How to configure a VM to protect all my hardware fingerprint from guest OS and softwares?

Question

This question was originally Does Firefox in VM have a common enough fingerprint so I don't need tor browser? in Tor community.

I want to know about what a web browser's fingerprint like in a VM, if VM runs a common OS and have default system settings. Can VM be configured to not have any of host machine's fingerprint?

(Here I just want to ask about fingerprint, ignoring IP addresses, web scripts and tracking cookies)

Here the VM software we discuss would better be FOSS, like Virtualbox or qemu.

That question could be on not just web browser, but also other kind of softwares.

Answer 1

As the other answer has pointed out, emulating another architecture tends to be slow. This would tip off a would-be attacker there's something going on by short and simple code that tests execution timings.

Beyond installing a virtual machine with all the defaults selected, you could fake the processor and motherboard information. This again wouldn't hold up to any serious or rigorous poking by an attacker.

A simpler method would likely involve "blurring" or "fuzzing" the fingerprint your machine gives. An easy way to do this would be by rotating through virtual machines in a given day, all setup differently from one another.

Regardless, even if you could truly and hypothetically defeat fingerprinting of your machine's components, ad companies spend a large amount of effort on user tracking across devices. You would have to change your browsing habits across many devices to have some tangible effect. This is one of the many reasons I cite for "serious anonymity isn't for casual users".

Answer 2

No hardware based virtualization as implemented in practically all relevant virtualization systems fully hides the details of the underlying hardware. If you want to fully hide the details you would need to have full software based virtualization of the processor too, i.e. like emulating an ARM processor even if using an x86 one. Qemu can do such things but it will be terrible slow.