Since my relationship with the Internet began, around 2014, I had always used Firefox as default browser. I had always used it with the basic configuration that It comes by default, however, at the beginning of 2020 I began to be interested in privacy issues, security online and free software,1 which induced a change in the configuration of the broweser to the settings recommended by Privacy Tools in the beginning, and then the recommended by Privacy Guides (due to the problems in Privacy Tools around 2021).

Due to my —sometimes— extremist nature, I even tried the configuration provided by the Arkenfox project and block first party scripts globally with uBlock Origin. These, of course, did not last long as they considerably damaged the browsing experience on most pages.

Always to check how well I was defending myself against the Big Brother ;-), I used the Cover your tracks provided by the Electronic Frontier Foundation to see how trackers saw my browser and how they could identify me and my browsing habits. However, with Firefox, there was no way —at least functional— to get a random fingerprint. Blocking advertising and most trackers is achieved activating the option Enhanced Tracking Protection from Firefox itself, and with uBlock Origin. But fingerprint, impossible.

At a certain point, and I think on Techlore, I heard about this “new” browser that seemed to solve all the problems and bad decisions Firefox had been accumulating over the last few years, even with default settings. With a little suspicion, and regret to be reducing the user community of Chromium’s only direct competitor, I moved towards Brave, which does protect against fingerprinting in the Cover your tracks test. Still, I have Firefox for when there’s something which doesn’t work in Brave.

Coincidentally today, reviewing the current campaign of the FSF I came across a link that it said “Move away from nonfree JavaScript with JShelter”, which took me to JShelter’s project page. JShelter2 is an extension that can be installed to browsers and it’s responsible for “mitigating potential threats from the use of nonfree JavaScript, including fingerprinting, tracking, and data collection”. The fact is that, being free software, I decided to add the extension to Firefox, and when trying Cover your tracks, to my surprise, it had a random fingerprint.

Does this mean that I can now switch to Firefox? Well, the truth is that I don’t think so. I’ve been on Brave for a long time now and I haven’t really found anything negative (only that problem with Zotero Connector). On the other hand, Mozilla has made certain decisions in the last years that have generated mistrust —at least— among users. Examples of this are the download token that is assigned to each download and by which each person can then be identified —as far as I understand—, and the VPN that is really using Mullvad’s servers —as far as I understand—.

In case your fingerprint is still unique

This post was originally written in January 2023. I stated in the previous paragraph that I would not move to Firefox just because of this random fingerprint new “feature”, and I didn’t… until now. It happened that Brave did not saved correctly the configuration of the sites I wanted it to remember cookies and keep me signed in. The most it did was to ask me for the sites where I would not want to save this data, and that is not practical… I want all the data removed after I close the browser from all sites, except some specific ones.

That had been bugging be for a while, and recently I installed once more Firefox to check if that specific feature was present… and it was. Firefox allows me to delete all data at exist, but that of some specific sites. Just what I wanted, and now with fingerprint blocked. So I went ahead and installed Firefox.

Everything was nice and smooth until today, when I found that it had not a random fingerprint, but an unique one, after randomly running the EFF test. What!? I though it could be because of the addons I installed (the minimum necessary), but even in private windows the fingerprint was unique. Damn!

I even installed Brave again, and when setting it up, it came to my mind that I had made some restrictions to some sites in uBlock Origin. So I went to its options and restart the configuration to defaults (uBlock one, not Firefox)… bum! Now I have a random fingerprint again. It seems that blocking certain sites in uBlock Origin still reveals your identity, i.e., makes your browser have a unique fingerprint.

So now we know: don’t mess uBlock Origin in case you don’t want to have this kind of issues.

Furthermore, I blocked the access of all addons to the Private Windows and ran the same test. It sowed that my browser hadn’t a fully randomized fingerprint, but it was somehow similar to certain amount of other devices. I let uBlock and JShelter run on Private Windows, and the issue was solved.

By the way, in the pasts months has come out the Mullvad Browser, which is much like Tor, but without the Tor network and the significant connection speed reduction that brings on. In my use case I employ it to open those sites I don’t trust but still need some amount of speed, like streaming, downloading, etc.

Notes

  1. You can see What is free software? to find out why is this topic so important. ↩︎

  2. JShelter actually took parts of the code from various projects, including the Brave part which is responsible for randomizing the fingerprint. I don’t know if this makes it unnecessary in Brave. In fact, its functionality is not to randomize fingerprint, but to handle JS in general, so I suppose it would be useful als in Brave. ↩︎

⋇ ⋇ ⋇ ⋇ ⋇

Thanks for reading the post! Do not hesitate to write me an email and share your point of view or ask any question (this way we both improve): contact@poview.org