1

I don't want any website to identify me and to know what is my geographical location.

As far as a website is concerned, I am always a new visitor who never visits it prior. If I leave the website, power down my browser, restart the browser and then come back, then I am a new visitor, not a returning one.

A way to do this is to go online only on a clean FF/Chrome browser inside a bland Windows 7 VM, but this seems to me quite heavy-handed.

From what I know, I will need to at least been able to spoof/hide these information from the websites:

  • User Agent
  • HTTP_ACCEPT Headers
  • Browser Plugins
  • Time Zone
  • Screen Size and Color Depth
  • System Fonts
  • Supercookies
  • HTML5 Canvas Fingerprinting

Is there any other information that I should hold away from the websites?

I am thinking using Firefox Private Mode, inside a VPN tunnel with randomized IP when I do my browsing. To defeat browser fingerprinting, I will install a agent spoofer plugin. True, websites know that I am using this plugin, and they might even get suspicious, but I am still a new visitor every time I return to them, and there is no way for them to identify me as one single unique visitor.

Is my technique solid enough for me to remain anonymous to the websites that are most zealous about collecting personal data, and are as mighty as Google or Amazon or Facebook?

If no, what are the other measures that will work?

Community
  • 1
Graviton
  • 905
  • 4
  • 12
  • 26
  • You dont need to use a plugin in Google Chrome, the devtools allow you to change the user agent directly https://developer.chrome.com/devtools/docs/device-mode. Other than that, and as far as I can see, you should be completely anonymous to each website. Still remember to log out or somehow clear the session when you're done. Keep in mind that not all VPNs encrypt traffic, if you want even more layers you should consider Tor or something similar – Purefan Jun 09 '15 at 10:13
  • 1
    @Purefan, I afraid that the devtools in Google Chrome is not sufficient for me to spoof other [browser/device related information](http://security.stackexchange.com/a/91053/9308) such as Canvas Fingerprinting, System Fonts, SuperCookies etc. – Graviton Jun 09 '15 at 10:19
  • Your method could work if you are very thorough about it, but I think it using Tor would probably be an easier and more effective solution. Relevant quote from the Grugq: "VPNs provide privacy - Tor provides anonymity. Confuse the two at your peril." – tlng05 Jun 09 '15 at 13:55
  • The Incognito mode? – curious_cat Jun 09 '15 at 14:01
  • 1
    @curious_cat Incognito mode prevents your history from being saved in your own computer and clears cookies on exit, but it doesn't necessarily prevent websites from tracking you. – tlng05 Jun 09 '15 at 14:07
  • @tlng05: You are right. A combination of Incognito mode and Tor? – curious_cat Jun 09 '15 at 14:17
  • 1
    @curious_cat Tor is already essentially Incognito mode on steroids. There's no need to separately enable incognito mode if you're using the Tor browser bundle. – tlng05 Jun 09 '15 at 16:29
  • @tlng05, does tor browser have VPN function? I want to watch Amazon/HULU/Netflix movies outside US as well. – Graviton Jun 10 '15 at 02:40
  • @Graviton Regarding the VPN its bit tricky with tor. Please read this question: https://tor.stackexchange.com/questions/1945/tor-via-vpn-good-extra-level-of-security-or-unnecessary – ρss Jun 19 '15 at 09:39
  • I think you'll be safe with this setup, the only thing i would add is the amazing open-source Ad Block UblockOrigin to hit less servers on internet , you could also use something like dnscrypt so you get your dns covered too. Also put plugins click-to-play, there's no need to give a page access to all your plugins unless it's going to do something you need. And you don't say how you dealing with SuperCookies but self-destructing cookies can destroy them(you are using firefox), if on *nix system, make browser run on a separated user with limited privelegies – Freedo Jun 26 '15 at 03:45

1 Answers1

2

Tor could be a solution for you, if you could compromise some of the browsing speed.

Tor tries to implement many countermeasures for your anonymity theft. I would recommend that just using Tor is not enough please read the Tor FAQ for further details.

Update: Apart from that I would say you have to change your browsing habits too in order to stay anonymous! This is what Tor also says.

Tor normally discourages visiting websites that has lot of active contents. For eg: Video streaming websites like youtube. The reason for this can be understood by reading the FAQ of Tor stated as below:

active content, such as Java, Javascript, Adobe Flash, Adobe Shockwave, QuickTime, RealAudio, ActiveX controls, and VBScript, are binary applications. These binary applications run as your user account with your permissions in your operating system. This means these applications can access anything that your user account can access. Some of these technologies, such as Java and Adobe Flash for instance, run in what is known as a virtual machine. This virtual machine may have the ability to ignore your configured proxy settings, and therefore bypass Tor and share information directly to other sites on the Internet. The virtual machine may be able to store data, such as cookies, completely separate from your browser or operating system data stores. Therefore, these technologies must be disabled in your browser to use Tor safely.

ρss
  • 344
  • 2
  • 8
  • @pss, "change the browsing habits"-- can you elaborate more on that? Just what browsing habits that I will need to change? – Graviton Jun 09 '15 at 13:49
  • @Graviton Answer updated :) – ρss Jun 09 '15 at 14:12
  • Tor can be [deanonymized](http://freehaven.net/anonbib/cache/tcp-tor-pets12.pdf) if you have access to the user's local network. – Ari Trachtenberg Jun 09 '15 at 15:46
  • 1
    @AriTrachtenberg As OP is only trying to prevent tracking by companies like Google, Facebook, and Amazon, I don't think spying on the local network would be a major concern. – tlng05 Jun 09 '15 at 16:33
  • 1
    Agreed ... unless Google [owns](https://fiber.google.com/about/) your LAN as well ... – Ari Trachtenberg Jun 09 '15 at 16:43
  • Well if attacker has access to LAN then he shall easily deanonymize your identity. Social engineering, sniffers, mitm attacks etc... all become more easier to implement. – ρss Jun 09 '15 at 17:41
  • @pss, I also don't want those big companies to trace my geographical location, is Tor alone adequate to do the job? Or do I need to compliment it with a VPN solution? – Graviton Jun 11 '15 at 05:45
  • Tor will do the job. https://people.torproject.org/~andrew/website-stage/docs/faq.html.en#IsTorLikeAVPN I would like to recommend you to read the FAQs. – ρss Jun 11 '15 at 08:35
  • IF you are on a *nix system you can configure your browser to run on a user with only the necessary permissions to run. That would limit damage even if your browser be completely owned by an attacker. – Freedo Jun 26 '15 at 03:43