167
Skepticism is good here. However, I was not able to replicate this. On Mullvad and Tor, with "Safer" settings, both gave me a new ID after a browser restart.
Then this may be happening only with certain distributions or operating systems. It is definitely happening for me, I checked it over and over. "You have visited once." I close Tor Browser, restart, come back to fingerprint.com. "You have visited twice." I also did try this with safer. I did multiple tests. This impacts at least some operating systems or distributions. It may not impact Qubes. I didn't test that, but I am sure it impacts at least some users.
How are you installing the browsers? Flatpak? AppImage?
Are you keeping at default window size, or resizing? If latter, it is expected. This is a gotcha when using tiling window managers as they often force a window size that may give you off. TB should otherwise start with static fixed window size. Enabling "Letterboxing" feature can help alleviate this somewhat.
On PG: Also been seeing weird vibes and some inexplicable moderation comms and actions when looking closer. Their "recommendations" and "guides" also raise eyebrows. Something is very strange there.
This website says my device is less trustworthy because I'm using incognito and privacy focused settings. Fuck 'em.
I know this post is a bit older at this point, but do you have any custom fonts installed? I could reliably reproduce my browser fingerprint as you described, even between Librewolf and Firefox with different configurations (including JavaScript disabled in Librewolf). A visit on one browser would increment the counter, and vice-versa.
I had forgotten that, quite some time ago, I'd installed a font not packaged with my OS - I deleted it, made sure to clear out my site data, changed IPs, and finally got a shiny new fingerprint.
Cross-referencing with EFF's coveryourtracks site, I also noticed that one metric that almost never changes for me is my audiocontext fingerprint, although I can thwart that by disabling JavaScript, but maybe that's contributing as well?
Using JavaScript defeats the purpose of Tor
If you want to do any browsing other than .onions, javascript is required. Tor Browser is supposed to be anti-censorship and anti-tracking and that it isn't really possible for Tor Browser to access 99% of the Internet without javascript.
Also, the Tor organization is not telling people that they can be uniquely tracked when not in safer mode, and Mullvad Browser is copying most of Tor Browser but not including Tor routing in it and many people using Mullvad Browser use javascript.
It's important that people know this and the fact that I've had such a hard time posting this in different places, and have been met with such suspicion and hostility, is sus and makes me wonder if certain people want these browsers trackable. It's fucking nuts to me that privacyguide's forum deleted multiple posts and my mother fucking username after I posted about this. What else other than it being a controlled operation explains that? And plenty of other people have complained about similar shit!
You need to change the safety setting to "safest".
This is why some onion sites constantly popup warnings in JS and annoy you until you make the change.
Safest is fine for .onions. For most of the Internet, this won't work. And Mullvad Browser, which is often not used with .onions, copies the main architecture of Tor Browser minus the routing.
Wonder why privacyguides deleted the post
Whenever someone says they had a moderator action taken against them, I am suspicious. Some mod teams are notorious, sure, but it's almost always a case of unreliable narration.
I imagine behavior like the allcaps reply above had something to do with it.
Other users on privacyguides forums have commented on the exact same problem where threads are just completely deleted, even with valid questions.
Most likely 3 letter agencies are raising flags to get it deleted, and mods seeing the reports just ban without thinking.
I sadly think this is what's happening and even wonder if some forum mods or people there are intelligence. Because why else would this shit keep happening? Privacyguides also has a sketchy origin story if you look far back enough. The really fucked up thing is they are the most well respected guide to privacy and constantly push 3 VPNs, including ProtonVPN after it was blatantly leaking, and it just really makes me wonder... why do they push those 3 VPNs so hard? In theory, they are good VPNs... but what if they are good and also being pushed for a reason? Almost every good independent VPN gets bought out. Half of the VPNs seem to be owned by Kape, AzireVPN got bought out by a US Company. It seems like fewer and fewer VPNs exist that don't have either intelligence connections or links to privacyguides forum. I just don't like it. I don't trust privacyguides anymore.
