Wouldn't custom settings make you more unique?

[rieje]

A big part of browser security is making yourself less unique. Wouldn't customizing settings that deviate from the default (even if the settings themselves improve security/privacy in various ways) make users more unique and easier and/or more valuable to track on the internet? E.g. compared to many people who use a default Firefox install with no changed settings or even extensions.

I'm wondering if such a concern is valid--that's often the argument against implementing a bunch of custom settings to "improve" privacy/security. I'm not doubting claims some of these settings improve performance--I'm just interested in the privacy/security aspect of it.

[yokoffing]

A big part of browser security is making yourself less unique.

I’m going to assume you mean anonymity or privacy instead of security. These are three different things: https://thenewoil.org/en/guides/prologue/secprivanon/

Just because you can't have anonymity doesn't mean you shouldn't have privacy or security.

Regarding privacy: One of the best ways to block fingerprinting is to block the trackers who fingerprint you.

In other words, just because you can't stop [first-party] fingerprinting doesn't mean you shouldn't block trackers. Taking "fingerprinting uniqueness" to it's extreme, everyone should use Chrome with default settings and let all the third-party trackers take your information. But some advocates say using an adblocker with default settings is a nice middle ground.

Also, you have to look at the browser that's being used. Tor Browser relies on blending in with all users, while Brave randomizes many fingerprinting vectors. Both browsers also use adblockers.

Now for me, the privacy benefit of aggressively blocking trackers far outweighs the theoretical risk of slightly increased uniqueness due to a less common blocking profile. Think of it as harm reduction. You're mitigating the larger, more immediate privacy threat posed by pervasive tracking.

The privacy gains are usually worth the minimal increase in theoretical fingerprint uniqueness. We still know surprisingly little about fingerprinting.

Even if using more filter lists slightly increases uniqueness in a very specific fingerprinting dimension, it overwhelmingly reduces the overall amount of data that can be collected about you. You're blocking the fingerprinters (trackers) themselves and preventing the scripts from functioning.

You have to identify a potential trade-off: slight increase in fingerprint uniqueness vs. significant privacy gain from blocking. The goal is to reduce what data is collected about me, not to be perfectly anonymous online. Blocking trackers achieves this goal very effectively.