this post was submitted on 20 Nov 2025
398 points (98.1% liked)

Technology

76949 readers
3495 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
398
Browser Fingerprinting And Why VPNs Won’t Make You Anonymous (hackaday.com)
submitted 2 days ago by tonytins@pawb.social to c/technology@lemmy.world
102 comments fedilink hide all child comments
 

Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quite far from the truth, as interacting with internet services like websites leaves a significant fingerprint. In a study by [RTINGS.com] this browser fingerprinting was investigated in detail, showing just how easy it is to uniquely identify a visitor across the 83 laptops used in the study.

As summarized in the related video (also embedded below), the start of the study involved the Am I Unique? website which provides you with an overview of your browser fingerprint. With over 4.5 million fingerprints in their database as of writing, even using Edge on Windows 10 marks you as unique, which is telling.

you are viewing a single comment's thread
view the rest of the comments
[–] GreenShimada@lemmy.world 44 points 1 day ago (3 children)

It's always kind of funny when the Technology folks wade into well-researched and well-worn Privacy territory.

Do you want to not wave a giant flag of your activity to Google, Meta, MS, and your ISP when you do literally anything online? Either use a VPN and Mullvad (or Librewolf, but YMMV) browser, OR a VPN and Tor OR Tor with an https bridge if paying for a VPN will make you a target (Tor bridges are not for casuals, save them for those in genuine need).

VPN locations need to be changed. Frequently. Router level VPN at home becomes your "This is me" location, then make use of VPNs on each device when you want an extra layer of obfuscation.

There's not a lot of middle ground at this point, and it's not difficult.

[–] Blackfeathr@lemmy.world 10 points 1 day ago* (last edited 1 day ago) (4 children)

Does that mean my ISP can still detect if I'm going to websites they don't approve of if I'm using Mullvad as my VPN but using Firefox as my browser?

[–] GreenShimada@lemmy.world 3 points 19 hours ago (1 children)

Not your ISP. Google likely is the one following that. If you have uBlock Origin installed, click on the badge on any site and you'll see which trackers there are. For Lemmy, it's just going to list other lemmy instances. When you're on that forbidden site, see if they have any Google analytics trackers - those are what will fingerprint you.

Then go to amiunique.org or hidemytracks.eff.org and see what information you're giving up. Vanilla FF gives up fonts, sound card info, and graphics info, which are enough to pin you to specific hardware. If your machine isn't extremely common, then Google knows it's you.

Why not download the Mullvad browser? It's free, and you're paying for its development if you're paying for the VPN.

[–] Blackfeathr@lemmy.world 1 points 18 hours ago

I'll give that a try, thank you!

[–] A_Random_Idiot@lemmy.world 20 points 1 day ago* (last edited 1 day ago) (2 children)

No, with a VPN the only thing your ISP sees is you connecting to a VPN server IP.

But browser finger printing, on the other hand, can identify you to every website you visit, due to info your browser hands over to every website... Such as OS version, Resolution, installed Plugins, browser settings, geolocation info, etc..which is often unique enough to identify you out of the whole of the internet.

Ironically, locking your browser down with more security features/settings/plugins often makes you more identifiable. Cause capitalism is god damned sure they are gonna track you and monetize the hell out of your information, whether its via your name, your user name, or just your digital fingerprint.

https://coveryourtracks.eff.org/

[–] LucidNightmare@lemmy.dbzer0.com 2 points 1 day ago

I'm always a little shocked at what my browsing habits prevent from these types of things. Thanks for sharing! I feel a little better about my browsing usage!

[–] Blackfeathr@lemmy.world 3 points 1 day ago

Jesus, this is scary stuff. Thanks for the link, gonna try my other browsers and devices when I get home.

[–] WolfLink@sh.itjust.works 16 points 1 day ago (1 children)

Your ISP can’t tell who you are contacting if you are using a VPN, but websites will track you by other means.

[–] Blackfeathr@lemmy.world 4 points 1 day ago (1 children)

Ok, cool. It was mainly my ISP I was worried about.

Would be useful for me to find a browser that obfuscated fingerprinting efforts too though.

[–] limerod@reddthat.com 4 points 1 day ago

If you use addons like Ublock-origin. You can reduce the fingerprinting. You can also disable 3rd party iframes, disable Javascript which can further reduce the data being sent to websites.

[–] artyom@piefed.social 8 points 1 day ago (1 children)

Router level VPN at home becomes your "This is me" location

You and a thousand other people.

[–] magguzu@lemmy.pt 15 points 1 day ago (1 children)

Yeah, but fingerprinting is effective by cross referencing.

There are 1,000 people with the IP 1.2.3.4

There are 500 people with the IP 1.2.3.4 using Firefox

There are 25 people with the IP 1.2.3.4 using Firefox with a 1440p screen

There are 2 people with the IP 1.2.3.4 using Firefox with the dark reader extension with a 1440p screen at 75Hz

etc.

So rotating the IP can screw with that.

[–] ArcaneSlime@lemmy.dbzer0.com 3 points 1 day ago (1 children)

Can they still not tell the screen's size if you never fullsize your window? I 'member that advice from back in the day using Tor.

[–] dditty@lemmy.dbzer0.com 2 points 16 hours ago

I believe so. Librewolf uses letterboxing for websites by default to mimic a larger set of device resolutions to resist fingerprinting, for example, and the window opens non-maximized every time

https://librewolf.net/docs/settings/

[–] filister@lemmy.world 2 points 1 day ago (1 children)

You also need to change the devices browsers, extensions and timezones to stay anonymous or buy a device and set the most common fingerprint settings, so it is harder for those companies to track you down. It is a slippery slope, and you can check your browser fingerprint and avoid adding unique settings, extensions or anything that can help them to track you.

[–] GreenShimada@lemmy.world 2 points 19 hours ago

Most fingerprint resistant browsers set the time zone to UTC. Extensions should be limited to uBO as the extensions add to the fingerprint more than they hide you.