP address and location.
You can test how easy your device is to identify at the website amiunique.org, which has collected over thousands of different device fingerprints for research purposes. The site will render your device fingerprint and assess how “unique” you are based on the following inputs:
- the User agent header
- the Accept header
- the Connection header
- the Encoding header
- the Language header
- the list of plugins
- the platform
- the cookies preferences (allowed or not)
- the Do Not Track preferences (yes, no or not communicated)
- the timezone
- the screen resolution and its color depth
- the use of local storage
- the use of session storage
- a picture rendered with the HTML Canvas element
- a picture rendered with WebGL
- the presence of AdBlock
- the list of fonts
Another browser fingerprinting test is Panopticlick, which is a project run by the Electronic Frontier Foundation (EFF).
When using these test websites, keep in mind that test results should be taken with a grain of salt.
There is an ever-increasing test sample as more people use the sites, and people are constantly updating their browsers to newer versions. Therefore the test might show you as unique amongst a very large sample, but that is in fact misleading. This is because it is comparing you to a sample over time, which includes thousands of outdated browsers and old test results.
In other words, you are probably not as “unique” as these tests suggest…
Additionally, a test that shows you as being “not unique” may also be inaccurate. After all, the test tool is only as good as the sample size and the test inputs it uses.
How to mitigate your browser fingerprint
Before we jump into potential solutions, it’s important to note that implementing browser fingerprinting protection methods may break some websites. Be sure to research these different options carefully before adjusting your browser settings.
Another consideration is your threat model. How much privacy do you need or want? The answer to that question will be different for every user.
Here are some good ways to mitigate your browser fingerprint:
1. Firefox browser (recommended)
As explained in the Firefox privacy guide, Firefox is one of the best browsers for both privacy and security. It offers some great features to protect your privacy and is also very customizable. Here are a few modifications to consider making in about:config:
- privacy.resistFingerprinting = true – This will hide a number of unique settings when you browse websites, such as language preferences, timezones, dates, and more.
- webgl.disabled = true – WebGL is another tricky issue for privacy and security. Disabling this preference is generally a good idea – see some of the issues with WebGL here.
Check out the Firefox privacy guide for more information on modifying these settings, as well as the risks involved.
2. Brave browser
Another good browser with built-in privacy settings is the Brave browser. See this article discussing the Brave browser fingerprinting protection settings.
3. Virtual machines
You can also consider running a virtual machine of a completely different operating system on your computer. This can also be used to “chain” different VPNs together. VirtualBox is a free and easy way to do this – there are many different video tutorials online, depending on your operating system and the VM you are looking to use.
4. Tor Browser
Another option is to use the Tor browser, which is simply a hardened and protected version of Firefox. It includes numerous privacy and security modifications that are built into the default version:
- HTTPS Everywhere
- NoScript
- Anti-tracking features
- Canvas image extraction blocked
- WebGL blocked
- Operating system cloaking (shows as Windows 7 for all users)
- Timezone and language preferences blocked (plus many more…)
The key here is to use the default version – the developers do not recommend adding any plugins or extensions, because this would again make you stand out from all the other Tor browser users.
You can get the latest version of the Tor browser here. To read about the security and privacy features, as well as the latest developments, check out the Tor blog.
The default version of the Tor browser is configured to run with the Tor (anonymous/onion) network. While the Tor network does have added benefits in terms of privacy, it also has a number of disadvantages:
- Your internet speed will be reduced to around 2 Mbps, making streaming videos or music nearly impossible
- Tor is vulnerable to IP leaks, especially when used on Windows
- Tor is not safe to use when torrenting (see the Best VPNs for Torrenting guide, instead)
- Tor was created by the US government and is still funded largely by US government grants
- Some consider Tor to be compromised
While the Tor network has issues, you can still use the Tor browser with a virtual private network (VPN) with the Tor network disabled.
Tor browser with a VPN (Tor network disabled)
Some people like to opt for using the Tor browser with a VPN (Tor network disabled). This gives you the browser fingerprinting protections of the Tor browser, with the speed and anonymity offered through a VPN.
Disclaimer – While this may be good for some users, it comes with the risks of misconfiguring the Tor browser bundle, which could de-anonymize the user. If you still want to modify the Tor browser, proceed with caution, or just use a modified Firefox or Brave browser instead.
