A bash app for anonymity-focused browser profiles on Linux and macOS. Designed for privacy enthusiasts, security researchers, and anyone who needs consistent, verifiable browser fingerprint and identification prevental across different use cases. The goal was complete anonymity for web page browsing.
NOTE: Firefox is recommended, since Brave exposed some hardware information. For MacOS users: Firefox on a virtual machine is the safest bet, since MacOS has its quirks (see "Test Results", below).
- Two optimized privacy profiles with different anonymity strategies
- 21 country presets with correct timezone, locale, and Accept-Language headers
- Clean reset function to restore browser defaults
- Cross-platform — works on Linux (Kali, Ubuntu, Debian, etc.) and macOS
- Auto-generated launchers with correct TZ environment variable
- Input validation — bulletproof menu system prevents configuration errors
- Zero dependencies — pure Bash, no external tools required
- Bash 3.2+ (macOS users: the default
/bin/bashworks, but Homebrew's bash is recommended) - Firefox and/or Brave browser (installed in standard locations)
- No browsers running during configuration
# Clone the repository
git clone https://github.com/yourusername/hideBrowser.git
cd hideBrowser
# Make executable
chmod +x hideBrowser.sh
# Run (browsers must be closed)
./hideBrowser.shAlways use the app-provided launch commands to open the browser, as this ensures the correct timezone environment variable is set at launch.
After applying a profile, verify using BrowserLeaks:
- IP Address — Should show VPN exit location
- JavaScript — Check timezone, language, platform
- Canvas — Mr. Robot = unique, Joe = shared signature
- WebRTC — No local IP leak
- WebGL — Should be disabled
- Proxy Detection — Check letterboxing/canvas protection flags
hideBrowser provides two distinct privacy profiles optimized for different threat models, plus a clean reset option:
| Profile | Philosophy | Use Case |
|---|---|---|
| Mr. Robot | Maximum entropy reduction | When you need to reveal nothing — blends with Tor Browser users |
| Coffee Joe | Statistical normalcy | When you need to look like everyone — blends with typical Ubuntu Firefox users |
| Default | Factory reset | Removes all customizations, returns browser to stock settings |
The tool also supports 21 countries for timezone and locale configuration, allowing your browser fingerprint to match your VPN exit location perfectly.
During development, both Firefox and Brave (Chromium) were tested extensively. Firefox is strongly recommended for privacy work because:
- No Client Hints API — Chromium-based browsers expose CPU architecture (
arm/x86) vianavigator.userAgentData, which cannot be overridden and creates a unique hardware fingerprint - Resist Fingerprinting (RFP) — Firefox's built-in RFP provides Tor Browser-level fingerprint uniformity
- Canvas noise injection — RFP automatically randomizes canvas reads, making tracking impossible
- Full user.js control — All privacy settings can be managed via preferences
⚠️ Brave/Chromium Warning: On ARM-based systems (M1/M2 Macs, Raspberry Pi), Chromium browsers leakarchitecture: armthrough Client Hints, exposing your actual hardware regardless of other privacy settings.
Strategy: Maximum entropy reduction. Identical fingerprint to Tor Browser users.
| Setting | Value | Purpose |
|---|---|---|
privacy.resistFingerprinting |
true |
Enables Tor Browser fingerprint |
privacy.resistFingerprinting.letterboxing |
true |
Standardizes viewport dimensions |
media.peerconnection.enabled |
false |
Disables WebRTC completely |
webgl.disabled |
true |
Prevents GPU fingerprinting |
media.webaudio.enabled |
false |
Blocks audio fingerprinting |
media.webspeech.synth.enabled |
false |
Disables speech synthesis |
intl.accept_languages |
en-US, en |
Neutral language (privacy > localization) |
geo.enabled |
false |
Disables geolocation |
dom.maxHardwareConcurrency |
2 |
Spoofs CPU cores |
browser.display.use_document_fonts |
0 |
Restricts font enumeration |
network.http.sendRefererHeader |
0 |
Strips referrer headers |
privacy.firstparty.isolate |
true |
Isolates cookies per domain |
Expected BrowserLeaks Results:
- Canvas: 100% unique (RFP noise injection)
- Letterboxing: Detected ✓
- Canvas Protection: Detected ✓
- Timezone: UTC (forced by RFP)
- WebRTC: Completely disabled
Strategy: Statistical normalcy. Indistinguishable from the largest Firefox user demographic.
