I can't find much info on the fingerprint protection. Has anyone tested it thoroughly? Do we know if it's effective against current fingerprinting methods? Can we actually rely on it, or will it simply be a matter of days/weeks before websites adapt to defeat this protection?
I don't think it's sufficient yet to stop someone determined, but I do think it's a step in the right direction, particularly when combined with a VPN. I'm looking forward to the letterboxing improvements.
Anecdotally, I get a lot more captcha's when it's turned on. I regularly log in to sites and get prompts telling me I need to enter email confirmation codes. I signed up for a service recently that auto locked my account immediately on signup because of "abuse detection".
To be clear, I take those as positive signs. My rough metric is that if privacy invasive sites are mad at me, I'm probably doing something right. So that's certainly not hard proof that it's effective, but it's at least circumstantial evidence that websites that I know fingerprint me get irritated when I turn it on.
If these fingerprint protection tools are effective, my main fear is that websites will simply say "Disable your fingerprint protection if you want to proceed", much like many sites currently do with ad blockers. Or if they don't spell it out in plain English, they'll make you jump through so many hoops that you'll switch it off just to end the suffering.
Trying to interact with any major website using the TOR browser has been a complete nightmare. If you aren't blocked outright, you face CAPTCHAs at every turn.
The fingerprint protection this new setting refers to is simply a blacklist of a couple of known JS fingerprinters. Those are not relevant for the majority of users, because fingerprinting with these kind of scripts is only used by a very small number of obscure sites.
