No matter what browser I use, every time it states my browser has unique fingerprint for Mull with uBlock and Badger installed and "randomized" with Brave. I don't even know if there are any other than unique or randomized. It will be more of an OPSEC post rather than referring to Cover Your Tracks in particular.
I got the worst results in
1. Screen size and colour depth
- one in 92k with Mull
- one in 200 with Brave and Vanadium
2. Http_accept headers
- one in 3k with Mull
- one in 6k with Brave
- one in 2,1k with Vanadium
3. Language and time zone (target's community is located in the same country as mine, so score above 200 doesn't bother me much)
4. Touch support
- one in 143 with Mull
- one in 4.35 with Brave and Vanadium
5. User agent
- one in 151.26 with Mull, probably bad, cause Chrome and Chromium browsers have nearly 70% market share in my country.
- one in 44 with both Brave and Vanadium
6. WebGL Vendor & Renderer
- one in 8.58 with Mull
- one in 314 with Brave
- one in 604 with Vanadium
7. Hash of WebGL fingerprint
- one in 8.81 with Mull
- one in 3.27 with Brave
- one in 939 with Vanadium
The rest of categories has score <10. If you think others will be crucial in my case, feel free to ask what score they got. The post would get too long if I were to list all results.
Device:
- Pixel 6 Pro with GrapheneOS
- Optionally I can look up for my good old Oppo A52 (slow af but has OEM Android 12 if remember right)
Browsers I tried:
- Vanadium 131.0.6778.104
- Mull 132.0.0 with uBlock Origin and Privacy Badger
- Brave 1.73.91, Chromium 131
Is there any way to make sure I am not recognisable by my browser data? I can't block every single cookie or data requests, as I am sure too many rejections of them will probably result getting flagged as a shady user, then admins will personally inspect fingerprints of all my accounts. This is just a downward spiral to me getting banned for making multiple accounts (my target). The goal is not to make me as anonymous as Snowden, but to spoof my fingerprint so good to get unrecognisable from the typical mouth-breathing internet users who don't give a flying fuck about so called, broadly understood online privacy. Ironically, that's pretty much reverse goal than when I was installing GrapheneOS.
Threat actor: discussion forum with invite-only registration. Something like Reddit, but they take multiple account prevention seriously. I am 99,9999% sure they ban all access via VPN, proxies and TOR in advance, so those are out of discussion. Burner SIM cards with internet access are the solution here, both for getting unique IP from LTE provider and for SMS verification during registration. Furthermore, different providers will probably give every single account's fingerprint a pinch of uniqueness (if admin staff has any way to see which mobile comm provider I used)
There's a catch: if I switch my SIM card to another one and the second one will get the same IP address as the previous one - I have to get in radius of another BTS and get different IP, or It will look like one person is using the 2 (or more) accounts. The inviter and all his invitees will get banned. Tbh I don't know how big chance there is for this making happen.
Once a week