Here’s how to download the Tor browser and disable the Tor network (see images):
- Download the Tor browser for your operating system. After downloading, you should be prompted to connect to the Tor network, which you can do to get access to the settings.
- In the Tor browser go to the Menu button (three lines in the top right corner) and then select Options (Windows) or Preferences (Mac OS) – (image).
- Select Advanced > Network > Settings (image)
- Select No proxy > OK (image)
- Type about:config into the URL bar and hit the enter/return key. You will get some kind of warning message (“This might void your warranty!”) – just click continue or “I accept the risk!”.
- In the search box enter network.proxy.socks_remote_dns and then double click to disable; value = false (image)
- To completely disable the Tor network, go to the search box again and enter extensions.torlauncher.start_tor and then double click to disable; value = false (image)
- To ensure these changes don’t revert to the default settings when you close out the browser you need to disable TorLauncher. To do this go to Options > Add-ons > TorLauncher [Disable] and then restart the browser for the changes to be implemented.
You will need to restart the Tor browser for the changes to take effect.
Now, when you open the Tor browser, it will not connect through the Tor network. This will prompt a warning screen (“Something Went Wrong”), which you can just ignore.
Be sure to remember that your Tor browser is not configured to work with the Tor network.
Use a good VPN
Going through all the hassle to protect yourself against browser fingerprinting may be a waste of time if you aren’t using a good VPN that will encrypt your internet connection and conceal your IP address and location.
Check out the best VPN service report to see the latest testing results and recommendations.
For those who are seeking a higher level of online anonymity, you can also use a multi-hop VPN, which will encrypt your traffic across more than one server (multiple hops) before exiting onto the regular internet. Both Perfect Privacy and ZorroVPN offer self-configurable multi-hop VPN configurations.
Perfect Privacy also offers a NeuroRouting feature, which is very similar to the Tor network. It dynamically routes all traffic across multiple hops in the VPN server network, while using different exit servers corresponding to the physical server location of the website you are visiting. This can give you numerous IP addresses at the same time – further explained here.
Conclusion on browser fingerprinting
While browser fingerprinting may seem like a daunting issue to some, mitigating your browser fingerprint is relatively easy.
My general recommendation is to use the Firefox browser for privacy, which gives you lots of control over the settings and privacy features. A secure and modified version of Firefox, along with a good VPN service, will go a long way to protecting your privacy online.
Another issue to consider, which was not mentioned in this guide, is using a good ad blocker. Ads today basically function as tracking – they record your browsing habits so you can be hit with targeted advertisements. A good add-on is uBlock Origin, but there are other recommendations in the privacy tools guide.
Stay safe!
Sven…
A confused newbie question from this new user.
Re: Browser fingerprinting solution (Tor + VPN)
I d/l’ed Tor, following your instructions, I disabled the Tor network and get the ‘Something Went Wrong’ message whenever I load Tor. After loading Tor, I then load my NordVPN.
Problem… I cannot connect to the ‘dark side’ discussion groups or any Internet https sites??
Tor indicates “Firefox is configured to use a proxy server that is refusing connections”, yet my Firefox is setup to _not_ use a proxy.
How can this be corrected and what should I do?
Lastly…how can I send a donation…I don’t have any Bitcoins (yet),
but can use Paypal or my Thailand debit card?
Your site is the most informative one I’ve found, but maybe I just don’t have
enough computer knowledge to use some of it 😉
Thanks for any help you may provide to this frustrated user!
Hello, sorry for the delayed reply. I’m currently revising this guide. In your case I would recommend leaving the Tor browser bundle as is, and then using a modified version of Firefox (see this guide) for everything that you don’t need the Tor browser for.
Regarding donations, I’m currently looking into PayPal and other options, I should have that up soon.
Hi Sven, i’ve tried disabling the tor network – but then all i get is your connection is not secure. The solution to this seems to not tick the “no proxy” box? where am i going wrong?
Not sure to be honest. I am now using a modified version of Firefox along with Random User Agent, which cycles through different user agents.
Hey Sven,
How about you provide us with an in-depth Android guide? Mobile phones being insecure, there is a lot to consider – I’d like to hear your opinion. The lack of a Tor browser for Android make life soo difficult. I suppose one could use Orbot, except there is no way to use Orbot together with a VPN. That being said, I’d very much like to see your recommendation for a secure Mozilla’s setup for daily browsing.
