this post was submitted on 24 Mar 2026

95 points (99.0% liked)

Privacy

47450 readers

677 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Mullvad Browser and Tor Browser have unique-per-computer persistent IDs on fingerprint.com (lemmy.today)

submitted 1 day ago by someone@lemmy.today to c/privacy@lemmy.ml

33 comments fedilink hide all child comments

I have been testing Tor Browser and Mullvad Browser using fingerprint.com. I get unique persistent identifiers that are unique per machine and persist over rebooting sessions. Javascript was on during this test.

This could be very dangerous to people using Tor Browser and Mullvad Browser.

For example, if someone visits Rainbow Railroad, an organization for leaving repressive countries with hostile LGBT policies, and then watches a video about the organization on YouTube, and then also does something, like create a Discord Server, and use Tor Browser to get around geoblocking but link it to their personal phone number, then a hostile regime buying data from data brokers could possible determine that user is considering using rainbow railroad. Even if this exact example isn't realistic or plausible (although governments do buy form data brokers), users should be aware that persistent identifiers in Tor Browser and Mullvad Browser allow for continuous tracking of a user using the same machine.

I posted this information on privacyguides forum and they deleted my account after, leading me to wonder if the forum is a giant honeypot that curates acceptable privacy discussions and unacceptable private discussions. I honestly wonder if they are infiltrated by the government. They repeatedly delete the posts of other people as well and the whole thing is starting to not sit well with me.

top 33 comments

sorted by: hot top controversial new old

[–] quick_snail@feddit.nl 7 points 5 hours ago

You need to change the safety setting to "safest".

This is why some onion sites constantly popup warnings in JS and annoy you until you make the change.

[–] quick_snail@feddit.nl 1 points 5 hours ago

Privacy Guides is definitely over moderated. They might be infiltrated.

[–] doomguin@piefed.zip 4 points 8 hours ago* (last edited 8 hours ago)

I was able to partially replicate, on safest mode with the minimum js enabled for a result to come up

Tor on mobile gets reliably identified (not a huge surprise, but annoying) regardless of extensions

Tor on desktop did not get reliably identified, even with uBlock

Tor on desktop in "safer" mode, with default noscript, and uBlock enabled, was not reliably identified

[–] RoddyStiggs@lemmy.blahaj.zone 5 points 10 hours ago

Just chiming in to say I learned a lot from discussions and links in this thread. Thanks all.

[–] TankieTanuki@hexbear.net 12 points 23 hours ago

Using JavaScript defeats the purpose of Tor

[–] Dust0741@lemmy.world 38 points 1 day ago (1 children)

Skepticism is good here. However, I was not able to replicate this. On Mullvad and Tor, with "Safer" settings, both gave me a new ID after a browser restart.

[–] someone@lemmy.today 18 points 1 day ago (2 children)

Then this may be happening only with certain distributions or operating systems. It is definitely happening for me, I checked it over and over. "You have visited once." I close Tor Browser, restart, come back to fingerprint.com. "You have visited twice." I also did try this with safer. I did multiple tests. This impacts at least some operating systems or distributions. It may not impact Qubes. I didn't test that, but I am sure it impacts at least some users.

[–] ken@discuss.tchncs.de 7 points 14 hours ago* (last edited 14 hours ago)

Are you keeping at default window size, or resizing? If latter, it is expected. This is a gotcha when using tiling window managers as they often force a window size that may give you off. TB should otherwise start with static fixed window size.

On PG: Very weird vibes and some inexplicable moderation behavior when looking closer indeed. Something is strange there.

[–] Dust0741@lemmy.world 9 points 1 day ago

How are you installing the browsers? Flatpak? AppImage?

[–] technomage@lemmy.ca 3 points 18 hours ago

This could entirely be me being tired, and thus a little stupid right now, but how exactly are you rebooting the system? If it's by hitting the restart button, or powering off and back on, you may be having issues with something getting "stuck" in RAM, essentially. Try fully powering down the machine, disconnect the power cable (and battery if it's a laptop), press and hold the power button for 30+ seconds, then hook everything back up and test again. That should be enough to drain any little bits of electricity stored in the system, thus fully clearing anything that might've been hanging around from RAM. Also, make sure the browsers are fully updated and no outdated extensions/plugins/etc.

[–] fatcat@discuss.tchncs.de 10 points 1 day ago (1 children)

I can actually replicated that. Tor Browser without extensions (only the default https anywhere and noscript) on Mac OS. Pretty scary? Wondering how this works.

[–] fatcat@discuss.tchncs.de 19 points 1 day ago* (last edited 1 day ago)

Aha! I figured it out. Apparently my Tor browser got old extensions in there from older Tor versions (Tor Button and something i can't remember, they were set to deprecated and were disabled). I had Tor literally installed for... over 10 years or something, so I would imagine it didn't reset itself properly after doing one update or another. After removing the Tor Browser data folder and reinstalling it (for good measure, don't think that was necessary), I get random values on the page.