| Setting | Value | Purpose |
|---|---|---|
general.useragent.override |
Ubuntu Firefox 133 | Matches largest Linux demographic |
general.platform.override |
Linux x86_64 |
Consistent platform |
privacy.resistFingerprinting |
false |
Avoids RFP detection flags |
privacy.resistFingerprinting.letterboxing |
false |
No viewport manipulation |
media.peerconnection.enabled |
true |
WebRTC enabled (hardened) |
media.peerconnection.ice.no_host |
true |
Prevents local IP leak |
webgl.disabled |
true |
Hides VM GPU (~15% of users do this) |
intl.accept_languages |
Country-specific | Matches VPN exit location |
dom.maxHardwareConcurrency |
4 |
Common laptop value |
Expected BrowserLeaks Results:
- Canvas: Shared with 100+ other users (no protection detected)
- Letterboxing: Not detected ✓
- Canvas Protection: Not detected ✓
- Timezone: Matches selected country
- WebRTC: No local IP leak
Selecting "Default" performs a complete reset:
What gets removed:
user.jsfile (deleted entirely)- All custom preferences from
prefs.js:- User agent overrides
- Platform/oscpu spoofs
- WebRTC settings
- RFP settings
- Timezone overrides
- Language preferences
- WebGL settings
- Hardware concurrency spoofs
- All privacy hardening
What gets restored:
- Native Firefox user agent
- System timezone (no TZ override)
- Default WebGL (enabled)
- Default Web Audio (enabled)
- Default WebRTC behavior
- System language preferences
- Standard Firefox tracking protection
Generated launcher scripts are also removed.
Each country maps to three values:
| Component | Example (Germany) | Function |
|---|---|---|
| TZ | Europe/Berlin |
Sets system timezone via environment variable |
| Locale | de-DE |
Sets intl.locale.requested |
| Languages | de-DE, de, en-US, en |
Sets intl.accept_languages header |
Daylight Saving Time is handled automatically by the TZ environment variable — no manual adjustment needed.
Note: Mr. Robot always uses UTC regardless of country selection (RFP enforces this). The country selection for Robot is for reference/VPN alignment only.
Firefox Profile: ~/.mozilla/firefox/*.default-release/
User.js: ~/.mozilla/firefox/*.default-release/user.js
Prefs.js: ~/.mozilla/firefox/*.default-release/prefs.js
Launchers: ~/launch_firefox_robot.sh, ~/launch_firefox_joe.sh
Firefox Profile: ~/Library/Application Support/Firefox/Profiles/*.default-release/
User.js: ~/Library/Application Support/Firefox/Profiles/*.default-release/user.js
Prefs.js: ~/Library/Application Support/Firefox/Profiles/*.default-release/prefs.js
Launchers: ~/launch_firefox_robot.sh, ~/launch_firefox_joe.sh
Run Firefox once normally to create a default profile, then close it and run hideBrowser again.
Make sure you're launching Firefox via the generated script (~/launch_firefox_*.sh), not directly. The TZ environment variable is set in the launcher.
This is usually caused by your browser window matching a known Tor letterbox size (e.g., 1400×700). Resize your window to a non-standard dimension.
- Close Firefox completely
- Run hideBrowser
- Launch via the generated script
Ensure Terminal has Full Disk Access in System Preferences → Security & Privacy → Privacy.
- VPN and/or Tor recommended — These profiles manage browser fingerprint, not IP address
- Profiles are stored locally — user.js and prefs.js are not encrypted
- Backups created automatically — timestamped
.bakfiles before each change - Not a substitute for Tor — For maximum anonymity, use Tor Browser directly
- BrowserLeaks — Comprehensive fingerprint testing
- arkenfox user.js — Firefox privacy hardening reference
- Tor Browser — Inspiration for RFP settings