So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn’t the tightest and could best be described as “I don’t see why they should have my data if I am blocking the ads they use it to try to deliver to me”. This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser’s terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I’m on debian-based linux.
Thanks for any help in advance.
Tor inside a VPN is fine. Some argue it will make you stand out in comparison with other users of your VPN but that’s only a problem if they retain data, and if they do you really wish you’d have used tor…
It depends on your threat model. Using tor via a know vpn endpoint does make you stand out and can be used to profile your traffic. One of the main points of tor is that all users look exactly the same.
If you have e.g. one user out of a 100 using a vpn endpoint instead of some residential ip address that user immediately becomes a much more interesting target. There is information floating around in the web that state actors have control over several entry and exit nodes.