Saltar al contenido principal
en/blog/obscura/research/existing-solutions/

obscura/research/existing-solutions

4 min read

Overview

Analysis of existing tools and approaches for anti-fingerprinting and privacy protection.

Tools

Tor Browser

Approach: Modified Firefox with all fingerprinting surfaces normalized.

What it does:

  • All users appear identical (same canvas output, same fonts, same screen size)
  • Blocks WebGL, Canvas, AudioContext fingerprinting
  • Normalizes timezone to UTC
  • Normalizes language to en-US
  • Limits CPU cores reported
  • Disables WebRTC
  • Disables performance.now() high precision
  • Rounds screen dimensions to multiples of 200px

Pros:

  • Most effective anti-fingerprinting solution
  • Free and open-source

Cons:

  • Very slow (Tor routing + software rendering)
  • Many sites break (WebGL, canvas blocking)
  • Some sites detect Tor exit nodes and block them
  • Not a network-level solution

Brave Browser

Approach: Chromium with built-in fingerprinting protections.

What it does:

  • "Strict" mode: injects noise into fingerprinting APIs
  • Far.audible: farbling (noise injection) on canvas/audio/fonts
  • Blocks third-party trackers by default
  • Randomizes fingerprints per session

Pros:

  • Good performance
  • Modern browser compatibility
  • Per-session randomization prevents long-term tracking

Cons:

  • Still within the browser detectable
  • Less effective than Tor Browser
  • Requires using Brave specifically

Firefox Enhanced Tracking Protection / resistFingerprinting

Approach: Built-in fingerprinting protections.

What it does:

  • privacy.resistFingerprinting = true
  • Similar to Tor Browser but less aggressive
  • Rounds timezone, screen, limits APIs

Pros:

  • Easy to enable
  • No performance hit for most features

Cons:

  • Less comprehensive than Tor Browser
  • Some sites still detect fingerprint differences
  • Not network-level

CanvasBlocker (Firefox Extension)

Approach: Randomizes canvas output.

What it does:

  • Randomizes canvas pixel data before returning to scripts
  • Blocks WEBGL_debug_renderer_info
  • Can block AudioContext

Pros:

  • Lightweight
  • Configurable

Cons:

  • Extension can be detected
  • Randomization per session can be detected by comparing sequential reads
  • Firefox-only

AdGuard Home

Approach: DNS-level ad/tracker blocking.

What it does:

  • DNS sinkhole for known tracking/ad domains
  • DHCP server
  • Blocklist management
  • Web UI (TypeScript + CSS)

Pros:

  • Network-wide (covers all devices)
  • Mature, well-maintained
  • Containerized

Cons:

  • DNS-level only (no HTTP/HTTPS modification)
  • No fingerprint spoofing
  • No MITM

Pi-hole

Approach: Same as AdGuard Home, DNS-level blocking.

Pros:

  • Well-established
  • Lightweight

Cons:

  • DNS only
  • No JS injection
  • No header modification

TLSMask

Approach: TLS ClientHello fingerprint spoofing.

What it does:

  • Modifies JA3/JA4 fingerprints to mimic another browser
  • Acts as a forward proxy

Pros:

  • Targeted approach for TLS fingerprint
  • Works with any browser

Cons:

  • Only handles TLS layer
  • No HTTP modification
  • No JS injection

BlueFlame (Tauri/Rust Browser)

Approach: Privacy-first browser with embedded MITM proxy.

What it does:

  • Embedded MITM filter proxy (EasyList + EasyPrivacy)
  • Optional Tor routing via arti
  • Tauri/Rust desktop app

Pros:

  • Closest to Obscura's concept
  • Uses Rust + Tauri

Cons:

  • Desktop app, not a network gateway
  • Still in early development

Stealth-Guard (Browser Extension)

Approach: Spoofs and randomizes fingerprint data.

What it does:

  • Spoofs user agent, screen, timezone, etc.
  • Randomizes fingerprint per session

Pros:

  • Easy to install
  • Configurable

Cons:

  • Browser extension (detectable, removable)
  • Client-side only

Gap Analysis

Feature Tor Brave uBlock AdGuard TLSMask Obscura (target)
Network-wide No No No Yes Yes Yes
DNS blocking No No No Yes No Yes
HTTP header spoof Via proxy No No No No Yes
JS API override Yes Partial No No No Yes
Canvas/WebGL block Yes Partial No No No Partial
Audio block Yes Partial No No No Partial
TLS fingerprint Tor exit No No No Yes Yes
Configurable profiles No No No No No Yes
Web UI No Yes Yes Yes No Yes
Containerized No No No Yes Partial Yes
Cross-browser No No Yes Yes Yes Yes

Conclusions

  • No existing tool covers all the layers (DNS + HTTP + JS + TLS) in a single gateway
  • Obscura's value proposition is network-wide, multi-layer protection
  • The closest competitors are AdGuard Home (network-wide but DNS-only) and Tor Browser (comprehensive but browser-only)
  • Browser extensions are too limited (detectable, not network-level)
  • A containerized gateway is the right deployment model