Question: Random Browsing Tools (Dilute and Confuse)
Fingerprinting isn't always possible to defeat, and its not always possible to avoid making accounts (work and school accounts)
However, it should be possible to fill up tracked data with meaningless garbage and reduce the signal-to-noise ratio. Ex: a bot that browses random products on amazon to reduce profiling accuracy.
Do you guys know of any tools that do this? Anything from browser extensions to command line scripts, to anonymous group-accounts.
Having your browser lie about every detail is anonymous, but not k-anonymous. i.e. Nobody will know who you are, but your browser fingerprint is unique and so you will not blend in with everyone else. The Tor Browser and Mullvad Browser try to be k-anonymous, so everyone looks the same. Brave Browser is an interesting case where all fingerprint data is randomized, so you are not by definition k-anonymous, but you do blend in with all other Brave users in that it is all randomized in the same way for everyone.
In summary:
Having your browser lie in a unique way is bad
Having your browser lie in the same way as everyone else is good
Having your browser lie in a random way like everyone else is still good
I would be very careful about saying Tor/Mullvad/Brave are anywhere near approaching k-anonymity... Tor Browser cannot even hide your real OS when queried from javascript, and there are current ways to detect all of those browsers independently.
I think one problem is that most people's (general non-tech population) browser setups are completely bone-stock, and so by definition "random like everyone else" is likely already excluding all the stock users and placing you in a much smaller box to compare against.
I would be very careful about saying Tor/Mullvad/Brave are anywhere near approaching k-anonymity
I agree, but it's the best we have so far. If you take some time to sit down and think about it, a lot of the problems with internet privacy can't be fixed without a complete overhaul of our existing systems.
Tor Browser cannot even hide your real OS when queried from javascript
This is true, but the exception is Tails which lies about being Windows.
There's a page somewhere that, if you allow it to, opens hundreds of tabs in the background pointing to a bunch of lifestyle and commercial sites so your shadow profile ends up looking nothing like you. I will try to find it again.
Except for shared unique similarities. Fingerprinting designers know "not all data is good data" and will then filter out bad data and use hard to change charateristics, like hardware or software similarities, which can enable cross-browser fingerprinting.
Yeah, cookies, account logins, and other stuff make it hard too. Ex: randomly exploring gmail emails at different times of day, but not actually marking emails as read.
Right, even the most secure/private browser cannot help opsec failures... if only one person visits the same website(s) at the same time every day, you are not anonymous. But we all must define our own threat models and apply what's realistic for us individually.