Just checked https://coveryourtracks.eff.org/ with the safest level in Whonix and got
Our tests indicate that you have you have strong protection against Web tracking, though your software isn’t checking for Do Not Track policies.
Is your browser:
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Yes
Perhaps fewer users use the safest level indeed, but you are still anonymous among them, which should be fine for most cases.
I think not having it enabled is ideal (especially if not using Tor Browser). Telling someone you don’t want to be tracked makes you more fingerprintable… The irony.
Tor’s safest security level, it makes us anonymous, but also not many website we can open.
How about this idea, can we create a script, or tor extension maybe,
that can generate random 100 requests to any random website,
for each time we make 1 request,
so our actual request is hidden between other 100 requests,
good idea ? or useless ?
or maybe this kind of extension is available already ?
Or maybe, if we may have a shared account,
for example shared google account,
that can be used together by thousands of user,
for browsing and so on,
so user could not be tracked,
good idea ? or useless ?
or maybe this shared account available already ?
You are describing Invisible Internet Project. Every user in I2P is also a relay node, which makes it much harder to follow the trafic. Also torrents work well and help the network, not harm it like in Tor. I wish Qubes OS would support it natively like Whonix.
There is no reason for Google to support such use case, it will probably be banned. Google revenue comes from tracking users.
But it’s a bit off-topic in this thread.
You are describing Invisible Internet Project . Every user in I2P is also a relay node, which makes it much harder to follow the trafic. Also torrents work well and help the network, not harm it like in Tor. I wish Qubes OS would support it natively like Whonix.
wow, that’s cool, so now we can use VPN Whonix Tor I2P.
any disagreement about I2P ? why nobody mention it before in this thread ?
AFAIK it’s very promising, despite not too popular.
Probably because this is not the topic here. The topic is fingerprinting. Fingerprinting is as big a problem in clearnet as it is in Tor and in I2P. If your browser does not protect from fingerprinting, then I2P will hardly make you anonymous.
I2P was discussed several time in the mailing lists: one, two, three.
Upd:
Anonymity set is the key term here. It answers the question of how many people have the exact same configuration as you.
If you put the slider on maximum security, you are probably among the few that do that. On the other hand, it also decreases the fingerprintability. So it’s a non-linear tradeoff. Maybe someone wrote a paper on this.
All kinds of ideas have been experimented by the anonymity reseach community. That is certainly one of them. But very few systems like so prooved to be usable in practice.
If you’re curious about this stuff and don’t mind digging into academic articles (if you haven’t found already) I’d suggest you take a look at the anonbib:
https://www.freehaven.net/anonbib/
Anyways, let’s get back on fingerprinting discussion.
Thank you
Maybe it doesn’t help much, but just let me share,
an article here said that iPhone 11 Pro Max,
can prevent browser finger printing.
https://smartphones.gadgethacks.com/how-to/4-best-phones-for-privacy-security-2020-0176106/
It often strikes me that there is a real confusion between
fingerprinting and traceability. (Not saying that anyone in this thread
is example.)
Fingerprinting may aid in tracing, but it need not. But if you are
traced, then an (almost) unique fingerprint will contribute to
identification.
Good use of Tor, and Qubes features, can help to reduce the risk of
tracing. Again, if you are traced, they will contribute to
identification.
The most important thing is to really understand the issues around
traceability and identification and take steps to mitigate them. This
probably requires more work than most people are prepared to do.
wow, okay, so how famous people can protect their digital privacy ?
For example, actor, actress, politician, not all of them are computer literate,
Assuming that, for sure their digital life will be obsessively traced.
even not all people, who work in IT industry, are privacy & security literate.
I am sorry, off topic again, or maybe need to create new thread about traceability.
So what else contribute to traceability ?
is there a way to measure our traceability ?
similar to amiunique to measure our fingerprint
Feel free to. But please try to keep it Qubes-oriented. Otherwise https://forum.privacytools.io/ may be more adequate. Even on this thread is going a bit off of Qubes’ orbit.
wow, okay, so how famous people can protect their digital privacy ?
For example, actor, actress, politician, not all of them are computer literate,
Assuming that, for sure their digital life will be obsessively traced.
even not all people, who work in IT industry, are privacy & security literate.
I said - Fingerprinting may aid in tracing, but it need not. But if you are
traced, then an (almost) unique fingerprint will contribute to
identification.
You said - wow, okay, so how famous people can protect their digital privacy ?
For example, actor, actress, politician, not all of them are computer literate,
Assuming that, for sure their digital life will be obsessively traced.
even not all people, who work in IT industry, are privacy & security literate.
I don’t understand how this comment relates to what I wrote, and it seems
to bear no relation to the question of traceability.
“famous people” protect their digital privacy the same way that anyone
else does - or perhaps, “anyone else with money” does.
Sometimes they are successful, sometimes not.
Look at the Fappening, Hillary’s emails, etc, etc.
Fingerprinting may aid in tracing, but it need not. But if you are
traced, then an (almost) unique fingerprint will contribute to
identification.
it means, we are still traceable, even if we manage to remove our fingerprinting.
right / wrong ?
which then your statement make me conclude, it is hard to be untraceable.
because other privacy tools, vpn, whonix, tor, etc,
are easy to setup, just download and use,
but fingerprinting is difficult to remove.
therefore I asked, how famous people protect their digital privacy,
because they are the most targeted by million of obsessive tracers.
so please help me with my question
We seem to be at cross purposes.
