Mullvad adopts the TOR browser's strategy of trying to get everyone who uses it to leave the same browser fingerprint. The philosophy behind this could be labelled "Hiding in the Herd" to avoid standing out from the crowd. If TOR or Mullvad were as widely adopted as the Big 3 (Chrome, Edge, Safari) this might just work as intended. However, results from the Electronic Freedom Foundation's browser fingerprint test site "Cover Your Tracks" suggests that current tracking technology s up to the task of tagging a particular Mullvad/TOR browser on a specific device as unique and therefore trackable across the Internet. The results are superior to Firefox running the Chameleon extension (described in an earlier Apple Dispatch), but still inadequate to the task.
The only browser that evaded being tagged as unique, effectively making it untraceable, was the Brave browser. The Cover Your Tracks testing site consistently ranks Brave as "randomised". By making small changes to what it reports to websites, Brave renders it very difficult or perhaps impossible to track the browser between websites. Even returning to a previously visited website after only a brief interval does not offer enough consistent data to construct a locally persistent fingerprint.
Based on these results, I've opted to use Brave with a reliable paid non-USA based VPN service as my primary Internet interface. When a website fails to function properly or at all using Brave, and I decide the website does not present a serious risk to my device's functioning, I fall back to Mullvad using the same paid VPN service. Given Mullvad VPN's long-standing no-contract price of USD $5/mo, I leave myself the option to use it if any concerns arise about my main VPN service.
The biggest problem I see with the Mullvad/Tor browser approach is that the user experience is terrible for general browsing since you can't customize anything.
I've run Cover Your Tracks before and just ran it again within two new sessions and find that most if not all of the relevant fingerprinting factors the EFF lists are ephemeral as they are changed by the Chameleon extension. So, I'm not convinced that these results indicate any persistent ability to fingerprint the Firefox/Chameleon/VPN setup. As I've noted previously, this setup is able to consistently defeat the large data mining company fingerprint.com.
I am intrigued by your results with the Brave browser passing the EFF test and considered to be randomized. I am quite comfortable with Firefox and appreciate its compatibility and the various extensions and capabilities that it affords, but have heard good things about Brave. I may do some experimenting with it in the future. There is an interesting site that compares web browser privacy here: https://privacytests.org/
Are you able to defeat fingerprint.com from uniquely identifying you on Brave across visits? Also, why do you prefer a different VPN to Mullvad for your use case?
Mullvad adopts the TOR browser's strategy of trying to get everyone who uses it to leave the same browser fingerprint. The philosophy behind this could be labelled "Hiding in the Herd" to avoid standing out from the crowd. If TOR or Mullvad were as widely adopted as the Big 3 (Chrome, Edge, Safari) this might just work as intended. However, results from the Electronic Freedom Foundation's browser fingerprint test site "Cover Your Tracks" suggests that current tracking technology s up to the task of tagging a particular Mullvad/TOR browser on a specific device as unique and therefore trackable across the Internet. The results are superior to Firefox running the Chameleon extension (described in an earlier Apple Dispatch), but still inadequate to the task.
The only browser that evaded being tagged as unique, effectively making it untraceable, was the Brave browser. The Cover Your Tracks testing site consistently ranks Brave as "randomised". By making small changes to what it reports to websites, Brave renders it very difficult or perhaps impossible to track the browser between websites. Even returning to a previously visited website after only a brief interval does not offer enough consistent data to construct a locally persistent fingerprint.
Based on these results, I've opted to use Brave with a reliable paid non-USA based VPN service as my primary Internet interface. When a website fails to function properly or at all using Brave, and I decide the website does not present a serious risk to my device's functioning, I fall back to Mullvad using the same paid VPN service. Given Mullvad VPN's long-standing no-contract price of USD $5/mo, I leave myself the option to use it if any concerns arise about my main VPN service.
What do you think about all this, Apple Dispatch?
Kirk,
I appreciate your thoughtful comment.
The biggest problem I see with the Mullvad/Tor browser approach is that the user experience is terrible for general browsing since you can't customize anything.
I've run Cover Your Tracks before and just ran it again within two new sessions and find that most if not all of the relevant fingerprinting factors the EFF lists are ephemeral as they are changed by the Chameleon extension. So, I'm not convinced that these results indicate any persistent ability to fingerprint the Firefox/Chameleon/VPN setup. As I've noted previously, this setup is able to consistently defeat the large data mining company fingerprint.com.
I am intrigued by your results with the Brave browser passing the EFF test and considered to be randomized. I am quite comfortable with Firefox and appreciate its compatibility and the various extensions and capabilities that it affords, but have heard good things about Brave. I may do some experimenting with it in the future. There is an interesting site that compares web browser privacy here: https://privacytests.org/
Are you able to defeat fingerprint.com from uniquely identifying you on Brave across visits? Also, why do you prefer a different VPN to Mullvad for your use case?