Circumventing Device Fingerprinting

As far as I can see, you can easily spoof all of the fingerprinting data, and potentially change it with every request. All this information is sent by your browser in the HTTP headers of the request (or obtained via browser client-side scripts). I am not aware of a particular plugin that supports this fully, but there are some plugins for changing your user-agent, manipulating headers and managing cookies. The user-agent is one of the main identifying pieces of information of the fingerprinting process and most other pieces are in other various headers. Blocking javascript/flash scripts is also possible, e.g. using the noscript plugin

Changing this fingerprinting info however does come with a price. It might cause the website to display pages in a different way, which will cause the site to look wrong or not to function properly. Lots of website developers rely on (at least some of) this fingerprint information in order to make the pages they display compatible with your browser. Hiding/spoofing this info will therefore affect this process and your browsing experience may be altered.

It's also possible that this fingerprinting is performed for legitimate security reasons. For example, a security-aware website might tie in the fingerprint info to the session or logged-in user, and will reject requests where the fingerprinting doesn't match (this would suggest to the server a request is now coming from a different browser). Here's one more example from another question where the website owner wants to test browser plugin versions of your browser (which is part of the fingerprinting data) before allowing access. I don't know of any specific sites that use this technique, but it is definitely feasible. Changing fingerprint data with every request will again cause unwanted behaviour.

I suppose that performing some minor randomized tweaks to specific headers will achieve a better degree of anonymity against fingerprinting without compromising the browsing experience. This requires some experimentation and will probably mean a compromise between security and usability.

There is a browser plugin for Firefox called CanvasBlocker by kkapsner which claims to be able to block canvas fingerprinting in several different ways. The block mode that I find most interesting is the "fake readout api" which supposedly sends fake data whenever it is called; however, the user can choose other methods such as block all requests, block sites only on blacklist, don't block on white list, etc. However as Shnatsel pointed out above, you can't check the results unless you have access to the fingerprinting providers. Furthermore, as Yoav Aner stated in the above post, blocking or spoofing one's fingerprint may break certain sites. The developer, kkapsner, also describes this particular problem. More information for this extension is available at https://github.com/kkapsner/CanvasBlocker. The Firefox extension is available at https://addons.mozilla.org/en-US/firefox/search/?platform=windows&q=CanvasBlocker. Happy surfing!