In this guide we will discuss what browser fingerprinting is and how it can affect your online privacy, as well as how you can avoid it.
This article will address the following questions:
- What is browser fingerprinting
- How browser fingerprinting works
- Browser fingerprinting techniques
- What are the purposes of browser fingerprinting
- How to test your browser fingerprinting
- How to prevent browser fingerprinting
Browser fingerprinting generates a unique fingerprint of users enabling websites to track them among millions of others.
The most dangerous part of fingerprinting is websites’ ability to collect extensive information to generate a unique browser fingerprint for every user.
Even though browser fingerprinting’s main purpose is targeted advertising, you can use them for better fraud detection and botnet identification.
Several websites provide consumers the facility to check what kind of information websites can track about them.
As always, prevention is better than the cure; there are several ways you prevent websites acquiring information to create your browser fingerprint.
A fingerprint is unique to every person, so is the browser fingerprint, which is a unique profile websites use to identify and track you among many users.
Browser fingerprinting, also referred to as device fingerprinting or online fingerprinting, is an online tracking technology initially used for security purposes, but now it has become privacy-invasive than browser cookies.
Websites create this digital fingerprint by collecting your device’s different hardware and software settings. In that case,d browser settings.
For example, operating system, user-agent, number of CPU cores, supported languages, your time zone, whether you have enabled cookies or not, screen resolution, plugins, use of an ad blocker, fonts, and many more.
These data make a unique digital fingerprint that browsers can identify you among millions of users, and its accuracy lies between 90 to 99%.
Unlike in cookies, this technique does not store any information regarding the fingerprint in the users’ device, making it stateless. The more unique these data become, the easier websites to make this fingerprint.
The creation of the fingerprint is usually done by a script that is working silently in the background without your knowledge and consent. Browser fingerprinting makes you trackable for a longer time, even if your device, software, or browser configuration changes. Research proves that long-term tracking is possible even if your data changes frequently.
This is how browser fingerprinting works:
Thus, these scripts are mostly legitimate, and blocking them will not properly render the content. In addition, the Adobe Flash plugin installed in your browser can provide so much information like your operating system, time zone, screen resolution, etc.
From all this data, the website generates a hash or a unique fingerprint.
This technique exploits the HTML5 canvas element to secretly gather information about the user’s graphic card, drivers, and GPU. When you visit a website that contains the canvas fingerprinting script, it forces the browser to draw an image or a text with a random font and size.
The rendering of that image is slightly different in every device since they have different graphics hardware, software, and drivers.
The fingerprinting script then identifies how your browser has rendered that image, and through that, it deduces detailed information about your devices’ graphics, GPU model, and other information.
Then the fingerprinting script converts the data into Base64 encoded format and computes the canvas fingerprint hash.
This technique is accurate and does not take too much time to process, making it one of the most widely used browser fingerprinting techniques.
WebGL fingerprinting works very similar to Canvas fingerprinting, where it also forces the browser to render an image or a text. Then it uses these images to retrieve information like device screen resolution, graphic cards, etc.
Media Device fingerprinting
Device fingerprinting uncovers information about all the media devices, especially their IDs on your device. Meaning that it can reveal both internal media components like audio and video cards and external media components like headphones, mikes and external speakers.
But this technique is not widely used because the fingerprinting script requires user permission to access media devices like the camera and the microphone.
This technique uses the same approach for fingerprinting the canvas printing utilizes. But rather than creating an image, this technique test how your device plays sound.
The sound waves generated from the sound are different because of the variations in the browsers and the devices’ audio configurations. Thus, this method can decipher the devices’ information like sound hardware and software, CPU architecture, etc.
AudioContext fingerprinting is comparatively a new technique identified by researchers at Princeton University, based on AudioContext API in modern browsers. It uses the characteristics of the audio signature of devices rather than the sound played on them.
Websites can identify variations in audio waveforms using this AudioContext API to extract a fingerprint, which is a property of machines’ audio stack.
There is a test page from Princeton University to test the browser fingerprinting Using the AudioContext and Canvas API. You can see an image of the audio context fingerprint and the properties used to generate it.
