OPSEC — Browser, fingerprinting & content OPSEC

OPSEC — Browser, fingerprinting & content OPSEC

Sub-nota atomica del manual maestro manual-paranoid-opsec. Cada capitulo es una nota propia para consulta directa por dominio operativo.

6. Browser, Fingerprinting & Content OPSEC

6.1 Fingerprinting Risks

Web browsers are one of the most fingerprintable tools an investigator uses.
Even without cookies, sites can identify and track users via:

  • Headers (User-Agent, Accept-Language, Referer).
  • Screen resolution & color depth.
  • Fonts and plugins.
  • Time zone & system locale.
  • WebGL / Canvas rendering hashes.
  • Audio context fingerprints.
  • Hardware information (CPU cores, GPU vendor, battery stats).

6.2 Browser Hygiene

  • Maintain separate browser profiles per persona or investigation.
  • Use different default languages, time zones, and OS UI locales to avoid overlaps.
  • Disable autofill, password managers, and syncing.
  • Always use private browsing/incognito but understand it does not prevent fingerprinting.

6.3 Isolation Techniques

  • For high-risk operations, use dedicated VMs or containers with a fresh browser instance for each session.
  • Do not mix work and personal browsing on the same system.
  • Consider sandboxed browsers (e.g., via Firejail, Qubes DisposableVMs).
  • Use different user agents and rotate them across personas.

6.4 Anti-Fingerprinting Tools

  • Tor Browser: best-in-class for uniform fingerprinting; all users look alike.
  • Mullvad Browser: similar to Tor Browser but without enforced Tor routing.
  • Brave: offers fingerprint randomization, but not foolproof.
  • Firefox + arkenfox: hardened with custom configs, but increases uniqueness.
  • Test fingerprints regularly via:

6.5 Content Handling OPSEC

  • Treat downloads as potentially dangerous:
    • PDFs may contain beacons.
    • Office docs may contain macros.
  • Always open files in sandboxed environments.
  • Strip metadata from documents and images before sharing.
  • For screenshots, use tools that avoid embedding device metadata.
  • Never paste investigation content directly between personas → use an air-gap or controlled transfer channel.

🔥 Extreme Practices (Optional)

  • Never use a general-purpose browser for high-risk investigations. Instead, run disposable hardened browsers inside ephemeral VMs (destroyed after each session).
  • Disable all JavaScript, WebRTC, and WebGL by default; only enable in tightly controlled test environments.
  • Use network-layer obfuscation: VPN/Tor routing combined with traffic padding to defeat timing analysis.
  • Employ browser compartment switching: e.g., one VM for passive observation (Tor Browser, no login), another for active interaction (burner identity, Mullvad Browser).
  • For the most sensitive work:
    • Access content via remote disposable proxies (e.g., headless browser in the cloud, viewed through VNC with no direct connection).
    • Download suspect files only via air-gapped intermediary machines, then analyze with multi-layer sandboxes.
  • Assume all browser activity can be correlated over time — rotate entire device/browser/VM stacks frequently.

Themes