Every time you log in, a website asks for information from your browser. What kind of information is this? Some of this information is needed in order to display the site properly, for example the information about the language of your device will automatically help you to choose the appropriate localization, the information about the type (computer, cell phone) will open a better mobile site if you are using a smart phone, and so on. But the information collected does not always work for your convenience: it can also be used to collect statistics and to sell to third parties, such as advertising agencies, online stores, etc. That’s how contextual advertising comes about. And the more information they collect about you, the more unique an internet user you become. Whether it’s bad to be a unique user is a topic for a separate article. Today, let’s look at ways to reduce your uniqueness.
Information to collect and how to collect it
The list of information to be collected is large and extensive. Let’s highlight the main blocks:
- User-Agent line (operating system, device type, browser, other programs);
- information about browsers (versions, installed plug-ins and extensions, settings, languages);
- geolocation (time, country, city);
- network settings (IP-address, use of VPN, type of connection);
- Technical characteristics of the device (screen size, type, processor, number of cores, memory).
A set of such information is called a digital browser fingerprint.
Checking current state of privacy
To assess the current state of privacy (the presence of a unique fingerprint) it is sufficient to open your browser settings and see how much is allowed, but you can go the other way. There are special sites that collect information and show it to you. Here are some of them: deviceinfo.me, which we referred to above, ipper.ru, ipleak.com, coveryourtracks.eff.org. We will use the latter to determine if we have a unique browser fingerprint.
Figure 1. Example of the deviceinfo.me interface
Figure 2: Displaying the uniqueness of the browser fingerprint before setting
The arrows mark the points to which you should pay attention. Let’s look at them in more detail. The first and second items show whether trackers are blocked by your browser (in this case, they are not). The third item displays the presence of a unique fingerprint, in our case it is. Item 4 – statistics; now the fingerprint is unique among the more than 200,000 browsers tested.
Browser privacy settings
Let’s take a look at what privacy settings the most popular browsers on Windows provide: Google Chrome, Mozilla Firefox, Microsoft Edge, and Safari for Apple device owners. Let’s stipulate that everyone should customize their browser to suit themselves; that said, don’t forget that “total anonymity” is also a differentiator and can draw even more attention to you. The following will look at settings that increase privacy, but don’t make using your browser critically inconvenient.
Chrome has an “incognito” mode that protects your privacy only from other users of the device from which you’re accessing the internet. You can turn on this mode in the upper right corner of the screen (click on the “Google Chrome Settings and Controls” icon → “New incognito window”) or by pressing the key combination “Ctrl+Shift+N”. In general, enabling the incognito mode is faster than clearing your browsing history and cookies after visiting Internet resources, but in terms of privacy this mode is useless, the browser transmits exactly the same amount of information as without it. The situation is similar for other browsers in similar modes.
Let’s try making Chrome more private. Go to the browser settings, open the “Synchronization of Google services” tab, and disable all the features presented there. In the next tab, Autocomplete, we do the same thing. But we configure the “Cookies and other site data” tab in the “Privacy and security” section as shown below.
Then in the “Site Settings” tab we disable everything).
And at the end, open the tab “Advanced” → “System” and disable the first two options. Check the privacy settings and get the results shown in the figure below.
Figure 5: Displaying the uniqueness of the browser fingerprint after configuration
Now our browser blocks the tracking, although some information is still available such as our IP address and the browser used. We should check the usability though.
Figure 6. Google Maps after privacy setting
Figure 7. YouTube with privacy settings
As we see, from this sample of sites, only ours works correctly.
Microsoft Edge is developed on the same platform as Google Chrome, so in terms of privacy settings and their effectiveness Edge is similar to it. Below are the settings for Edge. Privacy, Search and Services tab:
- anti-tracking protection – strict;
- delete web browsing data when closed – all options enabled;
- send “Do not track” requests – enable;
- allow sites to check if there are any saved payment methods – turn it off;
- use web service to fix navigation errors – turn it off;
- suggest similar sites if you can’t find a website – turn it off;
- show search recommendations and sites using the characters I entered – turn off;
- show suggestions from logs, favorites, and other data on this device based on the characters I entered – turn it off.
Cookies and site permissions tab:
- block third-party cookies – on;
- startup acceleration – off;
- keep background apps running when Microsoft Edge is closed – off;
- Use hardware acceleration if available – turn it off.
