Many common methods of preventing browser tracking are ineffective. This article goes over misguided ways in which people attempt to improve their privacy when browsing the web.
Blocking a few tracker domains does not actually prevent tracking. You cannot make a list of every single
tracker domain and block them all since there are far too many. Enumerating badness does not work.
Even if you did magically create a blacklist of every single tracker domain ever, the website does not need to
connect to a third party domain to run tracking code. For example, blocking Google Analytics does not prevent the
website from simply running their own first party tracking code or even hosting third party tracking code from a
first party domain.
The website can then share this information to the people that made the trackers you've blocked, so everyone
gets the exact same information they would have gotten in the first place.
Blocking trackers can only remove some low hanging fruit and is not a proper approach to systemically improving
privacy. This is the reason why
the Tor Browser does not include any tracker blockers.
You cannot configure your browser to prevent tracking either. Everyone will configure their browser differently,
so when you change a bunch of about:config settings, such as privacy.resistFingerprinting, and pile
on browser extensions like Privacy Badger, you're making yourself stand out and are effectively reducing
privacy.
Additionally, just disabling JavaScript, while preventing large vectors for fingerprinting, does not prevent
fingerprinting entirely. Fingerprinting can be done with only CSS and HTML. One example is using @media rules to figure out your
browser resolution.
You also cannot substantially improve security by configuring the browser. Changing a few settings will not
fix deep architectural security issues. You can at most reduce some attack surface by disabling things,
but most people don't do this to an extent where it actually matters.
Fingerprint testing websites, such as Cover Your Tracks, cannot
reliably
test your fingerprint.
These websites determine the uniqueness of your fingerprint based off of their own userbase, which will miss out on the
majority of real users, thereby providing inaccurate statistics and is not a viable way of determining how well you fair
off against fingerprinting in the real world.
These websites also don't test for much. Do these websites fingerprint you by where your cursor is
on the screen? By your clock skew?
By the performance of
your device? etc.
The only real approach to preventing browser tracking/fingerprinting is by using a browser that is designed to prevent this by default and the users do not change it. The most effective browser that does this is the Tor Browser. However, the Tor Browser's fingerprinting protections aren't perfect, and its security is quite weak.
Go back