Privacy Features β
Deep dive into the privacy protections built into Nothing Private Browser.
Overview β
Nothing Private Browser has zero telemetry, zero session persistence, and zero black boxes. Every privacy feature is enabled by default β no configuration required.
| Feature | Status | Description |
|---|---|---|
| Zero telemetry | β Enabled | No analytics, no phoning home |
| Session wiping | β Enabled | Everything deleted on close |
| Fingerprint spoofing | β Enabled | Chrome-identical fingerprint |
| WebRTC leak protection | β Enabled | Real IP never exposed |
| UA-CH spoofing | β Enabled | Modern fingerprinting blocked |
| Ad blocking | π Planned | Network-level filter lists |
| Tor routing | π Planned | Optional onion routing |
| VPN integration | π Planned | Import .ovpn/WireGuard |
Zero Telemetry β
Nothing Private Browser sends zero data anywhere.
What's Not Collected β
cpp
// NOTHING is collected:
// β No usage metrics
// β No crash reports
// β No browsing history
// β No search queries
// β No device information
// β No IP addresses
// β No timestamps
// β NothingNo "Phone Home" Calls β
cpp
// No calls to:
// β’ google-analytics.com
// β’ crashlytics.com
// β’ sentry.io
// β’ Any external servers
// The browser only connects to sites YOU visitComparison β
| Browser | Telemetry | Phone Home |
|---|---|---|
| Nothing Private | β None | β None |
| Chrome | β Yes | β Yes |
| Firefox | β οΈ Some | β οΈ Some |
| Brave | β οΈ Some | β οΈ Some |
| Safari | β οΈ Some | β Yes |
Zero Session Persistence β
Everything is wiped when you close the browser.
What Gets Wiped β
| Item | Status | On Close |
|---|---|---|
| Cookies | β Deleted | Immediately |
| Cache | β Cleared | Immediately |
| localStorage | β Emptied | Immediately |
| sessionStorage | β Emptied | Immediately |
| Browsing history | β Removed | Immediately |
| IndexedDB | β Purged | Immediately |
| Service workers | β Unregistered | Immediately |
| Site permissions | β Reset | Immediately |
Code Implementation β
cpp
void PrivateBrowser::closeEvent(QCloseEvent* event) {
// Wipe everything
m_profile->cookieStore()->deleteAllCookies();
m_profile->clearHttpCache();
m_profile->clearAllVisitedLinks();
m_profile->clearStorage();
// Delete storage files
QString storagePath = m_profile->storagePath();
if (QDir(storagePath).exists()) {
QDir(storagePath).removeRecursively();
}
// Fresh profile next launch
m_profile = new QWebEngineProfile("PrivateSession_" + QUuid::createUuid().toString());
}What This Means β
- Close the browser = fresh start
- No traces on disk
- No way to recover previous session
- Perfect for sensitive browsing
Fingerprint Spoofing β
Nothing Private Browser randomizes browser fingerprints to prevent tracking.
Spoofed Properties β
| Property | Real Value | Spoofed Value |
|---|---|---|
| User-Agent | Firefox/Chrome version | Chrome 124 |
| Platform | Linux x86_64 | Win32 |
| Hardware concurrency | 16 cores | 8 cores |
| Device memory | 32GB | 8GB |
| WebGL vendor | NVIDIA/AMD | Intel Inc. |
| WebGL renderer | Actual GPU | Intel Iris |
| Canvas fingerprint | Unique | Noised (xorshift) |
| Audio fingerprint | Unique | Noised (Β±0.00000005) |
Injection Timing β
Spoofing happens at DocumentCreation β before any page JavaScript runs:
cpp
QWebEngineScript script;
script.setInjectionPoint(QWebEngineScript::DocumentCreation); // Key!
script.setWorldId(QWebEngineScript::MainWorld);
script.setRunsOnSubFrames(true);This means page scripts cannot detect the spoofing β it was "always there."
Per-Session Randomization β
cpp
// New seeds every session
m_canvasSeed = QRandomGenerator::global()->generateDouble();
m_audioSeed = QRandomGenerator::global()->generateDouble();
// Different fingerprint every session
// Consistent within the same sessionWebRTC Leak Protection β
WebRTC can expose your real IP address even when using a VPN.
The Problem β
javascript
// Any website can do this
const pc = new RTCPeerConnection({ iceServers: [{ urls: "stun:stun.l.google.com:19302" }] });
pc.createDataChannel("");
pc.createOffer().then(offer => pc.setLocalDescription(offer));
// Your real IP appears in ICE candidates
pc.onicecandidate = (event) => {
console.log(event.candidate.candidate); // Real IP exposed!
};The Solution β
cpp
void WebRTCProtector::interceptRTCPeerConnection() {
// Strip all STUN servers from ICE config
QString script = R"(
const OriginalRTCPeerConnection = window.RTCPeerConnection;
window.RTCPeerConnection = function(config) {
// Remove STUN servers
if (config && config.iceServers) {
config.iceServers = config.iceServers.filter(
server => !server.urls?.includes('stun:')
);
}
return new OriginalRTCPeerConnection(config);
};
)";
m_page->runJavaScript(script);
}Result β
| Scenario | Real IP Leaks? |
|---|---|
| Without protection | β Yes (exposed) |
| With protection | β No (blocked) |
| With VPN + protection | β No (VPN IP only) |
UA-CH Spoofing β
User-Agent Client Hints (UA-CH) are modern fingerprinting methods.
