The ultimate protection agains browser fingerprinting
Dear Reddit,
Over the last few months, I've spent a lot of time protecting myself from online tracking. This includes the basics (uBlock origin in Firefox and a VPN connection) as well as more advanced measures (setting up Pi-hole together with [unbound recursive DNS server](https://docs.pi-hole.net/guides/unbound/), utilizing [NextDNS](https://www.nextdns.io/) or using the Tor browser). I think this offers pretty good protection to hide my IP-address (in case of the VPN and Tor) and prevent tracking through cookies. Besides, I use unique email addresses (aliases) and usernames for online accounts (I try to reduce the number of online accounts to what is strictly necessary) in order to prevent profiles from being linked to each other on the basis of this information.
My goal is to protect myself from tracking by commercial ad networks. To the extent that at the start of a new browser session I have a new identity within the web of advertising networks. No ad network should be able to recognize me from a previous browser session. I don't mind paying for privacy friendly services (like Tutanota, Protonmail, VPN, etc), which I do, or paying for content, as long as I can keep control over my online identity and tracking.
Recently I found out about [http://www.nothingprivate.ml/](http://www.nothingprivate.ml/) , which demonstrates how they (and others) are able to track you across websites and browser sessions using fingerprinting techniques. I thought I was reasonably protected by standard measures in Firefox that should provide protection against fingerprinting. One of them is the content blocking setting in about:preferences, which corresponds to the `privacy.trackingprotection.fingerprinting.enabled` setting in about:config. Besides, I turned on `privacy.resistFingerprinting`. However, the website mentioned above proves that this is not protecting me (enough) from online tracking through browser fingerprinting. It recognized me after closing the browser, even though everything (like cookies, etc) are cleared and fingerprinting protection is enabled. Even the Tor browser didn't protect me in most cases.
I see this as a major problem, which undermines all my other measures. As far as I understand, browser fingerprinting involves combining a series of data, like information embedded in http headers or browser API's that are invoked locally by Javascript on websites. Could anyone elaborate on these methods and propose ideas for the ultimate way to protect us from this? Of course, I can turn off Javascript in my browser. In that case, the website mentioned above is no longer able to track me, but I don't know if this is because fingerprinting has been made virtually impossible or because I only broke the tool by turning it off.
Thank you so much!
https://redd.it/ci7c3u@r_privacy
