OPSEC52 / Week 5 — Browser compartmentalization
Your browser is a correlation engine. Cookies, logged-in sessions, and a near-unique fingerprint quietly stitch your bank, your exchange, your throwaway handle, and your real name into one profile — unless you split them. One browser profile per identity is the cheapest high-leverage privacy move you’re probably not making.
Threat model: cross-site trackers and fingerprinting that join your separate personas into one graph; a single shared cookie jar that links accounts you meant to keep apart; an over-permissioned or malicious extension reading every page you open; and browser sync silently uploading your history, passwords, and tabs to a cloud account tied to your legal name.
We spent the last three weeks splitting your identity, your email, and your phone number into separate compartments. All of that work flows through one piece of software that quietly re-joins it: your browser. A single profile is a shared room where every persona leaves fingerprints on the same surfaces.
Why one browser is a correlation engine
Four mechanisms collapse your compartments back into one identity:
- Cookies and live sessions. A tab still logged into your real-name Google account sits next to the tab where you open your pseudonymous forum. Shared cookies, referrers, and a logged-in session are all a tracker needs to draw a line between the two.
- Cross-site trackers. The same analytics, ad, and “share” scripts are embedded on millions of sites. In one cookie jar they watch every persona from the same vantage point and merge them.
- Fingerprinting. Your canvas rendering, font list, screen size, timezone, and extensions combine into a value that is often unique to your exact machine — no cookie required. Two “separate” personas with the same fingerprint are obviously the same person.
- Sync. Browser sync uploads history, passwords, open tabs, and autofill to a cloud account — usually one tied to your real name. It’s a single bucket holding all of it.
The fix: one profile per identity, not one browser for everything
A browser profile is a fully separate container — its own cookie jar, history, extensions, logins, and cache. Firefox and Chromium both ship a built-in profile manager; use it. Map profiles to the same trust tiers you built for phones and email:
- Real — bank, government, anything KYC’d to your legal name. Boring, extension-light, no anonymous browsing here ever.
- Pseudonymous — exchanges, forums, and accounts under a handle. Never logged into anything real-name.
- Anonymous — research, leaks, anything that must not trace back. This tier is Tor Browser or Mullvad Browser, not your daily driver with a VPN bolted on (see Week 1).
The rule of thumb: if two activities should never be linkable, they must never share a profile.
Containers: compartmentalize inside one browser
Switching whole profiles is heavy for everyday separation. Firefox’s Multi-Account Containers (plus Temporary Containers) give each site its own isolated cookie jar inside a single window — your shopping persona can’t see your social-login cookies, and trackers can’t follow you between tabs. It’s the lowest-friction way to stop same-session linking.
Fingerprinting: stop being a snowflake
Counter-intuitively, piling on privacy extensions makes you more identifiable, not less — each one adds a distinguishing bit. The winning move is to look like everyone else:
- Tor Browser and Mullvad Browser ship a deliberately standardized fingerprint, so thousands of users render identically. Use one of them for the anonymous tier instead of “hardening” Chrome into a unique configuration.
- Keep the anonymous profile near-stock: no exotic extensions, no custom fonts, default window size. Every tweak is a tell.
Extensions are insiders
An extension with “read and change data on all sites” can see your bank dashboard and your throwaway forum — it’s a single component sitting above all your compartments. Treat them like the privileged code they are: install few, prefer narrow per-site permissions, and never load the same extension across your real and anonymous profiles. Audit the list quarterly.
Kill sync on the wrong tier
Sync is convenient and catastrophic for compartmentalization. Turn it off on the anonymous and pseudonymous profiles entirely. On the real-name profile, sync selectively (and put a strong password + 2FA on the account, since it now holds your whole browsing life).
This week’s drills
- Create at least three browser profiles mapped to Real / Pseudonymous / Anonymous, and stop using one browser for all of them.
- Install Firefox Multi-Account Containers and pin your most-linked sites (email, social, shopping) to their own containers.
- Move all anonymous browsing to Tor Browser or Mullvad Browser, and resist the urge to harden or extend it.
- Audit your extensions — remove anything with all-sites access you don’t actively need, and never share extensions across tiers.
- Disable sync on every profile except the real-name one, and lock that account down.
Next week we close out Pillar 1 and move into the account & password layer — where a password manager turns all of this compartmentalization into something you can actually live with. Until then: split the rooms, and stop letting the browser do the linking for you.
Curated by Cyber Satoshi