A few question from a noob


I recently tried to clean up my digital life. I switched to Linux and switched to GrapheneOS and made more use of my proton subscription to replace google.
But I have a few questions :

I tried coveryourtracks.eff.org/ on Librewolf on my PC and Vanadium on my phone and it say I have a nearly unique fingerprint.
Is the benefit of using a privacy focused browser neglected by the low userbase and unique fingerprint ?

I did not have a great digital hygiene before so I have a google account, meta...
How do I clean this up ? Are services like Incogni any good or is it just marketing ?

Finally I wanted to use tails with persistent storage to use as a live system if I ever need to use a PC that is not my own to connect to my accounts. However, I don't want the ISP to know I use Tor. I see it as a big "I have something to hide" flag for the ISP.
But my understanding is if I install a VPN on tails it will be Tor over VPN (bad if I understand correctly) instead of VPN over Tor. Should I use something else than tails since I only want/need always on VPN with kill switch.

Thanks a lot for your help. I want to say the journey is much easier than what I anticipated. The hardest part is making people switch around me. The lobbying has started.

Unknown parent

"Browser hardening" is a somewhat nebulous term; I've seen it used for both privacy and security interchangeably. I continue to hear that Gecko-based browsers (i.e. Firefox and its forks) are less secure, but I do not know exactly how that plays out in the real world. Security and privacy are sometimes at odds, and your threat model should help you choose which to prioritize and when. If you don't know how to weigh them, you may need to refine your threat model.

Vanadium is a hardened browser, yes. I don't have personal experience with it so I can't make any recommendations on its settings.

Unknown parent

If you're looking for something to use with actual accounts (like banking), use hardened Firefox (with arkenfox) or a hardened chromium browser. Neither Mullvad Browser nor LibreWolf (and especially NOT Tor) are designed for that use case.


I wonder if my one bank doesn't like Librewolf. I logged in no issue on Ungoogled Chromium, but got a "security warning" on LW. Meanwhile Discover doesn't give a fuck and works when it wants to on either (read: never). Paypal worked fine on LW. I do use a Banking container on LW and turn off VPN, but banks are making it harder to go no app...

This entry was edited (Wednesday, March 4, 2026, 1:26 AM)
in reply to Imaginary_Stand4909

I honestly don't even know what would trigger that, unless that bank just really hates you using any gecko-based browser.

I generally despise the push for separate apps for everything anyway, but the banking ones are among the worst since so many of them are tied into Google Play. If my bank were to disable its website and only function with an app that required Google Play certification, I'd change banks. I'd be tempted to go old school and do banking in person, but who knows what kind of security cameras they have in banks now.

in reply to Username85920

Firefox Nightly + arkenfox userjs + uBlock Origin + Bitwarden as my daily driver.

Been a couple years since I checked up on arkenfox still being good. I get flagged as a bot all the time and constantly get popups about WebGL (GPU fingerprinting) so I assume its working as intended for my threat model.

Tails when I really care.

Mullvad VPN as my regular VPN with ProtonVPN for torrents.

GrapheneOS / NixOS as my OS.

Proton Visionary for most cloud services except passwords and I don't really use Proton Drive. I do use ProtonPass for unique emails to every provider.

Kagi for searches / AI.

Etesync for contacts because Proton didn't sync with the OS last I checked.

Backblaze B2 for cloud storage with my own encryption via rclone (Round Sync on GrapheneOS)

Keypass for a few things like my XMR wallets and master passwords I don't even trust in Bitwarden.

jmp.chat/ for my mobile provider.

Pihole with encrypted DNS to Quad9.

onlykey.io/ for the second half of my sensitive passwords (Bitwarden, LUKS, Keypass, OS login). First half memorized.

Its a lot. I burned myself out a couple years ago keeping up with optimizing privacy and this setup has served me well for 2 years without really changing anything. The cloud services are grey areas in terms of privacy but the few ads that leak through uBlock have zero relevance to anything about me.

This entry was edited (Wednesday, March 4, 2026, 3:18 AM)
in reply to Username85920

coveryourtracks.eff.org/

Is very inaccurate and misleading. It is a shame that EFF is still promoting it; I would recommend looking up the videos from Techlore and PrivacyGuides about fingerprinting; they explain it very well without any misleading or highly inaccurate information. You can find them on YouTube and PeerTube.

Regarding cleaning up your stuff, in what jurisdiction do you live in? Under the EU you can make use of your rights as seen in the GDPR. Noyb.eu is a good resource for learning how to excersise your rights as an EU citizen.

Tails is by design not made to be used with a VPN service of any kind, if you want to hide your Tor usage, use the built-in Bridges instead.

If you need further advice, feel free to contact me, I would love to point you into the right direction rather than leaving you in the dark.

This entry was edited (Thursday, March 5, 2026, 10:47 PM)
in reply to Voxel

It still gives metrics. And yes, Creepjs is not very useful against randomized values, though I noted it still because Brave fails (resulting in a persistent fingerprint) whereas Cromite succeeded to fool Creepjs. Both have many methods of fingerprinting protection.

Checking the fingerprinting protections of Mullvad and Tor is better done with TorZillaPrint test page by Arkenfox. It is optimized to tell you whether you blend in correctly with RFP normalized values.

This entry was edited (Friday, March 6, 2026, 8:09 AM)
in reply to N.E.P.T.R

The Brave browser has much better blocking capabilities with the goal of offering all of the uBlock Origins features, while Cromite has an ABP integration which has weaker and less support for advanced filterlists. The default filterlists selection is also quite questionable. A blocked script can no longer track you.

Brave's fingerprinting protection measures are technically speaking superior than Cromite, the only reason that CreepJS can't be fooled by it all the time (I've done my own tests and it fails sometimes) is that it has specifically been designed to adapt to its protection mechanisms, which hasn't been done for Cromite.

You can also harden Brave to increase its level of protection:

privacyguides.org/en/desktop-b…

privacyguides.org/en/mobile-br…

This entry was edited (Friday, March 6, 2026, 8:54 AM)
Unknown parent

lemmy - Link to source

ken

LibreWolf doesn’t work to give you a non-unique fingerprint. Use Mullvad Browser for that (without changing anything other than the safety level).


Konform Browser also provides stronger protection against fingerprinting compared to vanilla FF or LW. Similarly (and in no small part thanks) to Mullvad Browser and Tor Browser.

Identification via enumeration and rendering differences of fonts is a major factor that's often overlooked. Those three browsers bundle and enforce the same fonts and fontconfig to make that less reliable as fingerprinting method.

This entry was edited (Friday, March 6, 2026, 11:55 PM)
Unknown parent

lemmy - Link to source

ken

LibreWolf, on the other hand, works by spoofing a different fingerprint every session.


Is that true? I think it's not that much of a fundamental difference in strategy as you say. While LW (like MB) does randomization of e.g. WebGL and Canvas fingerprints, in general other fingerprintables are also kept static. From my perspective it's more a difference in degrees than direction. Have you checked how your font fingerprint persist?

I believe both Mullvad Browser and LibreWolf come with uBlockOrigin pre-installed


Not exactly. LW comes without the addon but is configured to download and install uBlock Origin from addons.mozilla.org the very first thing it does. This is in contrast with Mullvad Browser (which does bundle the addon) and Konform Browser (which will load locally installed system uBO from known path if installed from distribution package manager).

If you’re looking for something to use with actual accounts (like banking), use hardened Firefox (with arkenfox) or a hardened chromium browser.


Konform Browser is intended to support that use-case and also worthy for consideration. Would be curious to hear if you agree or how you think it falls short!

This entry was edited (Saturday, March 7, 2026, 12:14 AM)