How worried do I need to be about browser fingerprinting when using browsers other than Tor for one-off website visits in a Whonix disposable? My situation is that I occasionally need to visit some websites that aren’t supported by Tor Browser and I am making the assumption that all of these websites use some common advertising/tracking software (maybe not the case but I assume it is).
Say I install Chromium from the Whonix/Debian repositories, which is a browser that is completely susceptible to all browser fingerprinting techniques, am I wrong to think that one-off website visits in a Whonix disposable still provides me a fairly high level of protection against fingerprinting (in this particular scenario, not in general).
I figure that all software-related fingerprinting attributes would be identical across all Whonix users so the only way to differentiate between users is based on the hardware-related fingerprinting attributes. If I’m using Qubes-Whonix with a commonly used laptop that’s on the Qubes certified hardware list then I figure I’m relatively safe.
Is there any advice on this topic?
Phrased differently: will two Whonix disposable users have a very similar fingerprint on their first page visit when using Chromium?
My testing suggests yes, although I am limited in what I can test.
Not necessary, doesnt prove its safe even if they are the same because Tor will not protect you from fingerprint with just any application you like.
Please read the initial post properly before giving answers.
We’re discussing disposables being used for one-off website visits. If the browser fingerprint is the same on that first visit then this is considered safe as per the initial post.
I have never said Tor is a defense against browser fingerprinting.
If Tor doesnt defend against browser fingerprints, and the browser itself (chromium, firefox…etc) are not made to defend against connection fingerprints so how you are saying this is safe?
Disposable or appvm or template has nothing to do if the original principle broke already.
Fingerprinting is only an issue when the fingerprint becomes unique.
I’m specifying a disposable to emphasize that the browser is completely clean, whether disposable or not doesn’t actually matter.
As long as my fingerprint on the first page visit is the same as all other Whonix users on the first page visit then I’m not unique and therefore I am “safe”.
Quote:
In Whonix ™, for better anonymity it is recommended to use only Tor Browser for browsing the internet. Use of any browsers such as Chromium, Firefox, Opera and others is discouraged. Reasons for that are elaborated on the Tor Browser wiki page.
There is no exception to this rule.
Fingerprinting is too complex. Not an exhaustively researched topic. No completely implemented defenses. And a moving target as browsers and the web keeps changing.
Desktop resolution, user agent string and maybe WebGL fingerprinting and other performance based fingerprinting such as WebCPU. Stuff that comes to mind first.
Unspecific to Whonix.
related: