What is a fingerprint and what is it for? Basic browser settings for online anonymity.

[Jollier]

An urgent problem all over the world today is the protection and security of personal data on the network. The ubiquity of technology makes it easy to collect personal information. In addition, users independently share on social networks, instant messengers, e-mail correspondence and other online platforms, often without even suspecting that their data may fall into the wrong hands.
In the modern world, few people are surprised by the fact that everything and everyone is monitored: smartphones, tablets, computers, smart devices, software, etc. On the one hand, companies collecting information do everything to improve a particular service , make this beautiful world even better and improve the quality of user experience. On the other hand, they make money from users, analyze behavioral factors, form characteristic patterns and manipulate for maximum benefit.
In the first part, we will talk about what fingerprints are, setting up your browser and protecting your identity on the web.
Fingerprint or sometimes foorptrint is a complete digital fingerprint of a device, consisting of information about your operating system, settings, active browsers, installed plugins, etc. Such a print is presented in the form of a unique code or picture.
In the field of information technology, a fingerprint is usually called the ability to uniquely identify a person through his device, settings, software and other user characteristics.
What is the difference from cookies? To begin with, cookies are relevant within the same domain, while fingerprint allows you to track the sources of referrals to the target site and the paths of referrals from that site. Cookies, including eternal ones, can be cleared or blocked, which is not a tedious process. In turn, fingerprints can only be replaced.
Fingerprinting technology can be interpreted as a significant vulnerability in information security and, at the same time, as a violation of the privacy and confidentiality of users. We visit certain sites, many of us have personal settings in the browser: fonts, plugins, bookmarks, add-ons and extensions, screen resolutions, window arrangement, navigation buttons placement, etc. The combination of these elements constitutes a unique digital fingerprint of the device and can be conditionally compared with human biometric data, namely, fingerprints.

Where is browser fingerprint used and what is it used for?
Many of us do not see any problem in the fact that every step and every action is under control and settles in "big data". Others, on the contrary, are extremely concerned about their privacy, that they develop special tools and programs that check, impede, distort and block the collection of information.
Digital fingerprints are used to prevent fraud and identity theft. The Internet user, without knowing it, provides data about himself, without any consent. With an increase in the amount of collected data, a person's profile is formed, which is able to contain:
· Gender;
· Age;
· marital status;
· Political Views;
· Financial condition;
· Interests;
· Habits, etc.
It would seem that this information is only superficial, without reference to a specific person, i.e. there is some subject with certain parameters and relationships to certain things, but who exactly is unknown. But this is only for the time being, it is only worth once a person somewhere to indicate real personal data, for example, name, phone number, address, fingerprint will allow companies to fully identify you and thereby supplement the formed profile.
Users are deprived of the ability to prohibit sites from this type of data collection. Subsequently, the collected databases of browser fingerprints can be transferred to other companies for sharing, which inevitably leads to the identification of users.

Now let's discuss how to get around this.
VPN and proxy servers
Here is short. VPN is the easiest method to bypass regional bans. Changes your IP to the one available on the service. Does not protect against multiple trackers and does not affect already picked up cookies.
Proxy is a free spacer that does not encrypt your traffic. Don't skimp on a good multi-channel VPN - and turn it on even when switching to a dedicated server, which we'll talk about further

Browsers and add-ons
Firefox is considered the most reliable. Install plugins on it:
raleyes - will get rid of tracking via CDN.
Privacy Badger - gets rid of trackers, protects privacy.
HTTPS Everywhere - MITM protection on the web.
ScriptSafe - the extension removes everything unnecessary.
Ready config: https://pastebin.com/73QwJFeK
Privacy Settings - simplifies work with configs + there is a privacy mode.
User Agent Swither - plugin replaces browser identification.
Antidetect is a plugin similar to the previous one with more advanced settings. Paid and quite expensive.
Ghoster is a plugin that blocks analytics trackers, ads and other beacons.
Multiloginapp is a platform designed to replace different browser footprints. The program is designed to work with a large number of browser profiles. Each profile is in its own "container" and the option that history will go from one browser, cookies and fingerprints is excluded.
There are also specially assembled browsers for anonymous web surfing:
TOR is the most famous and popular among them.
Pale Moon is an open source browser based on Firefox.

Manually
Manual changes can help make your digital footprint less unique, such as:
· Changing the time zone of the device;
· Installation of another language of the operating system of the device;
· Installing a different browser language;
· Change the screen resolution of the device;
· Changing the scale of the web page;
Disable Flash, Javascript and WebGL execution.

Dedicated servers
The use of Dedicated Servers (from the word dedicated server) is still considered one of the most effective ways to maintain your anonymity. It is a separate physical machine from which no data is transmitted to your main and work.
Pros: Configuring an HTTP / SOCKS proxy or SSH / VPN connection to choose from; Control of the history of requests; Rescues when attacking through Flash, Java, JavaScript, if you use a remote browser;
Cons: Relatively high cost Technical knowledge required to set up correctly.
The main reason for the popularity and effectiveness of this method is that such a virtual computer is completely new and clean for the Internet, works around the clock and does not transmit any information about the end user and the characteristics of his computer (they say Facebook even tracks the MAC address).

Configuring the browser using the about: config page
This page contains links to various browser resources.
I will not delve into each resource, I will just point out a few interesting and useful examples.
about: support
Here you can see detailed information about the browser, user-agent, whether multiple streams are supported, or, for example, a composite manager for rendering the interface.
Here you can also find out the path to your Profile (Profile Directory). Why you will need it, I will describe in more detail below. Unfortunately, the path to the profile folder is not shown on the mobile version, so I will share mine with you (relevant only for android).
/data/data/org.mozilla.firefox/files/mozilla/*.default
The profile folder consists of 2 parts - * - random string (a unique set of letters for each device) + .default - for the default profile
about: memory
Here you can see what the browser memory is spent on, mostly useful for web frontend developers.
about: addons
The page with your extensions is also available from the graphical menu.
about: networking
A page with detailed information about visited sites, dns and websockets. It will also be useful for web developers.
about: config
And finally, the page that contains all the available browser settings in key-value format.

Detailed browser settings
In about: config there is a graphical editor of values, everything should be clear there and so.
But the user.js file, as you can see from its extension, assumes that all settings will be in a format understandable by a javascript parser. For example:
user_pref ("browser.bookmarks.restore_default_bookmarks", false);

user_pref is an object containing all settings.
Anything in the quotes “browser.bookmarks.restore_default_bookmarks” is a key.
The decimal point is followed by the value.
The key is always a string, but the value can be of different types, strings, numbers or boolean false / true (true / false).
The setting shown in the example is responsible for restoring the default bookmarks and is set to false. If you change this value, then all your bookmarks will be deleted and the default set of bookmarks will be restored.

Other settings
user_pref ("browser.bookmarks.showMobileBookmarks", true);

This setting allows you to see your bookmarks from the mobile version on the desktop, if you have synchronization enabled.
user_pref ("browser.ctrlTab.previews", true);

When switching tabs, previews of pages are displayed.
user_pref ("browser.download.autohideButton", false);
user_pref ("browser.download.panel.shown", true);
Settings responsible for displaying browser downloads.
user_pref ("browser.library.activity-stream.enabled", false);
user_pref ("browser.newtabpage.activity-stream.feeds.places", true);
user_pref ("browser.newtabpage.activity-stream.feeds.section.highlights", false);
user_pref ("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref ("browser.newtabpage.activity-stream.filterAdult", false);
user_pref ("browser.newtabpage.activity-stream.prerender", false);
user_pref ("browser.newtabpage.activity-stream.showSponsored", false);
user_pref ("browser.newtabpage.activity-stream.telemetry", false);
user_pref ("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
user_pref ("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
user_pref ("browser.newtabpage.activity-stream.topSitesRows", 3);
user_pref ("browser.newtabpage.enhanced", true);

All activity-stream settings are responsible for your activity. “Newtabpage” - for displaying content in a new tab. I turned off almost everything, except for “feeds.places”, which are responsible for displaying recently visited pages in a new tab. By the way, all settings containing the word “endpoint” are responsible for the address to which the data is sent. If you use an empty string, no data will be transmitted.
user_pref ("browser.ping-center.telemetry", false);

One of the settings for telemetry. I turn it off to speed up surfing, since resources are wasted on any action, even if it works in parallel. Since I know firsthand how to profile programs and how much the performance drops at the same time, it is better to do without it.
user_pref ("browser.safebrowsing.blockedURIs.enabled", false);
user_pref ("browser.safebrowsing.downloads.enabled", false);
user_pref ("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref ("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref ("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref ("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref ("browser.safebrowsing.downloads.remote.enabled", false);
user_pref ("browser.safebrowsing.enabled", false);
user_pref ("browser.safebrowsing.malware.enabled", false);
user_pref ("browser.safebrowsing.phishing.enabled", false);
user_pref ("browser.safebrowsing.provider.google.advisoryURL", "");
user_pref ("browser.safebrowsing.provider.google.gethashURL", "");
user_pref ("browser.safebrowsing.provider.google.lists", "");
user_pref ("browser.safebrowsing.provider.google.pver", "");
user_pref ("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref ("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref ("browser.safebrowsing.provider.google.reportURL", "");
user_pref ("browser.safebrowsing.provider.google.updateURL", "");
user_pref ("browser.safebrowsing.provider.google4.advisoryName", "");
user_pref ("browser.safebrowsing.provider.google4.advisoryURL", "");
user_pref ("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref ("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref ("browser.safebrowsing.provider.google4.lastupdatetime", "");
user_pref ("browser.safebrowsing.provider.google4.lists", "");
user_pref ("browser.safebrowsing.provider.google4.nextupdatetime", "");
user_pref ("browser.safebrowsing.provider.google4.pver", "");
user_pref ("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
user_pref ("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
user_pref ("browser.safebrowsing.provider.google4.reportURL", "");
user_pref ("browser.safebrowsing.provider.google4.updateURL", "");
user_pref ("browser.safebrowsing.provider.mozilla.gethashURL", "");
user_pref ("browser.safebrowsing.provider.mozilla.lists", "");
user_pref ("browser.safebrowsing.provider.mozilla.pver", "");
user_pref ("browser.safebrowsing.provider.mozilla.updateURL", "");

“Safebrowsing” - these settings are responsible for checking the visited sites to make sure they are safe. This check involves checking the site host in the local database against a blacklist and checking the uploaded files on Google servers. (Thanks to dartraiden for the hint) If the answer is yes, a service page with a warning is shown instead of the site. I disabled this check to speed up surfing. Perhaps, for those using the Windows operating system, this should not be done.
user_pref ("browser.search.countryCode", "US");
user_pref ("browser.search.geoSpecificDefaults", false);
user_pref ("browser.search.geoSpecificDefaults.url", "");
user_pref ("browser.search.geoip.url", "");
user_pref ("browser.search.hiddenOneOffs", "Bing, Amazon.com, Twitter");
user_pref ("browser.search.region", "US");
user_pref ("geo.wifi.uri", "");

Search settings. I set the region to US, for the anonymity of search queries. Also disabled location for search (“geo”).
user_pref ("browser.tabs.loadInBackground", false);
user_pref ("browser.tabs.tabMinWidth", 30);
user_pref ("browser.tabs.warnOnClose", false);

Tab settings. I would like to mention “tabMinWidth” separately. In chrome, if you open many tabs, the text disappears. And in Firefox, this setting is responsible for the minimum tab length. And if more tabs are open, then they still do not shrink, but simply hide and additional tab control buttons appear. For me, this system is very convenient, since I constantly open many pages from the same site and without text I have to constantly guess which page is where.
user_pref ("browser.urlbar.clickSelectsAll", true);
user_pref ("browser.urlbar.maxRichResults", 15);
user_pref ("browser.urlbar.trimURLs", false);

When you click on the address bar, the entire address is highlighted, not the current word. And also https is not hidden in the address bar.
user_pref ("datareporting.healthreport.uploadEnabled", false);
user_pref ("datareporting.policy.dataSubmissionEnabled", false);
user_pref ("datareporting.policy.firstRunURL", "");

Mozilla Corporation reports
user_pref ("device.sensors.enabled", false);
user_pref ("device.sensors.motion.enabled", false);
user_pref ("device.sensors.orientation.enabled", false);

This is more for the mobile version, but sometimes laptops also have some kind of sensors.
user_pref ("devtools.aboutdebugging.showSystemAddons", true);
user_pref ("devtools.onboarding.telemetry.logged", false);
user_pref ("devtools.theme", "dark");
user_pref ("devtools.toolbox.splitconsoleEnabled", false);

Developer tools settings.
user_pref ("dom.push.enabled", false);
user_pref ("permissions.default.desktop-notification", 2);
user_pref ("permissions.default.geo", 2);

Duplicates disabling notifications from the graphical menu
user_pref ("experiments.activeExperiment", false);
user_pref ("experiments.enabled", false);
user_pref ("experiments.supported", false);

I do not want to experiment. Tuning for an amateur).
user_pref ("extensions.pocket.enabled", false);
user_pref ("extensions.ui.dictionary.hidden", false);
user_pref ("extensions.ui.experiment.hidden", true);
user_pref ("extensions.ui.locale.hidden", true);
user_pref ("extensions.webextensions.remote", true);

Extension settings. Turn off Pocket.
user_pref ("findbar.highlightAll", true);
user_pref ("font.internaluseonly.changed", true);
user_pref ("font.minimum-size.x-western", 10);
user_pref ("font.name.monospace.x-western", "Hack");
user_pref ("font.name.sans-serif.x-western", "Hack");
user_pref ("font.name.serif.x-western", "Hack");

The font settings duplicate the graphical settings of the smooth scrolling, selected experimentally.
user_pref ("general.smoothScroll.durationToIntervalRatio", 1000);
user_pref ("general.smoothScroll.lines.durationMaxMS", 100);
user_pref ("general.smoothScroll.lines.durationMinMS", 100);
user_pref ("general.smoothScroll.mouseWheel.durationMaxMS", 150);
user_pref ("general.smoothScroll.mouseWheel.durationMinMS", 50);
user_pref ("general.smoothScroll.other", false);
user_pref ("general.smoothScroll.pixels", false);
user_pref ("general.smoothScroll.scrollbars.durationMaxMS", 100);
user_pref ("general.smoothScroll.scrollbars.durationMinMS", 100);
user_pref ("general.useragent.override", "Mozilla / 5.0 (X11; Linux x86_64; rv: 60.0) Gecko / 20100101 Firefox / 64.0");
user_pref ("general.useragent.vendor", "");
user_pref ("general.useragent.vendorSub", "");
User agent settings, if there is no special need, it is better not to touch them
user_pref ("general.warnOnAboutConfig", false);

Disable warning window when visiting about: config
user_pref ("gfx.use_text_smoothing_setting", true);
user_pref ("gfx.webrender.enabled", true);
user_pref ("gfx.webrender.highlight-painted-layers", false);
user_pref ("layers.acceleration.force-enabled", true);

Acceleration of rendering.
user_pref ("intl.accept_languages", "en-us, en, uk, ru");
user_pref ("intl.locale.requested", "en-US");
This information is intended to automatically select the language on the site, although the sites themselves very rarely pay attention to this setting. Hopefully the situation will change in the future.
user_pref ("layout.css.devPixelsPerPx", "1.25");
user_pref ("layout.css.osx-font-smoothing.enabled", true);
user_pref ("layout.word_select.stop_at_punctuation", true);

I would like to highlight the “devPixelsPerPx” setting. This setting is responsible for scaling the interface and will be especially useful for people with low vision or on computers with a high screen resolution. The default is “1”.
user_pref ("media.autoplay.enabled", false);
user_pref ("media.av1.enabled", true);

Video related settings. Disables autoplay and enables experimental support for the new AV1 codec.
user_pref ("network.allow-experiments", false);
user_pref ("network.cookie.prefsMigrated", true);
user_pref ("network.dns.disablePrefetch", true);
user_pref ("network.http.speculative-parallel-limit", 0);
user_pref ("network.predictor.enabled", false);
user_pref ("network.prefetch-next", false);
user_pref ("network.security.esni.enabled", true);
user_pref ("network.tcp.tcp_fastopen_enable", true);
user_pref ("network.trr.mode", 2);
user_pref ("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
user_pref ("network.warnOnAboutNetworking", false);

I want to analyze this group of settings in more detail.
“Dns.disablePrefetch” and “predictor.enabled” are responsible for pre-visiting links on the page to speed up loading if the user wants to click on any of the links. If the Internet is slow, then it only worsens the situation, especially in the mobile version somewhere in the metro.
“Tcp.tcp_fastopen_enable” enables TCP Fast Open
“Trr.mode” is responsible for DNS Over HTTPS. A value of 0 disables DoH completely; 1 - DNS or DoH is used, whichever is faster; 2 - DoH is used by default, and DNS is used as a fallback; 3 - only DoH is used; 4 - mirroring mode in which DoH and DNS are used in parallel.
Well, “trr.uri” is responsible for the server that the browser knocks on to get the IP address of the sites visited.
“Security.esni.enabled” is responsible for the Encrypted SNI
user_pref ("privacy.donottrackheader.enabled", true);
user_pref ("privacy.firstparty.isolate", true);
// Disables memorizing the zoom level for the site
user_pref ("privacy.resistFingerprinting", true);
user_pref ("privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts", false);

Privacy settings.
user_pref ("privacy.userContext.enabled", true);
user_pref ("privacy.userContext.longPressBehavior", 2);
user_pref ("privacy.userContext.ui.enabled", true);
“UserContext” includes Multi-Account Containers.
This add-on isolates cookies and browsing history into separate containers. Unfortunately, only for the desktop. I isolated all the services of Google, Facebook and several other important services separately. Also, if you additionally install the Multi-Account Containers extension, you can use it to bind sites to containers. Even if you open a link linked to another container from one container, it opens in this container, in a new tab. Very comfortably.
user_pref ("reader.color_scheme", "dark");
user_pref ("reader.content_width", 12);

In Firefox there is a very easy read page mode, in which all but the text is deleted. It is still far from ideal, it cuts out some tags with the text, but it is still very convenient to use it. You can activate it here:
user_pref ("security.ssl.errorReporting.automatic", true);
user_pref ("toolkit.identity.enabled", false);
user_pref ("toolkit.telemetry.archive.enabled", false);
user_pref ("toolkit.telemetry.bhrPing.enabled", false);
user_pref ("toolkit.telemetry.coverage.opt-out", false);
user_pref ("toolkit.telemetry.enabled", false);
user_pref ("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref ("toolkit.telemetry.hybridContent.enabled", false);
user_pref ("toolkit.telemetry.infoURL", "");
user_pref ("toolkit.telemetry.newProfilePing.enabled", false);
user_pref ("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref ("toolkit.telemetry.server", "");
user_pref ("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref ("toolkit.telemetry.unified", false);
user_pref ("toolkit.telemetry.updatePing.enabled", false);
Diverse telemetry. Again
user_pref ("widget.chrome.allow-gtk-dark-theme", true);
user_pref ("widget.content.allow-gtk-dark-theme", true);
// user_pref ("widget.content.gtk-theme-override", "Adwaita: light");

How to hide (change) browser fingerprint?
There are protective measures when using browsers, but none of them will work 100%. And a logical question arises: "Does it make sense to use some kind of specialized software or install extensions that block certain processes when visiting sites?" The answer will be ambiguous, since a kind of dissonance arises.
At the time when you are trying to combat tracking and apply special browser settings and special software, you definitely increase the uniqueness of your digital fingerprint of the device, thereby allowing you to be more likely to identify you and form a user profile.
Multiple studies have confirmed that computers and software with “default” settings are more difficult to identify and “associate” with a specific person, while even small changes have the opposite effect.
In practice, the most effective protection is the use of the Tor Browser, which developers put a lot of effort into reducing the uniqueness of fingerprints. For everyday use, an extension like Privacy Badger is a good option. With it, you can reduce the level of tracking and the amount of information transmitted. For even more confidence and privacy protection, all of this must be used in a virtual machine.
All these methods take place, however, for the average user, such actions create certain difficulties and a waste of time.
If the topic for you is very interesting and relevant, watch the video from Ufocoder, where he talks in some detail and shows how the fingerprint technology works and whether it is possible to fight it:

In the next article we will look at ways to spoof fingerprints, as well as other "anonymous" browsers.
You have been fucked, fucked and will be fucked. State, hackers, officials.
It is impossible to stop this swinger party. But I will teach you how to protect yourself. I will show and tell you something that the "Hacker" magazine does not write about and that other channels do not tell or simply do not know. Find here a selection of the best cybersecurity articles and videos. Everything from Wi-Fi audits to auto openings (in case you've lost your keys). And also hot news with author's comments.

 

[Jollier]

How to hide your digital fingerprint. Configuring anonymous virtual machine
Does everyone know the word deanon? And this is not at all about the fight against anonism. With the help of clever technologies, you are identified by all and sundry - from advertising and media agencies, collectors of big data and ending with various state agencies. The problem is very serious, and in this article we will touch only the tip of the iceberg and tell you about how to secure your Internet experience at least a little.
The ubiquity of digital fingerprinting technologies makes it easy to collect personal information. In addition, users independently share personal information on social networks, instant messengers, by e-mail and on other online platforms, often without even knowing that their data may fall into the wrong hands.
In the first part, we figured out what fingerprinting is and made Firefox a little safer. In the second part, we will talk about how to hide a fingerprint, setting up a virtual machine, anonymous and not quite browsers, and of course about protecting your identity on the network.

Setting up VirtualBox
It's no secret that a virtual system has a very peculiar config and digital fingerprint. To make sure of this, you don't even need to use software like AIDA64 or EVEREST. You just need to open the "Device Manager". Your entire system just “screams” that this is a virtual machine.
Here I will describe several manipulations with the VM in order to make its fingerprint less recognizable and hide the very information that it is a virtual machine.
We will use VBoxHardenedLoader :
This is a great add-on for VirtualBox that allows you to change almost any parameters of your virtual machine.
Just downloading the file is not enough. You also need to make the necessary settings. To do this, we do everything in accordance with the manual.
Download and install VirtualBox.

Open VirtualBox and create a virtual machine with the settings you need.

Note: 2048 MB is optional, you can adjust or decrease this value as you wish, but keep in mind - some detection systems try to identify the virtual machine by the available amount of physical memory, and if it is too small, this is a red flag that, that this is a virtual machine.
Create a virtual disk

Remember that the recommended disk size should be over 32, and 64 GB is better. The smaller size will be an indicator that this is a virtual machine.
After the virtual machine is created, open its settings - you will need to make certain changes.
On the System menu, Motherboard tab, select the Enable I / O API checkbox.

In the Processor tab, enable PAE / NX and install at least 2 processors. If it is indicated that there is only one processor, this is an indicator that a virtual machine is being used.
In the Acceleration menu, set the Paravirtualization Interface to Legacy and enable VT-x / Nested Paging. If you leave the value of paravirtualization "By default" it will give the virtual machine the Virtual Box hypervisor and even the name of the hypervisor via the cpuid value. And this is a complete fire!

On the Display tab, turn off 2D / 3D Acceleration.

Storage.
It should look something like this.

Save all settings and close VirtualBox completely.
Download the program from here and save it wherever you like. For example c: \ vboxldr.
Now for the important part. Go to the data folder and select the system startup script.
hidevm_ahci for VM with SATA / AHCI controller and classic BIOS
hidevm_ide for VM with IDE controller and classic BIOS
hidevm_efiahci for VM with SATA / AHCI controller and EFI
hidevm_efiide for VM with IDE controller and EFI
We edit the script corresponding to your configuration to suit your needs:
set vboxman = "C: \ Program Files \ Oracle \ VirtualBox \ vboxmanage.exe"
set vmscfgdir = D: \ Virtual \ VBOX \ Settings \
Change vmscfgdir to the folder with your machine's settings.
Make the rest of the settings and run the script with the name of your virtual machine.

But don't start VirtualBox - you're not ready yet.
Run loader.exe with Administrator privileges.

You will have to repeat this step every time you restart the OS.
Attention! Remember that installing Virtual Box Additions is by no means impossible - it will ruin everything.
As practice has shown, each configuration needs its own approach during installation and its own writing of the config file. Much depends on the operating system and its version on which we are going to build the virtual machine.
There is no doubt about the flexibility and reliability of the system. Everything is customizable to your taste.

Let's replace all the hardware of our virtual machine:
- processor model
- manufacturer / firm of the motherboard
- BIOS ID, version / date
- CPU ID and HDD ID
- Windows product ID
- replacement of the video card (Important!)
- random Mac-Address of the network device or manual installation for each machine
- unlike a simple virtual machine, on ours we will be able to control the parameters of the sound card (a hint of replacing the audio print), but of course, of course, you still need to work on it manually and install the necessary software.
Through VboxHardenedLoader, we give our future virtual machine random properties and parameters, and only then we install Windows itself there. All settings for our miracle machine must be done before the first launch of the OS. That is, your virtual machine is already starting with these settings as a full-fledged PC and will be identified as someone's PC, and not a virtual machine with VBOX fingerprints.
You can see how all this can be configured in this video:

How to work with a virtual machine?
Having created a machine, let's call it MAIN, load into it all the software you need to work, set up a browser antidetect and so on.
We will clone the finished MAIN machine and in the future we will only work with its clones. After "working out" the clones can be deleted and, if necessary, make other clones. Do not forget to give the clones different values from the MAIN VM, remembering that this is a cloned machine and it is similar to the MAIN one. And you need it to be different. We launch the written config file and everything happens automatically. VboxHardened does its job.
One-click clone randomization works with all hardware except the processor and motherboard.
The processor model does not need to be changed so often, as long as it differs from the host processor model. It is important that the CPUID itself has changed. The final choice is yours - when, how and how often to change the model.
For the paranoid, the tuned car (and subsequent clones) can be used in conjunction with Whonix. You can add to this the neighbor's Wi-fi.

Configuring VMWare
There is also a commercial virtual machine from the pioneers of the topic of virtualization. Although the hardware settings in VMWare are not as flexible as in VirtualBox with add-ons, it is possible to hide the fact that this is a virtual machine without any add-ons and plug-ins, by its own means.
I have used VMWare Workstation for Win.

1) To work, a newly installed system is required, I did not find how to make changes to an existing one.

