I really enjoy Firefox on Android as I can install a bunch of extensions and I find those extensions game changer, especially on the mobile.
One of my favorites are
- Libredirect - literally one of my favorite ones. Redirects popular sites to privacy focused frontends, like YouTube to Invidious, etc.
- uBlock Origin - I guess everyone knows this one
- Privacy Badger - blocks trackers
- Ghostery - blocks trackers, ads, scripts, etc.
What extensions do you guys use?
Chameleon. My user agent changes every 30 seconds. Makes attempts to track me basically useless.
Changing your user agent will not stop you being tracked. Browser fingerprinting can work with heaps of different signals, and is very difficult to block.
It means I’m being tracked for 30 seconds. So basically useless tracking.
Chameleon doesn’t just change the user agent. It changes a bunch of stuff that’s used to break fingerprinting. Of course you have a fingerprint, but it constantly changes so that the data they collect is so short lived that its useless to them and therefore very useful to me.
You can try to fool it with a VPN, change country, etc but it doesn’t work. Fingerprinting is very strong these days.
That website is marketing bullshit. It doesn’t tell you if you fingerprint “ID” is unique. If can just spit out the same fingerprint for millions of users, and it looks impressive but its totally worthless as a fingerprint.
Try again with some service that isn’t trying to sell you their product
If you try with a Tor browser you’ll get a unique ID everytime.
Feel free to try this one instead: https://www.amiunique.org/fingerprint
Or whatever website you prefer, really. Fingerprinting is not solved by a single extension or checkbox. It’s really hard.
Are you passing CloudFlare captchas with that? I’m using a VPN and whenever I hit a CloudFlare captcha with a modified user agent, it doesn’t let me pass.
Sometimes. It depends if the admin misconfigured their cloudflare.
I dont have issues logging into cloudflare’s website itself with this setup. I have had to email many website admins to let them know that they have a broken cloudflare config.
Doesn’t that fuck up logins and stuff?
Nope. Why would it?
I would imagine many services would think you’re hijacking the session or something.
No, that would he a very dumb system. Because it would false positive every time someone changed their user agent, which is a common defense tactic in today’s threat landscape.
You don’t want to ban someone for protecting themselves. But I’m sure there are dumb execs who have thought this was a good idea until someone on the sec team slapped them and said “no”