Introduction

Every time you log in, a website asks for information from your browser. What kind of information is this? Some of this information is needed in order to display the site properly, for example the information about the language of your device will automatically help you to choose the appropriate localization, the information about the type (computer, cell phone) will open a better mobile site if you are using a smart phone, and so on. But the information collected does not always work for your convenience: it can also be used to collect statistics and to sell to third parties, such as advertising agencies, online stores, etc. That’s how contextual advertising comes about. And the more information they collect about you, the more unique an internet user you become. Whether it’s bad to be a unique user is a topic for a separate article. Today, let’s look at ways to reduce your uniqueness.

Information to collect and how to collect it

The list of information to be collected is large and extensive. Let’s highlight the main blocks:

  • User-Agent line (operating system, device type, browser, other programs);
  • information about browsers (versions, installed plug-ins and extensions, settings, languages);
  • geolocation (time, country, city);
  • network settings (IP-address, use of VPN, type of connection);
  • Technical characteristics of the device (screen size, type, processor, number of cores, memory).

A set of such information is called a digital browser fingerprint.

This information is collected as soon as you connect to the site because the browser sends certain information when you request a web page. But the most informative are cookies. They are mainly used to remember useful things, such as log-in details for an account or the contents of a shopping cart on an online marketplace. They also rely on various trackers (snippets of websites that analyze and remember your actions on the site). Since most trackers are written in JavaScript, we’ll refer to that programming language in the following text.

Checking current state of privacy

To assess the current state of privacy (the presence of a unique fingerprint) it is sufficient to open your browser settings and see how much is allowed, but you can go the other way. There are special sites that collect information and show it to you. Here are some of them: deviceinfo.me, which we referred to above, ipper.ru, ipleak.com, coveryourtracks.eff.org. We will use the latter to determine if we have a unique browser fingerprint.

Figure 1. Example of the deviceinfo.me interface

Figure 2: Displaying the uniqueness of the browser fingerprint before setting

The arrows mark the points to which you should pay attention. Let’s look at them in more detail. The first and second items show whether trackers are blocked by your browser (in this case, they are not). The third item displays the presence of a unique fingerprint, in our case it is. Item 4 – statistics; now the fingerprint is unique among the more than 200,000 browsers tested.

Browser privacy settings

Let’s take a look at what privacy settings the most popular browsers on Windows provide: Google Chrome, Mozilla Firefox, Microsoft Edge, and Safari for Apple device owners. Let’s stipulate that everyone should customize their browser to suit themselves; that said, don’t forget that “total anonymity” is also a differentiator and can draw even more attention to you. The following will look at settings that increase privacy, but don’t make using your browser critically inconvenient.

Google Chrome

Chrome has an “incognito” mode that protects your privacy only from other users of the device from which you’re accessing the internet. You can turn on this mode in the upper right corner of the screen (click on the “Google Chrome Settings and Controls” icon → “New incognito window”) or by pressing the key combination “Ctrl+Shift+N”. In general, enabling the incognito mode is faster than clearing your browsing history and cookies after visiting Internet resources, but in terms of privacy this mode is useless, the browser transmits exactly the same amount of information as without it. The situation is similar for other browsers in similar modes.

Let’s try making Chrome more private. Go to the browser settings, open the “Synchronization of Google services” tab, and disable all the features presented there. In the next tab, Autocomplete, we do the same thing. But we configure the “Cookies and other site data” tab in the “Privacy and security” section as shown below.

Then in the “Site Settings” tab we disable everything).

And at the end, open the tab “Advanced” → “System” and disable the first two options. Check the privacy settings and get the results shown in the figure below.

Figure 5: Displaying the uniqueness of the browser fingerprint after configuration

Now our browser blocks the tracking, although some information is still available such as our IP address and the browser used. We should check the usability though.

Figure 6. Google Maps after privacy setting

Figure 7. YouTube with privacy settings

As we see, from this sample of sites, only ours works correctly.

The problems with functionality are caused by a ban on JavaScript. To solve them, you can go to “Settings” → “Privacy and Security” → “Site Settings” → “Content” → “JavaScript” and at the bottom of the window add the necessary sites as exceptions.

And what happens if you enable JavaScript again? Let’s look at the images below.

Figure 8. Chrome after configuration but with JavaScript enabled

As you can see, the results are little different from the original, and the protection against tracking has even worsened. This is due to the fact that a lot of information is collected using JavaScript. However, the service now manages to verify the uniqueness of the fingerprint: every 41556th browser matches ours.

Figure 9. Example of the collected information with JavaScript enabled

Figure 10. Example of collected data with JavaScript turned off. The result is obvious, but don’t forget that most web resources will stop displaying or working correctly.

Microsoft Edge

Microsoft Edge is developed on the same platform as Google Chrome, so in terms of privacy settings and their effectiveness Edge is similar to it. Below are the settings for Edge. Privacy, Search and Services tab:

  • anti-tracking protection – strict;
  • delete web browsing data when closed – all options enabled;
  • send “Do not track” requests – enable;
  • allow sites to check if there are any saved payment methods – turn it off;
  • use web service to fix navigation errors – turn it off;
  • suggest similar sites if you can’t find a website – turn it off;
  • show search recommendations and sites using the characters I entered – turn off;
  • show suggestions from logs, favorites, and other data on this device based on the characters I entered – turn it off.

Cookies and site permissions tab:

  • block third-party cookies – on;
  • JavaScript – off (exceptions may be added).

System tab:

  • startup acceleration – off;
  • keep background apps running when Microsoft Edge is closed – off;
  • Use hardware acceleration if available – turn it off.