I have opted to keep the fingerprint resist disabled (as it is by default) and installed Canvas fingerprint defender instead. Manually changed my language zone, installed an extension to change my time zone – in addition to the “industry standard” combo of decentraleyes, random ua, cookie auto delete, and audio context fingerprint defender. I just wish Firefox let me use containers on Android.
That being said, it is ridiculous how much effort one needs to put into their browser setup – a browser touted for taking privacy and security seriously. Ridiculous. Somebody, or something, needs to replace this ridiculous peace of garbage people have chosen to trust and rely on. The trust is unjustified; Mozilla is straying away from its initial promises.
Hey John, great suggestion. Yes, the whole browser fingerprinting issue is frustrating, completely agree.
You might want to check out Firefox Focus for Android – see here.
Hello Sven.
Greate article, and I like that you included the VPN.ac link on Firefox Tweaks at least in the comments =)
Came here from your article about Firefox privacy.
I think this is a little outdated, and regarding the browser fingerprinting itself, I found that tweaked Firefox provides better solution for that than Tor Browser. That being said, scientifically, there is nothing much that can be done against browser fingerprinting itself. Speaking of the browser add-ons, most browser fingerprinting test sites cannot track those. For example I’ve made a Firefox add-on configuration to include uBlock Origin with advanced user turned on, globally blocking 3rd party scripts and frames, HTTPS Everywhere and Privacy Badger, and those haven’t been detected.
Cheers.
PS: Thanks for actively supporting the blog up to date, though uBlock usually blocks around 32 requests on it =P
Hi Josh, great feedback, thanks. I’ll be doing some comparison tests between modified Firefox, the Tor browser, and also Brave in the coming weeks and will update this guide with the results and new information I’ve come across regarding fingerprinting.
Are my bookmarks and favorites a part of fingerprint ?
In general I think the answer is no, but it may depend on the browser you are using and fingerprinting technique. Also see this regarding the Tor browser and bookmarks.
I stay at Airbnb properties sometimes when I travel with wifi provided. This is the homeowner’s wifi. Is it possible to secure my laptop and files on wifi where the owner has the admin rights and the trust level is unknown? VPN secures my connection to the internet, but I’m looking at the first link – the connection to the private wifi. Any help is greatly appreciated.
Yes, this is the key problem with any WiFi that you do not control – whether it’s at an AirBNB, cafe, hotel, or airport. The best solution here is a VPN, which will establish an encrypted tunnel between your computer and the VPN server. This makes all your data and online activities completely unreadable. Without a VPN, the person controlling the network, or someone on the same network, could snoop on your activities, hack your accounts (man in the middle attack), or just easily record every website you visit by storing the DNS requests which are handled in clear text without encryption (when you aren’t using a VPN). So long story short, use a good VPN whenever you need to connect to an untrusted network.
Hello Sven,
Having problem with Tor now. I followed your instructions as of above and everything seemed ok.However something happened and now get message “Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item.” I think I somehow deleted it so I tried to reinstall and then do instructions above. Since you mentioned that Tor is just another version of foxfire, I thinking since I am using Foxfire, that could be part of my problem getting it to work with Express VPN??? I have it installed already (That is the Foxfire browser before I tried to use TOR.) Anyway I am now have trouble getting Tor to show up or work! Any suggestions.
Hi Steve, no I don’t think Firefox and the Tor browser are conflicting with each other, but it sounds like an issue with the Tor browser installation. My only suggestion would be a complete uninstall and then try installing it again. But as a backup, there are some tweaks and modifications you can do to standard Firefox that will really help with privacy. VPN.ac put this guide together which is pretty good.
Thank you Sven for the advice. I will definitely look at that guide. This is great information to have in this age of “big brother watching over us.”When I was in Air Force, the command I worked for was part of the military that worked with NSA. LOL It was quite different back then I believe. How times have changed.
Hello, first a big thank you for your articles. It helped me alot.
I was wondering if you would recommend using Tor for Android devices. The Orbot Proxy app has been developed by the same team.
Hi Martigar, I have not tested that out – not sure how well Tor would do on mobile devices.
What about Waterfox browser as an alternative to Tor?
Hi Joey, I’m not sure about Waterfox to be honest. I stick with the Tor browser as my go-to browser of choice when I want more privacy.