Prepare the virtual disk, specify the system, as you usually do, and in the settings for the installed machine, I have this item called Isolation, turn off any data exchange with the host OS.

2) Next, you need to find the VMX configuration file created at the stage of creating a machine in VMWare, and add the following lines to the end:

isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE "
Monitor_control.disable_chksimd =" TRUE "
monitor_control.disable_ntreloc =" TRUE "
monitor_control.disable_selfmod =" TRUE "
monitor_control.disable_reloc =" TRUE "
monitor_control.disable_btinout =" TRUE "
monitor_control.disable_btmemspace =" TRUE "
monitor_control.disable_btmemspace =" TRUE "
monitor_control.disable_btseg = "TRUE"

These options prevent programs from detecting the virtual environment through such complex checks as tracking memory address space, counters.

Important! If at the stage of setting up the installation there is an option like "Express install", "Express installation" - turn them off. Also, do not install VMWare Tools on the installed system, because some software includes the presence of this package in the check.

3) Save the file, point to the ISO with the system installer to load, install the OS as usual.

4) Despite the fact that the overwhelming majority of programs that do not like the virtual environment do not go beyond the checks that we cut off in step 2, some especially stubborn ones still go further and try to search, for example, everything that looks like the name of virtual controllers disks.

To defeat them in Windows, go to the registry editor in the HKLM \ SYSTEM \ CurrentControlSet \ Services \ Disk \ Enum branch. As you can see, there is a clear reference to the fact that the disk is virtual.

We need to change it by removing VMware, Virtual, Ven, etc. from the parameter, and save it like that.
It also makes sense to replace everything that changes in the registry with a VMware / Virtual search for some Intel or IBM, and not just disk variables.
Then try to launch your stubborn object of experiments - in 70 percent of cases, the steps described will help you pass the tests for the virtual environment.
Important! The value in HKLM \ SYSTEM \ CurrentControlSet \ Services \ Disk \ Enum is overwritten after every reboot, so it needs to be changed after every new system start.

And more about virtual machines​

Structure virtual machines
We strongly recommend that you divide your tasks on the Internet into several categories and use your own virtual machine for each of them. For example, to access personal mail, banking, State Services and other completely personal sites, use one machine. For access to social networks - another. For surfing the Internet - the third. For work - the fourth. Believe me, all this is not so difficult. Don't be lazy and set everything up once. After all, safety is above all.

Testing?
You can check how safe you are against detection, as well as familiarize yourself with other popular tools for detecting sandboxes and virtual machines, using the Pafish tool.

Fingerprint Traversal
Let's start with what identification methods exist, and then move on to ways to bypass / disable them.
The usual way websites receive your data is through the use of cookies. Cookies are small packages of text files that are stored on your computer and contain certain data that can provide information to websites to improve the user experience.
Every time you visit the website, your browser will load cookies. When you visit the same website at a later time, it will verify the data packages and provide you with a customized user interface.
Think about the font size or screen resolution you are viewing on a website. If the website knows that you are always using an iPhone 8, it will provide you with the best settings for your iPhone. In addition, in this way, the site knows if you are a unique visitor or a returning visitor. Cookies also store data about page browsing, their habits, interests and more.
In addition, websites use Javascript, which will interact with visitors to perform certain tasks, such as playing videos. These interactions also trigger a response, and therefore they receive information about you.
In order to identify the user's browser and without cookies, technologies for building digital fingerprints (fingerprint) have appeared. The most widely used are Canvas fingerprint and WebGL fingerprint. Perhaps the most popular library for obtaining a digital fingerprint is FingerprintJS2, written by our compatriot Valentin Vasiliev: https://github.com/Valve/fingerprintjs2 . The updates were made a few months ago, so development is active.
One of the most effective methods of protecting against fingerprints in the browser is to disable JavaScript and Flash.
When JavaScript is disabled, websites will not be able to detect the list of active plugins and fonts you are using, nor will they be able to set certain cookies on your browser.
The downside to disabling JavaScript is that websites don't always work as expected.
On the other hand, Flash can be turned off without negatively impacting site performance.

Font Fingerprint
It is not known exactly when the technology appeared, but the fact that, due to its simplicity and efficiency, the font imprinting technology has found its application in almost all large anti-fraud companies is no longer a secret. This technology receives a list of fonts installed on the user's PC.
For protection, the user must disable Adobe Flash and JavaScript in their browser.
Conclusion - it is worth turning off if you are just surfing the network and want to be anonymous, but for work you need a substitution.
The easiest way to change the font imprint is to change the page scale. If you wish, you can pick up an extension in Mozilla for this purpose.
There are tests of this fingerprint on the network, you can try.

WebGl Fingerprint
The technology is responsible for speeding up and working with graphics, is part of Canvas.
Microsoft at one time called for abandoning WebGL due to its vulnerability to external attacks.
Its essence lies in the fact that 3D triangles are drawn, then effects, a gradient, various anisotropic filtering, etc. are superimposed on it. Then it is converted into a byte array, to which various information about platform-specific constants that are defined in WebGL are also attached. There are a lot of these constants, there are dozens of them - this is the color depth, and the maximum size of textures, etc. As a result, all this information is added to our 3D triangle image.
The version of the drivers, the version of the video card, the OpenGL standard in the system, the version of the shader language - all this will affect how this image is drawn inside. And when it is converted to a byte array, it will be different on many computers.
Through the fingerprint, information about the user's video card is communicated.
What to do, you ask. It can be disabled by plugins, but we are interested in substitution.
Since WebGl is part of Canvasa, it can be partially spoofed using one of the Canvas spoofing plugins.
A complete substitution occurs with the manipulation of the video card.
On the virtual machine we configured through VirtualBoxHardened, with the specified commands and parameters, it had its own fingerprint, which was different from the main one.
In such a machine, in the Device Manager, instead of the “Virtualbox Graphics Adapter”, you can see “Standard VGA graphics adapter” with its drivers and identifiers preinstalled along with Windows. As a result, a complete substitution of the video adapter device in the virtual machine was performed. When we installed Windows on a virtual machine, he saw there not a VBox video adapter device as usual, but a full-fledged PC with its own hardware, and therefore the drivers were just what we needed. Hence the substitution of the imprint.

Сanvas fingerprint
The method itself is quite clear: when you enter a site with the user tracking code installed, such a resource asks the user's browser to draw a hidden image, and text is drawn using the fonts and renderer available to the system. The font set and anti-aliasing methods are slightly different on different machines. The renderer depends on the browser version, OS and even GPU. As a result, the rendered image is unique.
There are various browser plugins that disable Canvas, such as this one:
https://github.com/kkapsner/CanvasBlocker

Mouse fingerprint
It is widely used in various fields - from the simplest anti-fraud systems to government tracking programs.
Like many other things implemented via JavaScript
To protect against mouse fingerprint technology, it is recommended to disable JavaScript in the user's browser.

