Update browser-fingerprinting.md

docs/advanced/browser-fingerprinting.md

@@ -0,0 +1,81 @@
+---
+title: "Browser Fingerprinting"
+icon: material/fingerprint
+description: Browser fingerprinting is a method of tracking users across sites regardless of their network.
+---
+
+**Fingerprinting** refers to a service collecting metadata about whatever connects to it, for the purposes of identifying a user. In this overview we are largely going to cover **browser fingerprinting**, specifically how websites try to uniquely identify your web browser outside the standard identifiers most people think of, like your IP address or user agent.
+
+<div class="admonition abstract" markdown>
+<p class="admonition-title">TL;DR</p>
+
+The **only** reliable way to thwart all fingerprinting scripts and be anonymous is to use [Tor Browser](../tor.md). Other browsers can only confidently fool certain tracking scripts, and will never be completely unidentifiable despite any claims otherwise. However, the anti-fingerprinting approaches used by other browsers and described here are still useful in protecting your privacy.
+
+</div>
+
+Many people think their browser fingerprint is a single thing, like your actual fingerprints, a string of characters like `XP2urbkhQIaHyMQYXYv4` that uniquely identifies their browser, and if they can get theirs to match everyone else's they are safe. However, browser fingerprinting actually refers to the broad collection of all the different metrics which websites can use to track you.
+
+While many websites or fingerprinting scripts do take all those metrics and hash them into a single identifying string with a fingerprinting algorithm, the algorithms and the metrics they use to create that fingerprint varies between different trackers. In other words, just because one fingerprinting test says your browser's fingerprint is non-unique, or randomized, or any certain thing; doesn't necessarily mean that it will be for every other fingerprinting test or tracker out there, because every method of fingerprinting your browser is different.
+
+Many non-experts will claim that using Firefox or enabling its fingerprinting resistance preferences will make you *more* unique, give you *less* privacy, and make you "stand out in the crowd." However, if you instead do nothing at all then your browser will *already* be uniquely identifiable. Thus, the "crowd" of Google Chrome or Safari users these people will claim exists in fact does not, because you can't blend in to a crowd filled with completely unique browsers. A [study](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/cross-browser-fingerprinting-os-and-hardware-level-features/) published in 2017 demonstrated an approach that could uniquely identify 99.24% of users, without even taking into account their IP address.
+
+==When you are already completely unique, becoming "more unique" is impossible.== In reality, these fingerprint resistance features are generally not meant to make your browser unidentifiable at all, they merely block tracker scripts from collecting certain metrics, which in turn *can* make your browser unidentifiable to certain—but not all—tracking scripts which rely on those metrics.
+
+## Common metrics
+
+Your browser sends lots of data to the websites you visit, and even more data can be detected by clever tracking scripts. Some data points which—when combined—can be used to identify you include:
+
+- Your time zone
+- The fonts you have installed
+- The size of your browser window (or screen size)
+- Your language
+- Your timezone
+- Extensions you have installed[^1]
+- How fast your computer is[^2]
+- And much more...
+
+Some of these metrics are stronger or weaker than others, your browser window size is a weak tracking metric because it is easily changed, while your fonts or timezone are a stronger identifier because they are relatively static, for example. Combined with—or even without—the tracking factors people typically think of, such as your IP address, tracking cookies, and user agent; metrics like these can easily pinpoint particular browsers across the web.
+
+Another common fingerprinting technique is "canvas fingerprinting," which uses WebGL to determine information about your graphics drivers and GPU (or CPU).[^3] In 2022 this was expanded upon in a [research paper](https://www.ndss-symposium.org/wp-content/uploads/2022-93-paper.pdf) which described methods of using canvas fingerprinting in a way which could effectively identify users with "similar hardware and software configurations, even when they are considered identical by current state-of-the-art fingerprinting algorithms." Tor [considers](https://2019.www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability) canvas fingerprinting to be "the single largest fingerprinting threat browsers face today."
+
+[^1]: In some cases the extensions you have installed can be [directly detected](https://z0ccc.github.io/extension-fingerprints/) by websites. In other cases, the behavior of your installed extensions can be observed to fingerprint you. A website can detect whether your ad blocker blocks certain domains for example, which can give it an idea of the ad blocking lists you have installed.
+[^2]: Browser benchmark tests can be used to determine CPU features, such as whether it supports hardware AES encryption or Intel Turbo Boost by finding the time it takes for your computer to perform a simple calculation or cryptographic algorithm. Browser hardware APIs such as Chromium's [Battery API](https://developer.mozilla.org/en-US/docs/Web/API/Battery_Status_API) can also be used to detect short-term information about your system like its current battery life.
