Actions

Template

SecBrowser Privacy and Fingerprinting Resistance

From Whonix

Research from a pool of 500,000 Internet users has shown that the vast majority (84%) have unique browser configurations and version information which makes them trackable across the Internet. When Java or Flash is installed, this figures rises to 94%.[1] SecBrowser ™ shares the fingerprint with around three million [archive] other Tor Browser users, which allows people who use SecBrowser ™ to "blend in" with the larger population and better protect their privacy.

The EFF has found [archive] that while most browsers are uniquely fingerprintable, resistance is afforded via four methods:

  • Disabling JavaScript with tools like NoScript.
  • Use of Torbutton, which is bundled with SecBrowser ™ and enabled by default.
  • Use of mobile devices like Android and iPhone.
  • Corporate desktop machines which are clones of one another.

With JavaScript disabled, SecBrowser ™ provides significant resistance to browser fingerprinting.[2]

  • The User Agent is uniform for all Torbutton users.
  • Plugins are blocked.
  • The screen resolution is rounded down to 50 pixel multiples.
  • The timezone is set to GMT.
  • DOM Storage is cleared and disabled.

The EFF's Panopticlick [archive] fingerprint test shows that SecBrowser ™ resists fingerprinting.

Note: Because tracking techniques are complex, Panopticlick does not measure all forms of tracking and protection.

  • SecBrowser ™ conveys 6.26 bits of identifying information.
  • One in 76.46 browsers have the same fingerprint.
  • Browsers that convey lower bits of identification are better at resisting fingerprinting.[3]

When Tor Browser's and SecBrowser ™'s HTTP headers are compared using Fingerprint central's test suite [archive] the results are near identical.

Table: Tor Browser vs SecBrowser ™ HTTP headers comparison.

Percentage (%) out of 1652 with fingerprints tags [Firefox,Windows]:

Name Value TorBrowser SecBrowser™
% %
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 2.48 2.42
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 97.15 97.15
Host fpcentral.irisa.fr 90.44 90.43
Content-Length 100.00 100.00
Accepted-Language en-US,en;q=0.5 32.63 32.95
Referer https://fpcentral.irisa.fr/ [archive] 69.37 69.35
Upgrade-Insecure-Requests 1 83.05 83.04
Accepting-Encoding gzip, deflate, br 82.14 82.13
Content-Type 100.00 100.00
Connection close 100.00 100.00