I have been trying out the different security levels of the Tor Browser. It’s set to Standard by default. Some people say that it is best to leave it as it is because most of the Tor users will have the default settings so you will blend in better. However, I decided to look at the other options.
I tested Tor browser with all three security level settings to see which one is the most commonly used through Cover Your Tracks for the most common Tor fingerprint.
On the default security level, Standard
Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 694.64 browsers have the same fingerprint as yours.
Currently, we estimate that your browser has a fingerprint that conveys 9.44 bits of identifying information.
Be aware that this does not block WebGL unique fingerprinting.
Now the security level in between, Safer
Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 1804.18 browsers have the same fingerprint as yours.
Currently, we estimate that your browser has a fingerprint that conveys 10.82 bits of identifying
The number is largely tripled from the standard mode. This security level is the least used and the most uncommon, which makes the browser less common with the others. I’m surprised that this is the most uncommon as it blocks WebGL fingerprinting.
The most effective safety level, Safest
Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 255.02 browsers have the same fingerprint as yours.
Currently, we estimate that your browser has a fingerprint that conveys 7.99 bits of identifying information.
This setting is surprisingly the most common and used one, even though it is not the default setting. It also disables Javascript to prevent the intense fingerprinting.
Disabling Javascript in Tor will not make you stand out, it will make you blend in the most and will block much more effective fingerprinting. Note that most websites will not function properly if JavaScript is disabled.
Always keep in mind that Tor makes you uniquely identifiable if you are the only one using it on a particular website.
Lots of sites also block access from known exit nodes. I think almost everything under cloudflare blocks it.
CDN/security providers like Akamai & Cloudflare maintain lists of known Tor exit nodes and keep it regularly updated. That makes it trivial for customers to block that traffic.
Source: My employer is an Akamai customer and we use this list in some our WAF policies.