Mozilla Firefox

Go to “Settings” → “Privacy and Protection”:

  • Choose strict anti-tracking mode;
  • Send “Do not track” signal to websites – “Always”;
  • “Delete cookies and website data when Firefox is closed” – enable;
  • disable all options in the “Logins and passwords” group;
  • Turn on the “HTTPS only” mode in all windows.

Figure 11. Browser data display before privacy setting

Figure 12. Browser data display after setting

We haven’t disabled JavaScript yet, so only the tracking protection has improved. But Mozilla Firefox allows you to customize your settings in even more detail. To do this you have to type “about:config” in the address bar, go to this internal address and agree with the warning that will be displayed to you. Then enter the following parameters and change their values.

We need to enable (value “true”):

  • privacy.resistFingerprinting – this setting replaces the time, the Mozilla version and operating system used, screen size, etc., more about that here;
  • privacy.firstparty.isolate and privacy.firstparty.isolate.restrict_opener_access – these settings prohibit Internet resources from seeing other sites’ cookies. In this case there may be problems with authorization, to fix them you will need to disable the second parameter.

Disable (value “false”):

  • healthreport.uploadEnabled, policy.dataSubmissionEnabled – data collection for statistics;
  • peerconnection.enabled – this parameter allows you to organize audio and video communication in the browser without using extensions, but discloses the user’s IP address;
  • search.suggest.enabled – geolocation;
  • trackingprotection.enabled – tracking by sites.

The “privacy.resistFingerprinting” parameter is the main setting in the above settings. It substitutes information about you with more common information.

The results are shown below.

Figure 13: Operating system and browser version used before the setting

Figure 14: Operating system and browser version used after tuning

Figure 15. Browser fingerprint value before customization

Figure 16. Browser fingerprint value after customization

Safari

First of all, you can try the “private window” mode. To do this, select File → New Private Window. When you use private access, the following happens:

  • each tab is isolated from the others, so websites you view in one tab can’t track your actions in other sessions;
  • The web pages you visit and autocomplete data are not saved; the pages you open are not synced with iCloud and not opened on other devices;
  • Your most recent searches are not included in the results list when you use the smart search box;
  • The items you download are not included in the download list (the items nevertheless remain on your computer);
  • If you use Handoff, privacy windows are not sent to your iPhone, iPad, iPod touch, or other Mac computers;
  • Changes to cookies or other web site data are not saved.

It is also advisable in Safari → “Settings” → “Privacy” to enable “Interfere with cross-tracking” and “Block all cookies” settings (may affect the performance of web resources). By clicking on “Manage website data” you can look at the information collected by websites and delete it.

In Safari, you can make a privacy report listing known trackers that have been blocked from tracking your activities. To do this, select “Safari” → “Privacy Report”.

Browser extensions

Extensions are designed to make surfing the Internet easier, but also provide a good level of privacy. Consider the results of two extensions: uBlock Origin (Chrome, Firefox) and NoScript (Chrome, Firefox). They are not only ad blockers, but also the same JavaScript. They automate the blocking process according to built-in filters that can be customized if necessary. For example, when watching an online broadcast, the extensions showed the following (Fig. 24, 25).

Figure 17. Result of uBlock

This way you can track down who is collecting information about you and prohibit them from doing so.

But if you block everything, you may disrupt the functionality of an Internet resource. Let’s return to tests. We will check it on Firefox with all the recommendations above and with uBlock and NoScript turned on.

Picture 18. Display of uniqueness of the browser fingerprint after adjustment

Figure 19. Example of information being gathered

Protection is now maximal: tracking is blocked, and the browser fingerprint is uninformative (every 125th browser looks like ours). At the same time, if the performance of popular Internet resources suffers, you can quickly and easily enable JavaScript or remove blocking for specific domains, for the entire web page, etc. A good bonus will be the absence of advertising.

Other ways to increase privacy

Special browsers

There are special browsers aimed at providing anonymity on the Internet. The most popular of them is Tor. Within the scope of this article, we will not consider their effectiveness and their settings.

The Domain Name System (DNS) translates readable URLs into IP addresses (e.g. “34.107.151.202”). When a user enters a domain name into a web browser, the latter sends a request to a DNS server, which in turn returns an IP address to connect to. DNS queries and responses are sent over the network as plain text in unencrypted form. Currently there are two protocols for encrypting DNS:

  • DNS over HTTPS (DoH);
  • DNS over TLS (DoT).

Modern browsers have DoH capability built into them, but it is disabled by default.

DoH sends a DNS request in an encrypted HTTPS connection. However, DoH only works on sites that can support this protocol.

To enable DoH in Firefox, go to network settings and click on “Enable DNS over HTTPS. For browsers on Chromium you need to enter in the address bar: Browser_name://flags/#dns-over-https (instead of “browser name” you have to type “chrome”, “edge”, etc.).

  • There are also differences in how it works. The DoH in Chrome works according to the following algorithm:
  • The user enters the URL of the site in the browser;
  • Chrome gets the data from the OS DNS server;
  • Browser checks if the server you’re looking for is on the white list of approved DoH servers;
  • if yes, Chrome sends an encrypted DNS query to that server interface;
  • If not, Chrome sends a regular DNS query to that server.

In Firefox, however, an intermediary appears between you and the site. By default, this mediator is the Cloudflare DNS server, but you can change it in the settings.

Conclusions

Unfortunately, a lot of data is collected about you when you visit websites, but it can be successfully dealt with. To effectively fight the gathering of information is not enough only to configure the browser, you also need to use specialized extensions (not only those that have been discussed in this article).

Similar Posts