+[^3]: A 2012 paper "[Pixel Perfect: Fingerprinting Canvas in HTML5](https://hovav.net/ucsd/dist/canvas.pdf)" demonstrated that canvas fingerprinting produces 5.73 bits of entropy, based on the browser, operating system, and GPU hardware configuration of the computer.
+
+## Types of tracking scripts
+
+In general, we can classify fingerprinting software into two categories: **naive** and **advanced**.
+
+**Naive** trackers can be fooled by standard anti-fingerprinting techniques like Firefox's "resist fingerprinting" or Brave's fingerprint randomization features, because they only look for a few predetermined metrics and will blindly accept whatever values your browser provides.
+
+On the other hand, **advanced** fingerprinting scripts can detect randomized values created by your browser (this is always possible) with varying levels of sophistication, going to greater lengths to fingerprint you than most anti-fingerprinting methods can protect against. The only way to defeat advanced scripts is by blending in with a crowd of other identical looking browsers, which is no easy feat.
+
+==The good news is that most fingerprinting scripts you will encounter on the internet are naive==. They don't bother trying to detect and bypass anti-fingerprinting methods, because they are relatively uncommon, so **any** anti-fingerprinting measures you can implement will work effectively towards thwarting those trackers. This is not to say that fingerprinting cannot or will not become more sophisticated and widespread in the future, but for now most standard anti-fingerprinting approaches are enough.
+
+## Anti-fingerprinting approaches
+
+Broadly speaking, there are three ways that browsers usually try to deal with fingerprinting. In increasing levels of protection:
+
+1. Blocking known fingerprinting scripts.
+2. Randomizing your fingerprint.
+3. Presenting a uniform fingerprint.
+
+There are advantages and disadvantages to each of these approaches, and generally they cover distinct threat models, but all approaches ultimately try to make it more difficult for websites to track you across the internet.
+
+[Firefox](../desktop-browsers.md#firefox) out of the box takes the first approach, which is to simply block third-party requests to "companies that are known to participate in fingerprinting." This is the *safest* approach, because it results in almost no website breakage, but it also provides the least protection, because it relies on identifying trackers in advance. It also does little to block first-party tracking. You can generally achieve similar results in any browser with an extension that blocks known trackers, like [uBlock Origin](../browser-extensions.md#ublock-origin).
+
+Firefox is *capable* of much stronger fingerprinting protections, although those settings are typically not easily accessible and are not enabled by default. You can use a tool like [Arkenfox](../desktop-browsers.md#arkenfox-advanced) to increase your protections closer to what is provided by Tor Browser (explained below), but it requires more technical effort on your end.
+
+[Brave](../desktop-browsers.md#brave) largely takes the **randomization** approach, by changing fingerprintable metrics in ways which are imperceptible to the person using the browser, but confusing for machines on the other end. This approach gives your browser a completely unique fingerprint, **but** that fingerprint *changes* for each website you visit, so those metrics can't be used to track you across different sites. The benefit of this approach is that website breakage is minimized, because the browser can keep a lot of features enabled and simply randomize their outputs a bit.
+
+However, randomizing your fingerprint does not provide complete protection. Artificial randomization can be detected by websites, and the original entropy from the raw source data still exists. In some cases the randomization implementation has been reversible in practice. Brave's Web Audio API's randomization was at one point [reversible](https://fingerprint.com/blog/audio-fingerprinting/#reverting-brave-standard-farbling) for example. There may also be other indirect ways of learning about the original non-randomized data. Bypassing or de-randomizing these randomized outputs are all techniques which could be utilized by *advanced* tracking scripts.
+
+[Tor Browser](../tor.md#tor-browser) and [Mullvad Browser](../desktop-browsers.md#mullvad-browser) take the more extreme approach of **blocking** access to fingerprintable metrics in the first place, and making other fingerprintable metrics non-unique, so that your browser is as similar as possible to other browsers. Because this is generally achieved by locking down the browser to as minimal a feature-set as possible—in order to make a large plethora of users look identical—it does generally come at the cost of frequent website breakage. However, it is the only way to thwart *advanced* tracking scripts.
+
+Many other browsers do use similar techniques to protect your privacy, but to a far lesser extent. Safari, for example, only makes a select list of system fonts available for websites to access regardless of the fonts you actually have installed.
+
+## Further Reading
+
+Browser fingerprinting is a very complex topic. These resources may be useful in obtaining more technical background information:
+
+- The [Arkenfox](../desktop-browsers.md#arkenfox-advanced) user.js [documentation](https://github.com/arkenfox/user.js/wiki) is a very comprehensive resource about fingerprinting and Firefox's anti-fingerprinting protections, which was used extensively while writing this article.

