I recently tried to clean up my digital life. I switched to Linux and switched to GrapheneOS and made more use of my proton subscription to replace google. But I have a few questions :
I tried https://coveryourtracks.eff.org/ on Librewolf on my PC and Vanadium on my phone and it say I have a nearly unique fingerprint. Is the benefit of using a privacy focused browser neglected by the low userbase and unique fingerprint ?
I did not have a great digital hygiene before so I have a google account, meta… How do I clean this up ? Are services like Incogni any good or is it just marketing ?
Finally I wanted to use tails with persistent storage to use as a live system if I ever need to use a PC that is not my own to connect to my accounts. However, I don’t want the ISP to know I use Tor. I see it as a big “I have something to hide” flag for the ISP. But my understanding is if I install a VPN on tails it will be Tor over VPN (bad if I understand correctly) instead of VPN over Tor. Should I use something else than tails since I only want/need always on VPN with kill switch.
Thanks a lot for your help. I want to say the journey is much easier than what I anticipated. The hardest part is making people switch around me. The lobbying has started.
Firefox Nightly + arkenfox userjs + uBlock Origin + Bitwarden as my daily driver.
Been a couple years since I checked up on arkenfox still being good. I get flagged as a bot all the time and constantly get popups about WebGL (GPU fingerprinting) so I assume its working as intended for my threat model.
Tails when I really care.
Mullvad VPN as my regular VPN with ProtonVPN for torrents.
GrapheneOS / NixOS as my OS.
Proton Visionary for most cloud services except passwords and I don’t really use Proton Drive. I do use ProtonPass for unique emails to every provider.
Kagi for searches / AI.
Etesync for contacts because Proton didn’t sync with the OS last I checked.
Backblaze B2 for cloud storage with my own encryption via rclone (Round Sync on GrapheneOS)
Keypass for a few things like my XMR wallets and master passwords I don’t even trust in Bitwarden.
https://jmp.chat/ for my mobile provider.
Pihole with encrypted DNS to Quad9.
https://onlykey.io/ for the second half of my sensitive passwords (Bitwarden, LUKS, Keypass, OS login). First half memorized.
Its a lot. I burned myself out a couple years ago keeping up with optimizing privacy and this setup has served me well for 2 years without really changing anything. The cloud services are grey areas in terms of privacy but the few ads that leak through uBlock have zero relevance to anything about me.
Thank you for laying all this out. This is really helpful.
LibreWolf doesn’t work to give you a non-unique fingerprint. Use Mullvad Browser for that (without changing anything other than the safety level).
Don’t use a VPN with Tails. You could try something like https://github.com/PJ-Singh-001/Cubic to roll your own custom Ubuntu ISO, or you can just install another Linux distro on it which is what I recommend. Don’t forget to enable disk encryption because you can’t reliably wipe data from flash storage.
You’re not a noob, you’re a sprout.
Their website (https://coveryourtracks.eff.org/learn) do mention the concern you have; Blocking trackers means you are a user with a very specific privacy settings. I suppose it would be like going around with a full face mask; You are technically private, but you are uniquely identifiable unless someone else does that. I also get “Uniquely Identifiable” on my personalised browser, but nothing like it when I try it out on newly installed Mullvad browser with no changes.
Not that I know much about how Tor traffic is identified, but Tor bridges seems like a potential solution? I would dig into that a bit more.
NoScript will improve your privacy by a lot, and will make webpages load faster, since it stops stylish and tracker-ridden JS. If a webpage breaks, you can flick a few buttons to temporarily allow JS (or permanently if you’ll be visiting that site a lot).
Tor over VPN is a fine solution if you want to hide it from your ISP, but I don’t think you should install extra stuff on TailsOS. Consider using Tor Browser + UblockOrigin on your own PC over a VPN, it’s pretty much the same thing if you’ll just be browsing online.
Oh-- and one important thing to remember: Don’t expend more effort than necessary for your own threat model. Consider the extent of your privacy needs and act accordingly, going overboard will only leave you tired for not much in return.
P.S.: mander.xyz has a Tor-based onion frontpage ;)
Mullvad Browser and LibreWolf have two completely different strategies to avoid fingerprinting. Mullvad Browser operates on everyone having the same configuration to blend in - if you want to use it, you need to avoid changing any of the settings. LibreWolf, on the other hand, works by spoofing a different fingerprint every session. It will look unique to Cover Your Tracks and the like, but it will be different every time you close and reopen it. Again, it works best if you don’t mess with the settings.
I believe both Mullvad Browser and LibreWolf come with uBlockOrigin pre-installed. Just about anything you want to do regarding blocking ads or scripts can be done in UBO’s settings; do NOT add extra “privacy” add-ons as you will only make yourself easier to fingerprint.
If you’re looking for something to use with actual accounts (like banking), use hardened Firefox (with arkenfox) or a hardened chromium browser. Neither Mullvad Browser nor LibreWolf (and especially NOT Tor) are designed for that use case.
As an aside, you can use multiple browsers for different use cases. I honestly think that’s best practices at this point, but you’d have to be good about not overlapping your browsing on them (i.e., not visiting/logging into the same website on multiple browsers).
Regarding Incogni, this video explains them pretty well
Are they trustworthy?
I tend to ignore everything that advertises itself.