Go to “Settings” → “Privacy and Protection”:
- Choose strict anti-tracking mode;
- Send “Do not track” signal to websites – “Always”;
- “Delete cookies and website data when Firefox is closed” – enable;
- disable all options in the “Logins and passwords” group;
- Turn on the “HTTPS only” mode in all windows.
Figure 11. Browser data display before privacy setting
Figure 12. Browser data display after setting
We need to enable (value “true”):
- privacy.resistFingerprinting – this setting replaces the time, the Mozilla version and operating system used, screen size, etc., more about that here;
- privacy.firstparty.isolate and privacy.firstparty.isolate.restrict_opener_access – these settings prohibit Internet resources from seeing other sites’ cookies. In this case there may be problems with authorization, to fix them you will need to disable the second parameter.
Disable (value “false”):
- healthreport.uploadEnabled, policy.dataSubmissionEnabled – data collection for statistics;
- peerconnection.enabled – this parameter allows you to organize audio and video communication in the browser without using extensions, but discloses the user’s IP address;
- search.suggest.enabled – geolocation;
- trackingprotection.enabled – tracking by sites.
The “privacy.resistFingerprinting” parameter is the main setting in the above settings. It substitutes information about you with more common information.
The results are shown below.
Figure 13: Operating system and browser version used before the setting
Figure 14: Operating system and browser version used after tuning
Figure 15. Browser fingerprint value before customization
Figure 16. Browser fingerprint value after customization
First of all, you can try the “private window” mode. To do this, select File → New Private Window. When you use private access, the following happens:
- each tab is isolated from the others, so websites you view in one tab can’t track your actions in other sessions;
- The web pages you visit and autocomplete data are not saved; the pages you open are not synced with iCloud and not opened on other devices;
- Your most recent searches are not included in the results list when you use the smart search box;
- The items you download are not included in the download list (the items nevertheless remain on your computer);
- If you use Handoff, privacy windows are not sent to your iPhone, iPad, iPod touch, or other Mac computers;
- Changes to cookies or other web site data are not saved.
It is also advisable in Safari → “Settings” → “Privacy” to enable “Interfere with cross-tracking” and “Block all cookies” settings (may affect the performance of web resources). By clicking on “Manage website data” you can look at the information collected by websites and delete it.
In Safari, you can make a privacy report listing known trackers that have been blocked from tracking your activities. To do this, select “Safari” → “Privacy Report”.
Figure 17. Result of uBlock
This way you can track down who is collecting information about you and prohibit them from doing so.
But if you block everything, you may disrupt the functionality of an Internet resource. Let’s return to tests. We will check it on Firefox with all the recommendations above and with uBlock and NoScript turned on.
Picture 18. Display of uniqueness of the browser fingerprint after adjustment
Figure 19. Example of information being gathered
Other ways to increase privacy
There are special browsers aimed at providing anonymity on the Internet. The most popular of them is Tor. Within the scope of this article, we will not consider their effectiveness and their settings.
The Domain Name System (DNS) translates readable URLs into IP addresses (e.g. “22.214.171.124”). When a user enters a domain name into a web browser, the latter sends a request to a DNS server, which in turn returns an IP address to connect to. DNS queries and responses are sent over the network as plain text in unencrypted form. Currently there are two protocols for encrypting DNS:
- DNS over HTTPS (DoH);
- DNS over TLS (DoT).
Modern browsers have DoH capability built into them, but it is disabled by default.
DoH sends a DNS request in an encrypted HTTPS connection. However, DoH only works on sites that can support this protocol.
To enable DoH in Firefox, go to network settings and click on “Enable DNS over HTTPS. For browsers on Chromium you need to enter in the address bar: Browser_name://flags/#dns-over-https (instead of “browser name” you have to type “chrome”, “edge”, etc.).
- There are also differences in how it works. The DoH in Chrome works according to the following algorithm:
- The user enters the URL of the site in the browser;
- Chrome gets the data from the OS DNS server;
- Browser checks if the server you’re looking for is on the white list of approved DoH servers;
- if yes, Chrome sends an encrypted DNS query to that server interface;
- If not, Chrome sends a regular DNS query to that server.
In Firefox, however, an intermediary appears between you and the site. By default, this mediator is the Cloudflare DNS server, but you can change it in the settings.
Unfortunately, a lot of data is collected about you when you visit websites, but it can be successfully dealt with. To effectively fight the gathering of information is not enough only to configure the browser, you also need to use specialized extensions (not only those that have been discussed in this article).