Ubercookie
The new technology, which was invented by a researcher from Barcelona, Jose Carlos, allows you to identify a user even in the TOP network.
According to Jose Carlos, the Ubercookie technology is one of the main methods for deanonymizing users of the TOP network and is actively developing in the field of anti-fraud due to its effectiveness.

Evercookie (persistent cookie)
A small file ends up on your PC. It multiplies and multiplies furiously throughout the system, hiding from you in hidden folders / files.
Evercookie is a very smart plugin that can save your data almost anywhere. Evercookie uses all available browser storage - modern HTML 5 standard, Session Storage, Local Storage, Indexed DB and others.
For the average user who does not know all this, it is simply impossible to delete these cookies. You need to visit 6-8 places on your hard drive, do a number of manipulations in order to just clear them. Therefore, the average user, when visiting a site that uses evercookie, will most likely not be anonymous.
Despite all this, evercookie does not work in incognito mode.
For everyone else, of course, there is a solution.
The method allows you to protect the system from this infection - a properly configured antidetect machine will accept Flash cookies, Local Shared Objects-LSO cookies will gladly, but all of them will be sent to our RAM. As a result, the system sees that we accepted cookies, but, in fact, they did not fall on our PC, as a result of which they did not register there and could not multiply, causing us harm. After we finish working with the site, we close the browser window, cookies will be deleted from RAM.

WebRTC Fingerprinting
WebRTC is a peer-to-peer communication standard over audio streams, or it is an audio communication standard in modern browsers. It allows you to make audio calls, etc.
Why is she so dangerous? Because P2P, during the exchange of information, asks for the user's IP address, and WebRTC kindly provides this information to everyone.
Even if a user works through VPN or TOR using WebRTC, the site can easily find out your real IP address.
You can check it on the website whoer.net or ipleak.net.
You can turn it off, but it's better to hide your local IP from the WebRTC service. There is such a solution. As a result, you have WebRTC enabled, but the IP itself is not transmitted. Only your VPN will be detected on top, for example.

Fingerprintjs2
Appeared in 2012, the author does not sleep and updates his brainchild to this day. We wrote about her a little higher.
Its essence is that the code of this library queries the user's browser for all the specific and unique settings and data for this browser and for this system, for the computer.
The entire list of what the code asks is listed here.
GitHub - Valve / fingerprintjs2: Modern & flexible browser fingerprinting library - looking for maintainer
FingerprintJS doesn't use cookies at all. No information is saved on the hard drive of the computer where the browser is installed.
Works even in incognito mode, because in principle it does not use hard disk storage. Has no dependencies and is 1.2 KB gzipped in size.
Currently used by companies such as Baidu, Google in China, MasterCard, the website of the President of the United States, AddThis - a website for hosting widgets, etc. This library quickly became very popular. It is used by about 6-7% of all the most visited sites on the Internet at the moment.

Here's how it works.
The question is: how unique and precise is the definition? The research it was based on was done by the Electronic Frontier Foundation, they had the Panopticlick project. It says that the uniqueness is about 94%, but according to the developer, based on real data that he had, the uniqueness was about 90% -91%.

Audiofingerprint
The so-called audio imprint ends our hit parade.
The method works as follows: using the AudioContext API, low-frequency audio signals are sent to the user's computer, after which it is determined how it processes them, and a unique "sound fingerprint" is created. Despite the complexity, this method is extremely effective.
With its help, law enforcement agencies and advertising services can de-anonymize users via VPN without having to decrypt traffic.
A study was conducted and of the 1 million sites, over 80% had audio fingerprinting technology.
There is a database on the web for May 2016, there is a list of sites that use this fingerprint.
http://webtransparency.cs.princeton.edu/webcensus/data/census_2016
At the moment, audio fingerprinting technology is actively used by the US special services - the FBI and NSA, Europe - by Interpol, and is also gradually taking a leading position in anti-fraud systems around the world. This form of user identification has not yet been investigated so much that even the creators of the TOP browser since May 2016 have been unsuccessfully trying to bypass it.
To protect against audio fingerprinting, it is recommended to completely disable JavaScript in the browser, however, such drastic measures will lead to the complete inability to work with most sites.
Substituted through manipulation of the audio device configured on the aforementioned virtual machine.

Anonymous and not so browsers

1. Tor Browser
Available on Windows, Mac and Linux.
The TOR network is designed for one simple task - anonymous communication. This browser is the most secure.
TOR allows you to hide your location, browsing history, forwarded messages and other confidential data from people or traffic analysis software.
This browser forwards traffic through many individual relays and tunnels in such a way that header parsing is meaningless. To put it simply, instead of a direct transfer from point A to point B, a transfer takes place through a network of many nodes.
A sniffer listening to only one node in this route will never know the source or destination of the intercepted information.
However, the TOR browser also has disadvantages, the main one being speed. Since traffic is forwarded through many nodes, page loading may not be as fast as you would like. If you have a good channel, the problem will not be felt, however, in the case of low speed internet, surfing through TOR can be annoying.
It should be noted that TOR is the best solution in terms of anonymity, but complete privacy is not guaranteed. For example, downloading torrents or illegally watching TV leaves you vulnerable. However, compared to well-known browsers such as Chrome and Safari, the TOR browser is far ahead.

2. Epic Browser
Available for Windows and Mac.
While Epic's browser does not use a dedicated onion network, many options are disabled here that negatively impact your privacy while surfing.
For example, history is not saved, DNS pre-fetching (used to speed up page loading) and cookies are disabled. Also disabled DNS cache and form autocomplete.
After closing the session, the browser automatically deletes all associated databases, settings, contents of the Pepper Data folder and cookies used by the Flash Player and Silverlight plugin.

3. SRWare Iron
SRWare Iron is a free Chromium-based secure browser optimized for maximum performance. SRWare Iron was developed by the German company SRWare as a secure alternative to the Google Chrome browser, which does not 100% protect users from being monitored by websites. SRWare Iron uses the latest version of WebKit and V8, the browser does not track user actions, which ensures a high level of security and privacy.
The main difference between Chrome and SRWare Iron is the improved anonymity. Experts criticize Chrome for using a "Unique User ID". Every time a new session starts, Google is alerted to the use of your data.
SRWare does not use unique identifiers and other security-related features such as search hints.

4. Comodo Dragon Browser
Available for Windows and Mac.
Comodo doesn't even come close to resembling TOR, but it has some built-in tools to improve safety while surfing. For example, it automatically blocks tracking, cookies and web spyware. In addition, this browser has a built-in validation function that separates strong and weak SSL certificates. Antivirus is also used to protect against Trojans, viruses and other attacks.
As with the previous browser, Comodo Dragon is based on Chrome. Accordingly, many users can easily switch.