docs/search-engines.md

@@ -0,0 +1,132 @@
+---
+meta_title: "Recommended Search Engines: Anonymous Google Alternatives - Privacy Guides"
+title: "Search Engines"
+icon: material/search-web
+description: These privacy-respecting search engines don't build an advertising profile based on your searches.
+cover: search-engines.webp
+global:
+ - [randomize-element, "table tbody"]
+---
+Use a search engine that doesn't build an advertising profile based on your searches.
+
+## Recommended Providers
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
+
+Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
+
+| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+|---|---|---|---|---|
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
+
+### Brave Search
+
+<div class="admonition recommendation" markdown>
+
+![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right }
+
+**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
+
+[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
+
+</details>
+
+</div>
+
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
+
+### DuckDuckGo
+
+<div class="admonition recommendation" markdown>
+
+![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ align=right }
+
+**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
+
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
+
+[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://help.duckduckgo.com){ .card-link title=Documentation}
+
+</details>
+
+</div>
+
+DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
+
+### Startpage
+
+<div class="admonition recommendation" markdown>
+
+![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
+![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+</details>
+
+</div>
+
+Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregates the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
+
+<div class="admonition recommendation" markdown>
+
+![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right }
+
+**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
+
+[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
+[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
+[:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
+
+</details>
+
+</div>
+
+SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
+
+When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities.
+
+When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must not collect PII per their privacy policy.
+- Must not allow users to create an account with them.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should be based on open-source software.
+- Should not block Tor exit node IP addresses.

docs/tools.md

@@ -181,6 +181,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji loading=lazy } [Brave Search](search-engines.md#brave-search)
 - ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji loading=lazy } [DuckDuckGo](search-engines.md#duckduckgo)
 - ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji loading=lazy } [SearXNG](search-engines.md#searxng)
+- ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji loading=lazy }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji loading=lazy } [Startpage](search-engines.md#startpage)
 
 </div>
 

mkdocs.yml

@@ -393,6 +393,7 @@ nav:
           - "basics/email-security.md"
           - "basics/vpn-overview.md"
       - !ENV [NAV_ADVANCED_TOPICS, "Advanced Topics"]:
+          - "advanced/browser-fingerprinting.md"
           - "advanced/dns-overview.md"
           - "advanced/tor-overview.md"
           - "advanced/payments.md"

theme/assets/img/search-engines/startpage-dark.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 122"><g fill="none" fill-rule="nonzero"><path fill="#6573FF" d="M19.61 43.202c.468-12.964 10.896-23.35 23.862-23.767 12.966-.417 24.04 9.28 25.338 22.187 6.56.067 13.113.247 19.66.54C87.332 18.182 67.285-.518 43.284.011 19.284.54.08 20.106 0 44.112v.89a577.397 577.397 0 0 1 19.61-1.8Z"/><path fill="#E5E8FF" d="m78.68 71.932.2-.25a43.63 43.63 0 0 0 9.27-21.83c-6.667-.04-13.333.037-20 .23a24.68 24.68 0 0 1-46.8 3.29c-6.6.74-13.193 1.594-19.78 2.56 5.337 19.169 22.792 32.433 42.69 32.44A43.8 43.8 0 0 0 63 84.202l.28-.13.2.24 27.52 33.3a9.76 9.76 0 0 0 7.55 3.55 9.88 9.88 0 0 0 6.24-2.24c4.159-3.453 4.74-9.62 1.3-13.79l-27.41-33.2Z"/></g></svg>

theme/assets/img/search-engines/startpage.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 122"><g fill="none" fill-rule="nonzero"><path fill="#6573FF" d="M19.61 43.202c.468-12.964 10.896-23.35 23.862-23.767 12.966-.417 24.04 9.28 25.338 22.187 6.56.067 13.113.247 19.66.54C87.332 18.182 67.285-.518 43.284.011 19.284.54.08 20.106 0 44.112v.89a577.397 577.397 0 0 1 19.61-1.8Z"/><path fill="#212649" d="m78.68 71.932.2-.25a43.63 43.63 0 0 0 9.27-21.83c-6.667-.04-13.333.037-20 .23a24.68 24.68 0 0 1-46.8 3.29c-6.6.74-13.193 1.594-19.78 2.56 5.337 19.169 22.792 32.433 42.69 32.44A43.8 43.8 0 0 0 63 84.202l.28-.13.2.24 27.52 33.3a9.76 9.76 0 0 0 7.55 3.55 9.88 9.88 0 0 0 6.24-2.24c4.159-3.453 4.74-9.62 1.3-13.79l-27.41-33.2Z"/></g></svg>