Thanks Sven. Tor browser is designed and built to use the Tor network. I know you adjust the settings with yours to prevent accessing the Tor network, but isn’t that a waste of time when all you need is a browser? What makes it better in your view than using, for example, regular old Firefox?
I want two levels of security, one for general day to day stuff (i like not to be tracked whatever i am doing, purely to obtain privacy) but another higher level if I am accessing sites or saying things I fear might get me watched etc, none of it illegal, but much of it “of interest” to the powers that be. For that higher level I am tempted to try the Tor browser route, just wondering how it is more private/secure than FF or Opera etc?
Hi Joey, to see exactly how the Tor browser benefits you, I’d recommend running two browser fingerprinting tests (and here’s another one):
First, run the test with a VPN using regular, plain Vanilla Firefox, and notice all the information about your system that can be identified and used to track you.
Then, run the same test using a VPN and the Tor browser.
You’ll notice a big difference.
Once you setup the Tor browser settings, you’ll be good to go. Just open it up and use it like any other browser. When you close it, it will automatically delete all cookies, history, etc. It is great if you want a higher level of privacy, like you mentioned, but it may be overkill for everyday use with all sites.
Thanks Sven, yes I had already been scaring my pants off by looking at those fingerprint checkers you mentioned! I am CRAZY unique, using very old OS, old version of browser, and some weird and rare (0.01%) extensions, so I am basically identifiable down to one person on the planet. I get the point about not wanting a browser footprint etc, just wasn’t sure if you could achieve the same thing without Tor browser. If I am honest, I trust nobody, and I get the feeling downloads of Tor browser alone could be enough to get you tracked or noticed, whereas downloading FF and adjusting settings yourself could be a more discrete way of doing the same thing? I am asking, not telling, I really don’t know, but I wondered what your thoughts were on this in principle.
P.S. I was tempted to install Tails OS, but again, just downloading that surely has to flag somewhere, so will stick with hiding “in plain sight” in some ways, but doing as you say otherwise with the most common tools available.
Hi Joey, we’re probably all on some list somewhere 🙂 I’m not going to sweat it. There are many people using the Tor browser (with and without the Tor network), so I think this is a good option. If you want to go the Firefox route with adjustments/tweaks, VPN.ac created a guide for that, although it may be a bit outdated since it was published back in 2015.
I tried TOR browser with Perfect Privacy as you suggested, and the browser would not work even on the public library site. Even on the Perfect Privacy site results were not rendered for the CHECKS because JavaScript is needed.
The Tor browser can be a bit tricky, but if you set it up following the steps above, everything should work correctly. I just checked the Perfect Privacy IP leak test – worked fine (screen shot). Then I checked some random public library in the UK – working fine (screen shot).
The problem after disabling Tor Network is that Tor browser’s screen size will no longer remain its standard size 1000×600. The screen size after disabling Tor Network will be dependent on your PC/Laptop screen size. Mine is 1000×500 after disabling Tor network.
So the question is: how to automatically resize your changed screen size to Tor standard screen size of 1000×600 ?
Is there any way to do that without having to install additional Add-on which will only make your Tor Browser unique ?
Hi Hans, when I open the Tor browser, it opens to the default (standard) size. In other words, if you don’t maximize or modify the screen size, you shouldn’t have any issues. I just tested this on Mac OS (Sierra) and Windows (Windows 10).
Hi Taylor,
I see you replied to ‘Kevin’ above that a good solution for keeping away from government or google listen is to use a VPN on a router.
What do you mean by that ?
Saying router, did you mean a Wifi router? and does the router have to be a special-designed one to use in conjunction with a VPN?
Does using a VPN on a router need any extra configuration ?
Is there any previous article written about how to use a VPN on a router?
I have a Wifi router which is provided when my Internet Service Provider’s staffs came to install my Wifi for me and I have used it for 2 months now. Are purchasing a VPN service and connecting to its network all what I have to do next ?
Hi Hans, check out the VPN Routers guide for more info. 🙂
Hi, Sven
I’m happy to meet someone cares privacy and didn’t know scary from google, yahoo or microsoft selling my data. I wish knew about this when I was younger. 28 M California
What should the first step for keep away from government or google listen or sell my data. Can you send me link so I can protect my family.