And now about the not at all anonymous Brave
You've probably heard of the Brave browser, but the company's website explicitly states that the application "anonymously" monitors user activity. In addition, the default search engine is Google, which by itself does not imply any anonymity. The browser start page connects to the brave.com home page and sends certain requests towards it, by default, crash reports are turned on, which are sent along with the characteristics and settings of the browser (and possibly the PC), each time Brave is turned on, it will address requests that are clearly related with their advertisers to deliver targeted ads. The browser blocks ads partially, one might say selectively, even when the ad blocker is enabled.

You can disable it. And change?
Here we will only touch on Firefox, I will talk about other methods and browsers in the next article.
Go to browserleaks.com
Go to the left menu on the site and select JavaScript:

IP, WebRTC
I will not touch on IP and WebRTC here. There is too much talk about these parameters, and, moreover, I will touch upon WebRTC in one of the next articles, namely, how to organize its substitution in a virtual machine with one of the powerful technical solutions for antidetect.
But a link to an article for general development about WebRTC will be skins:
http://incashwetrust.biz/podmena-webrtc.html

Flash
Flash merging IP - must not be skipped. Now many, of course, no longer have an installed flash on your desktop solution, but if there is one and you do not want to get rid of it, then you will have to perform the following manipulations:
It is necessary to modify the mms.cfg file (if Flash is installed on the computer).
If there is no file, then create along the path:
Windows (32Bit): C: \ Windows \ System32 \ Macromed \ Flash \
Windows (64Bit): C: \ Windows \ SysWOW64 \ Macromed \ Flash \
And write at the end of the file: DisableSockets = 1
But it is better to demolish it anyway, it is practically no longer needed anywhere. Since the same plugins are drained through it.

Time

We look at the system. It would seem that they set the time as at the location of the proxy / ip and that's it? No, this is not enough. Some of the technical points that will merge you:
- Accordingly, the time itself and the coincidence with the IP time zone.
- The system time has text in brackets (London, standard time). Sometimes it happens that it says, for example, Saudi Arabia (there was such a problem on one of the machines), although everything is indicated correctly in the time settings in Windows. As it seems to me, this is due to the Windows itself and you can only change it by demolition and reinstallation with a different image. All virtual machines hosted on it had the same problem as Zennoposter.
- Deviation in seconds. As you can see the difference between local and system here is 21 seconds. How many cars with the same time deviation can be logged into Facebook accounts in a row? And even more so on the same IP subnet?

Language
The language, namely, the percentage of one (q = 0.9 or 90%) of the user is determined by his history and cookies. The higher the value, the higher the likelihood that the user is using this language as their native language.
The value after the forward slash in the Title and JavaScript is determined by the settings in the browser. (In Chrome: Settings -> Advanced -> Languages -> Language).

Before changing settings in Chrome.

After changing settings in Chrome.
The value in brackets 100% will be different for different virtual machines with different history in the browser.

TCP / IP stack fingerprinting (Passive OS fingerprinting)

As for the operating system, I will not debate anything, the virtual machines close this case for sure. The last parameter, TCP / IP.
https://www.netresec.com/index.ashx?page=Blog&month=2011-11&post=Passive-OS-Fingerprinting
In short - the MTU value for wired Internet and some Wi-Fi modems should be 1500 (maximum value).
Mobile operators have 1400 or 1500 (sometimes there are less than 1400, usually a multiple of 10, such as 1380). Some usb modems have 1340-1380, same usb modems 1340.
Also, the text value (Windows NT kernel) gives you a user not as a mobile operator, but on the desktop Internet. The same Android user will have at least a text about Linux 2.2.x-3.x, etc. Sometimes some (Megafon modem) have an inscription about VPN.
Why am I all this? If you emulate a mobile user, but sit with a modem - this item will give you up with giblets. Bad VPN / Proxy rental service providers who do not bother with such a security setting will also "give up" with this item. Moreover, they may close the problem with the numerical value of MTU, but very few people on the market have solutions with a text value at the moment.
One of the solutions: there is an emulation of a mobile device - use a mobile device to distribute the Internet. From a desktop - of course a desktop, a modem, a cable.

DNS
I don't see anything wrong with DNS from Google ( 8.8.8.8 and 8.8.4.4 ), but at a distance using only it on one subnet is already a suspicious thing for AI. Better, as for me, to use the standard DNS of your subnet:
- Gives you a less experienced computer user;
- The distance to DNS servers is closer (Google has the nearest ones in Finland);
- Different subnets - different DNS.

Navigator
The data we need:
hardwareConcurrency - the number of cores.
deviceMemory - the number of GB of RAM.
In my opinion, there is no need to replace them if they are more or less standard (for example 4 and 4). But if you have a car with 32 GB of RAM, it will be a bad sign at a distance.
Here, in terms of substitution, I cannot suggest anything (at least in this article at the moment, since I use my templates for this). But in one of the next articles I think I will.
The remaining data in the Navigator submenu does not matter, the virtual machine closes the problem with it.

Plugins
If chrome - you will be shown a more or less standard set of three plugins. Naturally, the site sees more of them. To do this, you must have a set of links to the most popular 25-30 plugins and install 2-3 plugins each time you set up your own antidetect browser.

Location
I see no point in discussing the location, since if the IP is configured correctly, the location will be tied to it.

Screen resolution and bitness
There is no reason to be perverted and use some obsolete computer permissions. You can use the standard and most popular 1366x768 and it doesn’t take too much steam. Of course, at a distance of 50-100, it is already necessary to change something, but I do not think that the negative from AI will go according to this parameter. Most popular permissions statistics:
https://www.w3counter.com/globalstats.php
http://gs.statcounter.com/screen-resolution-stats
Bitness 24 is the standard. And there is no point in changing it.

HTTP headers
Virtualka also closes the problem with them.

JavaScript
What are we paying attention to?
The screen resolution parameter also has such a parameter as the viewport (the working area in the browser). That is, because of the address bar and tabs in the browser, the taskbar strip at the bottom with the start button and the scroll button in the browser on the right, the viewport resolution will differ downward from the screen resolution. This should be taken into account if you emulate, for example, a resolution that is larger than the monitor screen size (let 1920 × 1080), but leave the viewport the same as at a lower resolution (for example, viewport 1349 × 657, which belongs to the 1366x768 resolution). This will be very harmful for detection systems, especially if it is repeated.
I don't touch on the doNotTrack parameter , it doesn't really affect anything when working with the same virtual machine, rather, its forced change already allows you to think of you as a more sophisticated user.

