Many common methods of preventing browser tracking are ineffective.
Blocking a few tracker domains does not actually prevent tracking. You cannot make a list of every single
tracker domain and block them all since there are far too many. Enumerating badness does not work.
Even if you did magically create a blacklist of every single tracker domain ever, the website does not need to
connect to a third-party domain to run tracking code. Blocking Google Analytics does not prevent the website
from simply running their own first-party tracking code.
The website can then share this information to the people that made the trackers you've blocked so everyone
gets the exact same information they would have gotten in the first place.
Blocking trackers can only remove some low hanging fruit and is not a proper approach to improving privacy.
This is the reason the Tor Browser
does not include any tracker blockers.
Privacy Badger is a tracker blocker. It suffers from all of the
same issues as described above and has more issues of its own.
Privacy Badger works by detecting new trackers as you browse and adding them to a blacklist. It may sound
appealing at first, but what that does is give you a completely unique fingerprint based on your browsing
history.
Privacy Badger also attempts to prevent canvas fingerprinting but
this is not hard to bypass and can actually further add to your fingerprint.
You cannot configure your browser to prevent tracking either. Everyone will configure their browser differently
so when you change a bunch of about:config settings such as privacy.resistFingerprinting
and pile
on browser extensions like Privacy Badger, you're making yourself stand out and are effectively reducing
privacy.
Additionally, just disabling JavaScript, while preventing large vectors for fingerprinting, does not prevent
fingerprinting entirely. Fingerprinting can be done with only CSS and HTML. One example is using @media rules to figure out your
browser resolution.
You also cannot substantially improve security by configuring the browser. Changing a few settings will not
fix deep architectural security issues. You can at most reduce some attack surface by disabling things
but most people don't do this to an extent where it actually matters.
Fingerprint testing websites such as Panopticlick cannot
reliably
test your fingerprint.
These websites determine the uniqueness of your fingerprint based off of their own userbase which will miss out on the
majority of real users, thereby providing inaccurate statistics and is not a viable way of determining how well you fair
off against fingerprinting in the real world.
These websites also don't test for much. Do these websites fingerprint you by where your cursor is
on the screen? By your clock skew?
By the performance of
your device? etc.
The only real approach to preventing browser tracking/fingerprinting is by using a browser that is designed
to prevent this by default and the users do not change it. The most effective browser that does this is the
Tor Browser.
Although, the Tor Browser's fingerprinting
protections aren't perfect and its security is quite weak.