I have been testing Tor Browser and Mullvad Browser using fingerprint.com. I get unique persistent identifiers that are unique per machine and persist over rebooting sessions. Javascript was on during this test.
This could be very dangerous to people using Tor Browser and Mullvad Browser.
For example, if someone visits Rainbow Railroad, an organization for leaving repressive countries with hostile LGBT policies, and then watches a video about the organization on YouTube, and then also does something, like create a Discord Server, and use Tor Browser to get around geoblocking but link it to their personal phone number, then a hostile regime buying data from data brokers could possible determine that user is considering using rainbow railroad. Even if this exact example isn’t realistic or plausible (although governments do buy form data brokers), users should be aware that persistent identifiers in Tor Browser and Mullvad Browser allow for continuous tracking of a user using the same machine.
I posted this information on privacyguides forum and they deleted my account after, leading me to wonder if the forum is a giant honeypot that curates acceptable privacy discussions and unacceptable private discussions. I honestly wonder if they are infiltrated by the government. They repeatedly delete the posts of other people as well and the whole thing is starting to not sit well with me.
Using JavaScript defeats the purpose of Tor
If you want to do any browsing other than .onions, javascript is required. Tor Browser is supposed to be anti-censorship and anti-tracking and that it isn’t really possible for Tor Browser to access 99% of the Internet without javascript.
Also, the Tor organization is not telling people that they can be uniquely tracked when not in safer mode, and Mullvad Browser is copying most of Tor Browser but not including Tor routing in it and many people using Mullvad Browser use javascript.
It’s important that people know this and the fact that I’ve had such a hard time posting this in different places, and have been met with such suspicion and hostility, is sus and makes me wonder if certain people want these browsers trackable. It’s fucking nuts to me that privacyguide’s forum deleted multiple posts and my mother fucking username after I posted about this. What else other than it being a controlled operation explains that? And plenty of other people have complained about similar shit!