It's wild to post something like this, and say things like "This impacts at least some operating systems or distributions," without indicating at all which ones you're having the experience with.
"Javascript was on during this test."
I understand: Javascript is not safe. I know that. But most of the internet, except for onions, use javascript and it's nearly impossible to use most of the Internet in web browsers without it. The problem is that if Fingerprint.com can reliable detect differences between users when javascript is on for Mullvad Browser and Tor Browser in certain operating systems, users should be aware. Most people would think Mullvad Browser in "safer" mode would not create a persistent per-computer hash of the browser that can be tracked across sessions.
I can actually replicated that. Tor Browser without extensions (only the default https anywhere and noscript) on Mac OS. Pretty scary? Wondering how this works.
Aha! I figured it out. Apparently my Tor browser got old extensions in there from older Tor versions (Tor Button and something i can't remember, they were set to deprecated and were disabled). I had Tor literally installed for... over 10 years or something, so I would imagine it didn't reset itself properly after doing one update or another. After removing the Tor Browser data folder and reinstalling it (for good measure, don't think that was necessary), I get random values on the page.
EDIT: One additional thought on that... I feel this is something Tor Browser should consider automatically when applying updates. At least a warning would be good to reset your data once in a while to stay non-unique.
I was able to partially replicate, on safest mode with the minimum js enabled for a result to come up
Tor on mobile gets reliably identified (not a huge surprise, but annoying) regardless of extensions
Tor on desktop did not get reliably identified, even with uBlock
Tor on desktop in "safer" mode, with default noscript, and uBlock enabled, was not reliably identified
Edit: Surprisingly, even on "standard" setting, desktop was not uniquely identified
Just chiming in to say I learned a lot from discussions and links in this thread. Thanks all.
Same here. Just lurking has been useful to me here. Nice to see someone in a similar spot (not an expert but passionate about the subject)
Yes, it's by design. You should probably read this https://mullvad.net/en/browser/mullvad-browser
They have different unique hashes per computer, so Tor Browser user on "Computer 1" has a unique hash and Tor Browser user on Computer 2 has a unique hash. I have read Mullvad's documentation on their browser. Please re-read the original post.
This could entirely be me being tired, and thus a little stupid right now, but how exactly are you rebooting the system? If it's by hitting the restart button, or powering off and back on, you may be having issues with something getting "stuck" in RAM, essentially. Try fully powering down the machine, disconnect the power cable (and battery if it's a laptop), press and hold the power button for 30+ seconds, then hook everything back up and test again. That should be enough to drain any little bits of electricity stored in the system, thus fully clearing anything that might've been hanging around from RAM. Also, make sure the browsers are fully updated and no outdated extensions/plugins/etc.
may i ask which os you're in? linux?
i hate windows, but it seemed like tor's fingerprint randomization works best on commonly used oses. never worked properly on my freebsd or slackware... i use a win10 vm for tor because of this. (only allow tor to communicate, via proxy and block windows from talking to microsoft)
This has been my concern switching over to other OS'. I'm hoping as these alternative choices become more popular this won't be the case as much but I do still have a Windows laptop I rarely use. Only use it for special use cases.
Privacy Guides is definitely over moderated. They might be infiltrated.
It feels like it to me. It seems more than just aggressive or vigilant modding.
If all users have the same fingerprint then nobody is getting fingerprinted.
All users don't have the same fingerprint. Fingerprint.com is testing other things that Tor isn't covering. So if they are testing canvas and other stuff that Tor protects, and 2 things that aren't protected that give unique identifiers, they still create a unique hash. I did not test this using Tails or Qubes and it may not affect all operating systems.
You also didn't test it in safest mode. Do it again with tor browser not in insecure mode
Safest mode blocks any website with javascript and most of the Internet runs on javascript. They also don't warn users that anything other than safest mode now is entirely identifiable based on fingerprinting.
It has no clue who you are using tor. Just switch the circuit your on.
this post was submitted on 24 Mar 2026
167 points (98.3% liked)
Privacy
47998 readers
993 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS