CreepJS is much better (and scarier) at fingerprinting you than EFF. I've not managed to completely fool it yet but I've got my score down to 0% trust, meaning the fingerprint it generates is pretty useless. I suspect the only way to totally fool it (by which I mean spoof my devices) would be to turn JS off completely.
On Safari 17 every time I visit the site it claims it's my first visit, despite a trust score of 57%. Not sure if I'm interpreting the results wrong or ITP is just doing its job.
iOS 17 Safari (especially with enhanced fingerprint protection on) is really good at fingerprint protection. It rotates a few data points like canvas ID so that it makes you look like a new fingerprint each time.
Fingerprint analyzers can find out lots about your fingerprint that way, but if your fingerprint keeps changing, it becomes difficult to identify you. Unique fingerprints don’t mean anything if your fingerprint keeps changing.
There is also, which I tend to trust more since it's a company that literally sells fingerprinting tech to other companies.
It managed to identify me while using the Tor browser on "Safer" (doesn't work on "Safest" due to JS). Edit: this is likely due to an issue with my install, and not the browser itself.
There's a couple issues going on here. Number one is it's unique amongst the people who go to EFFs website cover your tracks. That's not all of the internet users. Hell that's not even most of the internet users. It's pretty niche community.
The bits of identifying information are the critical key here. 16 bits, 2 ^ 16.. 65,000 different possibilities. Each piece of information you give, makes it a little bit easier to track you. Things like language, time zone.. The more bits, the easier it is to identify you. The less bits, the more you blend into the crowd.
This is why multiple people, including myself, have talked about they're professional service, who's targeting websites, who want to track users. So they're incentivized to track as best as able.
Even if you've got a great EFF score, you should always check, to see if they can track you.
Stock browsers give a lot of information, supported system fonts, supported system languages, time zone, canvas size, browser window size, there's a lot of data that leaks out from the browser itself.
Install a weird game that installed a weird font into your system? Well now the entire world can uniquely identify your font combination as you.
Not necessarily bad, the lower the number the harder it is to fingerprint you. In other words, your browser stands out much less and is less noticeable from the masses than the OPs browser.
Generally the more security/privacy tweaks and add-ons you apply to your browser the more secure it gets, but you tend to stand out from the masses more because of the changes, resulting in the 1 in 4,000 type stat. It becomes easier to differentiate your traffic from others.
Whether anonymity or security is more desirable depends on your threat model.
Edit: "Your browser fingerprint appears to be unique among the 186,867 tested in the past 45 days." Evidently I stand out quite a bit 😂
I've an unique fingerprint, but different fp results in every test run, with mostly wrong sys specs, only it shows correct my country, nothing else. Same in Browserleaks.
On LibreWolf, which I use to surf daily, I got one in 180k+.
Afterwards, I tried Tor Browser -which is honestly almost never used- and this was a lot better at one in 6k+. Though this was only in "Safer" mode, I tried testing it on "Safest" afterwards, but an update screwed it up and I somehow couldn't get it back to its standard opening size.
Interestingly, my best result I got once again on LibreWolf. This time, I changed two things:
Enable letterboxing
Disable Javascript entirely through uBlock Origin
This resulted in a one in 800+. I am interested to know how Mullvad browser users fare on Mullvad VPN.