Hi Kevin, one good solution is to use a VPN on a router. This will protect your entire network and all family members that connect to it. See this guide.
I appreciate it so 2nd, 3rd step or etc what else do I need to do like new email or internet browsers I want to be a ninja lol jk everything to be away from government/3rd party.
Hi Kevin, check out the Privacy Tools article or the Online Privacy guide, which includes a checklist.
I own a router already netgear 1900 nighthawk
Hi Kevin, that is a good router to use with a VPN.
So I check review for flashrouters have some pros and cons review on their website. This person location where he shipping from looks like his parents home. Should I be suspicious or what should trust them.
Hi Kevin, there are indeed mixed reviews regarding Flashrouters’ support. However, it is a well-established business that has been around a while – not a random dude in a basement 🙂 They also have a 30 day money-back guarantee if you aren’t happy with the product/service.
My netgear R7000 be good for gaming when I install vpn?
Hi Kevin, the Netgear R7000 has a 1 Ghz CPU, which is on the higher end for performance. Nonetheless, you will usually experience a performance drop when using a VPN on a router when compared to using a VPN on your computer. Therefore, a VPN on a router will generally be more suited for privacy/security than performance and gaming. But give it a shot and see what works best.
Again sorry to ask you alot of questions I’m just want to have privacy. I don’t used vpn or using google browsers. Is my info is expose already or if still have time to protect myself and my family.
I wouldn’t stress too much Kevin. Because you are here researching VPNs, you are already ahead of most people. Better late than never with online privacy 🙂
Unfortunately Tor Browser is very-very uncomfortable for daily work. He has a small window that they forbade to enlarge. There is no normal work with bookmarks, cookies are not saved.
What do you think about Firefox Portable?
Yes, you are correct – Tor Browser may not be the best option for daily work. However it’s a great alternative whenever you want more privacy. Additionally, you can enlarge the window (although they recommend not to) and you can definitely use bookmarks. Firefox Portable looks interesting.
Standard Firefox with some basic privacy add-ons and tweaks may be your best bet for daily work.
Hi Sven, congratulation for this amazing site! I’ve been trying to do what is written here but I found this problem: “no proxy” ok, about:config steps (5-7) ok, but when i put an address, like ex. https://www.iplocation.net/ , i get this message: “Your connection is not secure – The owner of http://www.iplocation.net has configured their website improperly. To protect your information from being stolen, Tor Browser has not connected to this website. ” I should add an excepiton for ANY website?? Thanks a lot
Hi Mauri, I just checked and your links load fine in my Tor browser.
See this Firefox thread, for potential causes and solutions.
Hi Sven. Thank you for your blog.
I tried your settings with last version of the Tor Browser, its work but they are not saved when the browser is closed. I found in the internet a recommendation to disable TorLauncher and TorButton extensions. Is it right?
In this case we can disable Tor in a simpler way (without about:config settings):
1. Go to Menu > Options > Advanced > Network > Settings
2. Uncheck “Proxy DNS when using SOCKS v5”
3. Select “No proxy”
4. Press OK
5. Go to Menu > Add-ons
6. Disable TorLauncher
7. Disable TorButton (I think this is not necessary actually)
8. Click “Restart now”
Is it right?
Hi Avi, thanks for bringing this up, I’ve been too busy to investigate it. You are correct – just disabling the TorLauncher add-on solves the problem. Now all settings are saved when you close out and re-open Tor.
Hi.
I don’t understand the need to disable the Tor network. Don’t you mind to elaborate?
Thanks
J.
Hi Jack, you don’t need to disable the Tor network, but with the disadvantages of Tor – namely slow speeds, leaks, and malicious Tor nodes – you may want to do that.
Hello sven this site is great! , congratulations! , I have a question, I disable the tor network but now when I open tor says: “The proxy server is refusing connections, Firefox is configured to use a proxy server that is refusing connections.
Check the proxy settings to make sure they are correct.
Contact your network administrator to make sure the proxy server is working.
What should I do? Thank you.
Hi Jack, thanks. You may need to just agree or click through some popups during the initial setup, because it is trying to use the Tor network. But you shouldn’t get this alert after you select “No proxy” under Preferences > Advanced > Network > Settings > “No proxy” > OK. Then to use the Tor browser without the Tor network, follow the About:Config steps in the article (5-7).