What UA-CH Reveals β
javascript
// Sites can request high-entropy values
const hints = await navigator.userAgentData.getHighEntropyValues([
"architecture",
"model",
"platform",
"platformVersion",
"uaFullVersion"
]);
// Without spoofing, reveals:
// β’ CPU architecture (arm64/x86)
// β’ Device model (MacBookPro18,1)
// β’ Exact OS version
// β’ Exact browser versionSpoofed Values β
cpp
QString spoofedUA = R"(
Object.defineProperty(navigator, 'userAgentData', {
get: () => ({
brands: [
{ brand: "Chromium", version: "124" },
{ brand: "Not A(Brand", version: "99" }
],
mobile: false,
platform: "Windows",
getHighEntropyValues: async (hints) => ({
architecture: "x86",
model: "",
platform: "Windows",
platformVersion: "10.0",
uaFullVersion: "124.0.6367.91"
})
})
});
)";DNS Leak Prevention β
DNS leaks can reveal your browsing activity even with HTTPS.
Current Status β
| Feature | Status | Version |
|---|---|---|
| DNS over HTTPS | β οΈ Planned | v0.2.0 |
| DNS leak blocking | β οΈ Planned | v0.2.0 |
| Custom DNS servers | β οΈ Planned | v0.2.0 |
Workaround β
Use a VPN or configure system DNS:
bash
# Linux - use Cloudflare DNS
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
echo "nameserver 1.0.0.1" | sudo tee -a /etc/resolv.confAd Blocking (Planned for v0.2.0) β
Network-level ad blocking using filter lists.
Filter List Support β
| List | Status |
|---|---|
| EasyList | π Planned |
| EasyPrivacy | π Planned |
| Peter Lowe's list | π Planned |
| uBlock Origin filters | π Planned |
Implementation β
cpp
class AdBlocker : public QWebEngineUrlRequestInterceptor {
void interceptRequest(QWebEngineUrlRequestInfo &info) override {
QUrl url = info.requestUrl();
// Check against filter lists
if (m_filterList->isBlocked(url.host(), url.path())) {
info.block(true);
return;
}
info.block(false);
}
};Tor Routing (Planned for v0.3.0) β
Optional onion routing for complete anonymity.
How It Works β
Your Computer β Tor Network β Destination
β
βββ Node 1 (entry)
βββ Node 2 (middle)
βββ Node 3 (exit) β WebsiteImplementation β
cpp
void enableTor() {
// Route through Tor SOCKS proxy
m_profile->setProxy(QNetworkProxy::Socks5Proxy, "127.0.0.1", 9050);
// Disable WebRTC (already done)
// Disable DNS leaks
// Disable JavaScript if needed
}One Toggle β
cpp
// Settings toggle
connect(torToggle, &QCheckBox::toggled, [this](bool enabled) {
if (enabled) {
enableTor();
} else {
disableTor();
}
});VPN Integration (Planned for v0.3.0) β
Import VPN configurations directly into the browser.
Supported Formats β
| Format | Support |
|---|---|
| OpenVPN (.ovpn) | π Planned |
| WireGuard (.conf) | π Planned |
| ProtonVPN | π Planned |
Import Flow β
cpp
void importVPNConfig(const QString& filePath) {
if (filePath.endsWith(".ovpn")) {
importOpenVPN(filePath);
} else if (filePath.endsWith(".conf")) {
importWireGuard(filePath);
}
// Route browser traffic through VPN
m_profile->setProxy(m_vpnProxy);
}Privacy Settings (None) β
There are no privacy settings to configure.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SETTINGS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β There is nothing to configure. β
β β
β Privacy is already enabled. β
β Fingerprinting is already blocked. β
β WebRTC is already protected. β
β β
β Close the browser when you're done. β
β Everything is wiped automatically. β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββPrivacy by default. No toggles. No confusion.
Privacy Audit Checklist β
| Check | Status | Evidence |
|---|---|---|
| No telemetry | β Pass | Code audit, network monitoring |
| No persistent storage | β Pass | Storage cleared on close |
| Fingerprint spoofing | β Pass | JA3 matches Chrome |
| WebRTC protection | β Pass | STUN servers stripped |
| UA-CH spoofing | β Pass | getHighEntropyValues spoofed |
| DNS leaks | β οΈ Partial | VPN required |
| Ad blocking | π Planned | v0.2.0 |
| Tor integration | π Planned | v0.3.0 |
Testing Your Privacy β
Test Your Browser β
| Site | What It Tests |
|---|---|
| browserleaks.com | WebRTC, canvas, fingerprints |
| amiunique.org | Browser fingerprint |
| ipleak.net | IP and DNS leaks |
| deviceinfo.me | Device information |
Manual Tests β
javascript
// Check WebRTC leak
const pc = new RTCPeerConnection({ iceServers: [{ urls: "stun:stun.l.google.com:19302" }] });
pc.createDataChannel("");
pc.createOffer().then(offer => pc.setLocalDescription(offer));
pc.onicecandidate = (event) => {
console.log(event.candidate?.candidate); // Should be empty or no IP
};
// Check fingerprint
console.log(navigator.userAgent);
console.log(navigator.plugins.length);
console.log(navigator.webdriver); // Should be undefinedNext Steps β
- Installation β Install the browser
- Roadmap β Upcoming privacy features
- Limitations β Known limitations
Nothing Ecosystem Β· Ernest Tech House Β· Kenya Β· 2026