Battery Status API
I specifically checked whether the latest version of Chrome has a drain for this parameter by turning off my laptop from the network. It has:

Therefore, when working with a laptop, you need to have a 100% charge and a constant connection to the network (when logging out and logging into different accounts, especially in the same IP subnet).

Web Audio API
I'll touch on when discussing AudioContext Fingerprint (below).

Installed Plug-Ins
I touched on in the last article. Keep a list of links to the 30 most popular plugins and install randomly every 3-5 times.

Silverlight​

Next, in the left menu, skip Flash (as discussed in the last article) and select Silverlight.

If you see this inscription, then everything is fine and you have one of the latest versions of your browser (checked on the latest Chrome and Firefox), which does not support this outdated and insecure plugin.
In the same case, if it is present and you do not want to get rid of it, then it is worth clearing all the data on your virtual (host) machine every time along the way:
C: \ Users \% Username% \ AppData \ LocalLow \ Microsoft \ Silverlight \ is \

Java Applet
The next item in the menu on the left is Java Applet.

As you can imagine, the situation is the same here as with Silverlight. An outdated and insecure plugin that has been removed from support in newer versions of browsers. So outdated I won't even tell you how to enable it. Do you need it?

WebGL
I will tell you only with changing the values: Unmasked Vendor, Unmasked Renderer and WebGL Report Hash (which changes after changing the first two). And only for Mozilla. I will analyze the latter meaning later in one of the following articles.
To do this, type about: config in the address bar, then type Vendor in the search and change it to any value. For example, just Mozilla.

Next, enter Renderer and select webgl.renderer-string-override:

I entered for example ANGLE (Intel (R) HD Graphics 620 Direct3D11 vs_5_0 ps_5_0).
WebGL Report Hash should change for us too. But with Image Hash you have to work hard. I will leave this moment, perhaps I will supplement it, but while I do not have a handicraft solution for this point, I can only say that it is different in different browsers. I do not need this, since I have my own self-written browser, where this moment is automatically replaced.
You can, of course, block access to WebGL - but this is a powerful call to Zucker and a quick subsequent ban.

WebRTC Leak Test
With WebRTC, I can highlight one thing here - the so-called Media Devices. Again, this moment is changed in my browser, but here I can tell you that you can add some devices to this list using the Virtual Audio Cable program (found on torrents). Play around with this program, no matter what parameters you change. The main thing is to change the final value of the audio footprint.
About the presence / absence of a video camera and a microphone - a request is provided by the site and the user himself confirms whether or not he wants to provide the site with access to them. So there can be no drain here.

Canvas Fingerprint
You can use the Canvas Defender extension to replace the Canvas fingerprint. It is available for both Mozilla and Chrome. Yes, this is pale to some extent, for sure the sites can pull up that you are using this extension at the moment. But if there are no other ways out, then you can do just that.
Alternatively, in Mozilla you can go to Settings and find this section in the General menu:

Select Advanced ... and uncheck the box next to Allow websites to use their fonts instead of the ones above. Let's save the changes. And now let's select the default font (supporting Cyrillic) with some size (better standard).
This will change our Canvas (like the Font Fingerprint, by the way).

Font Fingerprint
As I said in the last article - you need to have a set of fonts, randomly install some of them before starting a new virtual machine, for example. I will add some thoughts - it is necessary to install the most popular fonts (and have a set of the most popular fonts). Since when pulling using JS, the site pulls the installed fonts according to its internal list (that is, it may not detect your overseas fonts and your fingerprint will be similar to the past). He can pull out the entire list only with the help of Flash, which has been disabled for a long time.

Content filtering
What I was talking about. Canvas Protection fizzles out and the alternative solution is better in this regard.

Adblock is firing, it's natural, BUT ESPECIALLY a non-standard and repetitive set of block lists will be fired. The way out is not to use Adblock, or not to touch it in any way, so as not to differ from a group of people.

Features Detection
A huge set for the selection of any working / non-working parameters on the machine. What can you say? When an account is banned on a virtual machine and you did not demolish the Windows or clean everything thoroughly, it is possible that this set remained and will give you its fingerprint on the next account. That is, do not install unnecessary drivers like the KLite Media Codec Pack. Of course, you do not need to peer at each stage, but compare, for interest, what values you have on the host and virtual machines for Modernizr.video.h264 and, for example, Modernizr.jpeg2000 and Modernizr.jpegxr. On the host machine, h264 is probably true, but on virtual machines it is not. And the values from jpeg both there and there are false... This is quite a normal thing, but if there is something unusual and for a long time, this will again make an unfavorable imprint on you in the eyes of anti-fraud systems. You should not cling to this, as to one of the moments of the ban, but with a chain of values where the drain will occur - this will play more negatively than vice versa.

More Tools
Select More Tools next and I will explain some of the options:
Firefox Resources Reader is not up-to-date, as it was drained on older versions of Firefox. The drain consisted in the fact that Firefox gave out that it was Firefox and merged some data hashes that were stored in its JS files.
ClientRects Fingerprinting - The method of fighting is exactly the same as with Canvas . That is, changing the default font in Mozilla.
CSS Media Queries - Should be different on different virtual machines.
Social Media Login Detection is one of the most interesting things about this article as I haven't seen any thoughts about it anywhere. As you will notice, the site will determine on your machine which of the social networks you are logged into. And, for sure, Facebook will do the same before your registration. How unpleasant it will be for him to be your very first social network in which you will be registered, do you agree? Save this list to yourself and every time before registering register to any of them randomly.

audiofingerprint.openwpm.com​

I use a separate site audiofingerprint.openwpm.com for the audio print . As I said above, to change it, you need to play around in the installed Virtual Audio Cable program. To check your fingerprint, click Fingerprint me! and see.

How can I check my safety?
There are several resources out there that use the same data collection methods, but show you the weak points in your settings. By visiting such sites, you can clearly see how likely it is that you are identified on the network:
You can check your browser for disclosure here: https://browserleaks.com/
And this site from American human rights defenders will allow you to analyze your anonymity on the web: https://panopticlick.eff.org/
Another good resource showing exactly what flaws can compromise your anonymity on the network and how anti-fraud systems respond to these anomalies: https://www.whoer.net/
Are you still reading and are not crazy about all these methods of collecting your personal information? It means that you are with us on the way and you take care of yourself and your safety. So we will definitely tell you how to protect yourself.
Take care of yourself and remember: safety comes first. Do not be lazy and set everything up correctly.

You have been fucked, fucked and will be fucked. The state, hackers, officials. It is impossible to stop this swinger party. But I'll teach you how to protect yourself.
I will show and tell you something that Hacker magazine does not write about and that other channels do not tell or simply do not know. Find here a selection of the best cybersecurity articles and videos. Everything from Wi-Fi audits to auto openings (if you've lost your keys). And also hot news with author's comments.