# Browser compartmentalization — one profile per identity, or the browser links them for you > Your browser is a correlation engine. Cookies, logged-in sessions, and a near-unique fingerprint quietly stitch your bank, your exchange, your throwaway handle, and your real name into one profile — unless you split them. One browser profile per identity is the cheapest high-leverage privacy move you're probably not making. Markdown twin of https://xmr.club/opsec/05-browser-compartmentalization. CC-BY-4.0. Attribute "xmr.club". ## At a glance - Canonical: https://xmr.club/opsec/05-browser-compartmentalization - Series: #OPSEC52 — weekly threat-model-first OPSEC cards - Week: 05 - Pillar: Digital identity compartmentalization - Difficulty: beginner - Cost: $0 (built-in profiles + free container tooling + Tor/Mullvad Browser) - Published: 2026-06-29 - Last reviewed: 2026-06-27 ## Body # OPSEC52 / Week 5 — Browser compartmentalization > Your browser is a correlation engine. Cookies, logged-in sessions, and a near-unique fingerprint quietly stitch your bank, your exchange, your throwaway handle, and your real name into one profile — unless you split them. One browser profile per identity is the cheapest high-leverage privacy move you're probably not making. **Threat model:** cross-site trackers and fingerprinting that join your separate personas into one graph; a single shared cookie jar that links accounts you meant to keep apart; an over-permissioned or malicious extension reading every page you open; and browser sync silently uploading your history, passwords, and tabs to a cloud account tied to your legal name. We spent the last three weeks splitting your [identity](/opsec/02-identity-compartmentalization), your [email](/opsec/03-email-aliasing), and your [phone number](/opsec/04-phone-compartmentalization) into separate compartments. All of that work flows through one piece of software that quietly re-joins it: your browser. A single profile is a shared room where every persona leaves fingerprints on the same surfaces. ## Why one browser is a correlation engine Four mechanisms collapse your compartments back into one identity: 1. **Cookies and live sessions.** A tab still logged into your real-name Google account sits next to the tab where you open your pseudonymous forum. Shared cookies, referrers, and a logged-in session are all a tracker needs to draw a line between the two. 2. **Cross-site trackers.** The same analytics, ad, and "share" scripts are embedded on millions of sites. In one cookie jar they watch every persona from the same vantage point and merge them. 3. **Fingerprinting.** Your canvas rendering, font list, screen size, timezone, and extensions combine into a value that is often **unique to your exact machine** — no cookie required. Two "separate" personas with the same fingerprint are obviously the same person. 4. **Sync.** Browser sync uploads history, passwords, open tabs, and autofill to a cloud account — usually one tied to your real name. It's a single bucket holding all of it. ## The fix: one profile per identity, not one browser for everything A browser **profile** is a fully separate container — its own cookie jar, history, extensions, logins, and cache. Firefox and Chromium both ship a built-in profile manager; use it. Map profiles to the same trust tiers you built for phones and email: - **Real** — bank, government, anything KYC'd to your legal name. Boring, extension-light, no anonymous browsing here ever. - **Pseudonymous** — exchanges, forums, and accounts under a handle. Never logged into anything real-name. - **Anonymous** — research, leaks, anything that must not trace back. This tier is **Tor Browser or Mullvad Browser**, not your daily driver with a VPN bolted on (see [Week 1](/opsec/01-vpn-exit-discipline)). The rule of thumb: **if two activities should never be linkable, they must never share a profile.** ## Containers: compartmentalize inside one browser Switching whole profiles is heavy for everyday separation. Firefox's **Multi-Account Containers** (plus **Temporary Containers**) give each site its own isolated cookie jar inside a single window — your shopping persona can't see your social-login cookies, and trackers can't follow you between tabs. It's the lowest-friction way to stop same-session linking. ## Fingerprinting: stop being a snowflake Counter-intuitively, **piling on privacy extensions makes you more identifiable**, not less — each one adds a distinguishing bit. The winning move is to look like *everyone else*: - **Tor Browser** and **Mullvad Browser** ship a deliberately *standardized* fingerprint, so thousands of users render identically. Use one of them for the anonymous tier instead of "hardening" Chrome into a unique configuration. - Keep the anonymous profile near-stock: no exotic extensions, no custom fonts, default window size. Every tweak is a tell. ## Extensions are insiders An extension with "read and change data on all sites" can see your bank dashboard *and* your throwaway forum — it's a single component sitting above all your compartments. Treat them like the privileged code they are: install few, prefer narrow per-site permissions, and never load the same extension across your real and anonymous profiles. Audit the list quarterly. ## Kill sync on the wrong tier Sync is convenient and catastrophic for compartmentalization. Turn it **off** on the anonymous and pseudonymous profiles entirely. On the real-name profile, sync selectively (and put a strong password + 2FA on the account, since it now holds your whole browsing life). ## This week's drills - [ ] Create at least **three browser profiles** mapped to Real / Pseudonymous / Anonymous, and stop using one browser for all of them. - [ ] Install **Firefox Multi-Account Containers** and pin your most-linked sites (email, social, shopping) to their own containers. - [ ] Move all anonymous browsing to **Tor Browser or Mullvad Browser**, and resist the urge to harden or extend it. - [ ] Audit your extensions — remove anything with all-sites access you don't actively need, and never share extensions across tiers. - [ ] **Disable sync** on every profile except the real-name one, and lock that account down. Next week we close out Pillar 1 and move into the **account & password** layer — where a password manager turns all of this compartmentalization into something you can actually live with. Until then: split the rooms, and stop letting the browser do the linking for you. *Curated by [Cyber Satoshi](https://x.com/xbtoshi)* ## Related - HTML: https://xmr.club/opsec/05-browser-compartmentalization - Series index: https://xmr.club/opsec - Twin index: https://xmr.club/llm/opsec.txt