Here are some analogies that may help -
I (probably ) have unique prints on the end of my fingers - that by
itself will not help to trace me. But once I have been traced those
prints will be enough to identify me.
I have somewhat unique DNA, but because of where I am, a sample of that
DNA will contribute to tracing me.
As to answering your question about “famous people”, I tried to do so.
I need to add a note here because the security of qubes is often mistaken for privacy. And I want people to be aware of this.
Having different qubes (although great for security) does little for privacy. Through fingerprinting websites can track you across different qubes (beacuse they are so similar).
The moral of the story is that if you want privacy you need to use qubes based on whonix-ws-15 and whose netvm is sys-whonix. For a lesser degree of privacy you can setup a vpn ProxyVM and then a qube with a browser with some privacy addons.
Recommended reading: FAQ Qubes | What about privacy in non-Whonix qubes?
See also:
This is a process that has been ongoing for me since at least around 2010.
I do know for a fact that always blocking ads & then running Brave for around 3 years has blocked a LOT of data collection from the simple fact that I never really get any tailored ads. The only exception is airlines really.
My Qube number 1 will be for open and official data. Will keep my old Gmail account along with banking and government contact there, probably even without a VPN.
Number 2 will be for cryptos and all sorts of services that are a bit more sensitive. As a lot of this comes with KYC and such it will still be “official” but with a VPN or sometimes using sys-whonix instead I guess.
Number 3 is then based on data that should have NO connection to the others. In other words this one is where I build another online presence from scratch. (Not talking about any illegal or black hat antics here, merely NOT giving any real data)
This is where I’ll do anything from reading & posting on forums that belong to this level of sensitivity, keep some of my privacy coins and in general feel pretty secure that there will be no direct links to Qube 1 & 2 that could lead to ALL of the (scarce) data from this Qube being spliced or connected with the others.
Number 4 remains to be decided upon, but if I build that it will be done via number 3. I do not have any real need for doing this, but if the need arise I will be prepared. Mainly talking about IF there is some very serious situation like a civil war here, I’m living in South East Asia after all. Could even happen that there is some push to “get” foreigners, and I might have to get info, contact helpers or whatever worst case.
Number 5 is for personal writing and files, so that is simple - NO networking for this one! 
Now, I do fully know that all of this is NOT watertight in case someone targets me, But all I want to achieve is to know that I’m not feeding the digital beast more than I really have to, and that I’m also feeding it totally false data when possible & legal.
I’ve done this consistently since I first got online in 95 or so, it simply makes me less stressed
Possible problems could be:
Real MAC address leaking, Will keep it randomised, and never use at least 1 of the Qubes without a VPN. 1 will also always be using Tor
Some activity might get fingerprinted from browsers. Qube 1 & 2 will be using Brave, possibly with two different logged in accounts. Number 3 will be using the Anon distro.
Being sloppy & logging in to services across Qubes. This is definitely the gotcha… Which is why I will put quite some effort into sorting things out, splitting services up & deleting data as well. Getting the right habits is the main thing anyway, its just great to be able to do it in one OS!
I’ll also get onto analysing my own traffic while online too, its been ages since I’ve done that apart from defending a NAS against Chinese bots and so on
Looking forward to getting far better CONTROL again!
Getting the right habit - Yes
The wrong habit will break any security model you put in place.
Adding here - use different templates for qubes in different security
domains. Mix things up.
Also, switching to KDE will allow you to create separate “activities”
for each domain, and let you force windows on to separate activity
screens. This will help reduce the risk of bleeding between different
qubes and domains.
Use the Qubes firewall to enforce separation of network traffic across
netVMs, and qubes-rpc policies to enforce separation of qrexec traffic
in the same way.
If the browser can use gpu, the websites can fingerprint you across different qubes:
I remember that If you log into sites with google account, google will try to combine different accounts that you use into one entity for ad targeting.
Websites can track the movement of your mouse or your habit of using their website if the browser can use javascript.
Potentially, they can try to develop a neural network to fingerprint you base on your behavior. I don’t know how effective will that be.
WebRTC used to be able to leak your private ip. Don’t know if that is still true now.
If your router get infected with virus, the virus might track your browsing habit.
Potentially, the internet service provider (isp) can track data that goes into your household. If the data is not encrypted (not using https), the isp can track your browsing habit.
I remember that If you log into sites with google account, google will try to combine different accounts that you use into one entity for ad targeting.
Obviously something I won’t do at all any longer. Basically stopped doing so when 2020 bankrupted my main company anyway…
Websites can track the movement of your mouse or your habit of using their website if the browser can use javascript.
This one is a tough one… Hopefully it works only on the sites where a TON of resources are put into spying on users, ideally most use should be compartmentalised anyway. Also helps a lot not. being a “normal” consumer at all 
Potentially, they can try to develop a neural network to fingerprint you base on your behavior. I don’t know how effective will that be.
This is the one that is downright scary, especially alongside text analysis which can be quite accurate. Only cure is to develop multiple personalities!
If your router get infected with virus, the virus might track your browsing habit.
Potentially, the internet service provider (isp) can track data that goes into your household. If the data is not encrypted (not using https), the isp can track your browsing habit.
Hard to do anything about this really… Helps to be in a household with lots of people, also hoping that the “official” traffic I’ll leave in the open might act like kinda a honeypot when traffic analysis algos gets scary for real. At that point NOT having any data visible at all might even draw attention!
Its hard work being paranoid for good reasons