EDIT: One additional thought on that... I feel this is something Tor Browser should consider automatically when applying updates. At least a warning would be good to reset your data once in a while to stay non-unique.

[–] nugnuts@lemmygrad.ml 6 points 23 hours ago

It's wild to post something like this, and say things like "This impacts at least some operating systems or distributions," without indicating at all which ones you're having the experience with.

[–] Staff@piefed.world 12 points 1 day ago (1 children)

Wonder why privacyguides deleted the post

[–] Carmakazi@piefed.social 11 points 1 day ago (2 children)

Whenever someone says they had a moderator action taken against them, I am suspicious. Some mod teams are notorious, sure, but it's almost always a case of unreliable narration.

I imagine behavior like the allcaps reply above had something to do with it.

[–] quick_snail@feddit.nl 1 points 4 hours ago

Most likely 3 letter agencies are raising flags to get it deleted, and mods seeing the reports just ban without thinking.

[–] someone@lemmy.today 7 points 1 day ago

Other users on privacyguides forums have commented on the exact same problem.

[–] SteleTrovilo@beehaw.org 10 points 1 day ago (1 children)

"Javascript was on during this test."

[–] someone@lemmy.today 4 points 1 day ago

I understand: Javascript is not safe. I know that. But most of the internet, except for onions, use javascript and it's nearly impossible to use most of the Internet in web browsers without it. The problem is that if Fingerprint.com can reliable detect differences between users when javascript is on for Mullvad Browser and Tor Browser in certain operating systems, users should be aware. Most people would think Mullvad Browser in "safer" mode would not create a persistent per-computer hash of the browser that can be tracked across sessions.

[–] 0xtero@beehaw.org 7 points 1 day ago (1 children)

Yes, it's by design. You should probably read this https://mullvad.net/en/browser/mullvad-browser

[–] someone@lemmy.today 4 points 1 day ago* (last edited 1 day ago)

They have different unique hashes per computer, so Tor Browser user on "Computer 1" has a unique hash and Tor Browser user on Computer 2 has a unique hash. I have read Mullvad's documentation on their browser. Please re-read the original post.

[–] upstroke4448@lemmy.dbzer0.com 0 points 1 day ago

It has no clue who you are using tor. Just switch the circuit your on.

[+] Ashrakal@lemmy.ml -9 points 1 day ago (1 children)

Isn’t Mullvad browser kind of deprecated? Vivaldi is quite good, despite its closed-source UI components.

[–] nshibj@lemmy.world 7 points 1 day ago (2 children)

No, Mullvad is not deprecated at all (are you maybe thinking of Mull?) Vivaldi is Chromium based, that's a no-go: don't support Google's hegemony by any means

[–] Neptr@lemmy.blahaj.zone 8 points 17 hours ago

Vivaldi is also proprietary. Not a good privacy browser.

[–] Ashrakal@lemmy.ml 1 points 12 hours ago (1 children)

Then that’s great, at some point Mullvad’s browser development slowed down and I had the impression that it was abandoned. Glad that it isn’t.

And of course Vivaldi isn’t the best option out there - it’s just one of the least offending Chromium browsers. Mozilla itself isn’t in too great shape either, sketchy politics and they’re on life support from Google funding.

Firefox forks though? Quite good stuff out there. I’ve heard some recent praise for the Zen browser in particular.

And if you’re on macOS, then Orion browser is a great option (and WebKit-based).

[–] chloroken@lemmy.ml 1 points 9 hours ago

I suspect from what you're choosing to say that you've very, very recently started comparing browsers. You should read more before posting about this topic. Your comments are very uneducated.

[–] eleijeep@piefed.social -3 points 1 day ago (1 children)

If all users have the same fingerprint then nobody is getting fingerprinted.

[–] someone@lemmy.today 4 points 1 day ago* (last edited 1 day ago) (1 children)

All users don't have the same fingerprint. Fingerprint.com is testing other things that Tor isn't covering. So if they are testing canvas and other stuff that Tor protects, and 2 things that aren't protected that give unique identifiers, they still create a unique hash. I did not test this using Tails or Qubes and it may not affect all operating systems.

[–] quick_snail@feddit.nl 1 points 4 hours ago

You also didn't test it in safest mode. Do it again with tor browser not in insecure mode

[–] bad_news@lemmy.billiam.net 0 points 1 day ago (1 children)

Every browser has a unique fingerprint. The advantage of tor browser is EVERY user is matching the same fingerprint so you cannot tell who it is. If you run Firefox with a unique set of plugins, it will be unique to fingerprinting sites, but that is BAD. The fingerprint will identify you as you, rather than 1/all tor browser users on your OS.

[–] someone@lemmy.today 3 points 1 day ago* (last edited 1 day ago) (1 children)

They have different fingerprints PER COMPUTER without any plugins other than default of No Script. I tested this, it is not the same hash for every browser.

[–] bad_news@lemmy.billiam.net 1 points 1 day ago

Are you testing windows v linux? Tor browser started reporting itself as Linux on Linux.