Several websites are dedicated to checking your browser fingerprinting with a score of how unique it is and a breakdown of what kind of information they track with the fingerprint. Lets’ see from this section such browser fingerprinting checkers.
This open-source website amiunique.org lets you discover how identifiable you are on the internet.
The main purpose of them is to “study the diversity of browser fingerprints and provide developers with data to help them design good defenses.” It implements both canvas and WebGL fingerprinting to provide users with many global statistics and browser characteristics.
Go to its homepage and click on the “View my browser fingerprint.” link. It will then generate the fingerprint and provide the list of data used to create it.
You can also download this fingerprint and use its browser extension to let it keep tracking your fingerprint.
The website will collect your browser fingerprint and put a cookie on your browser for four months to help with their purpose.
Am I Unique allows users to download their browser fingerprint and features a browser extension for Chrome that will keep track of your fingerprint over time.
Cover Your Tracks is a website by the Electronic Frontier Foundation that allows you to understand the uniqueness of your browser fingerprint.
It is a research project that investigates the tools and techniques of online trackers. Once you click on the ‘Test your Browser link on its home page, it will generate the following information.
In addition to that, it provides detailed information on the different tracking properties. This information also helps EFF to evaluate the third-party trackers and identify protection methods.
Privacy.net gives you an idea of what information websites, advertisements, or widgets find about yourself when you visit them. The website has several tests which evaluate your browser privacy in steps.
Device Info is a browser security and privacy testing and troubleshooting tool that lists all the information the websites can gather about your device.
The list is so long that you may wonder how much information can be gathered and provide to outside parties. Following are some of the interesting information it can reveal.
Hidester, a VPN company, also provides a free tool to test browser fingerprints. You can first see if your browser is Adblock enabled or not, do not track enabled via http or navigator and the browser fingerprint.
Additional information reveals how much time it took to calculate the fingerprint and the basic information about your device and the browser.
Now you know how much information websites use for browser fingerprinting, you must be thinking if you can completely prevent it. Browser fingerprinting is quite a powerful method thus, challenging to stop completely.
You can take certain security and privacy measures to control it, but there are some downsides. So, here are some steps you can take to avoid this.
Usings common browser is a simple hack to make your fingerprint as less unique as possible to reduce tracking. Because using a common or popular browser means many users are using it, you are less likely to become a target.
For example, Chrome and Safari are the most used web browsers worldwide according to browser market share statistics by 2021, and Microsoft Windows is the most used operating system.
However, always make sure to use the latest version of the browser or the OS you intend to use because each OS and browser can have the latest security updates for battling device fingerprinting.
For example, the latest Mozilla browser can prevent fingerprinting by blocking any third-party requests by companies that have been identified as participating in fingerprinting.
If you’re seriously concerned about preventing browser fingerprinting, using the TOR browser could be the best solution.
Because Tor has been designed to achieve maximum privacy for the user, it enters the Tor network when you connect to the internet with the Tor browser. It connects Tor nodes encrypting and privatizing your data.
This hides the source or destination IP addresses. It will further prevent browser fingerprinting by standardizing several browser characteristics.
Some of the settings of Tor are identical for every user, which makes fingerprinting techniques generate unique browser fingerprints with the rest of the characteristics. However, using the Tor browser with a VPN may slow down your browsing speed.
Like the Tor Browser, anti-fingerprint browsers provide a lot of privacy than normal browsers, where they block tracking by default. For example:
Using the Incognito or private browsing mode in browsers like Chrome, Edge, Safari, and Firefox is another simple way to reduce the chance of generating a unique fingerprint.
When you browse through incognito mode, it will not save your online activity like search history, passwords, and cookies. Once you close such a private window, it will clear your browsing session.
It is impossible to completely stop websites from assembling your fingerprint by using this mode. However, you can still reduce the number of data points websites can obtain for fingerprinting by going incognito or private browsing.
Using a virtual private network (VPN) every time you surf the internet is another way to reduce the effects of browser fingerprinting. VPNs create an encrypted tunnel between your device and the VPN server hiding your IP address.
Because of this, a browser fingerprint won’t use any information related to the device’s actual IP address. It is good to use a popular VPN and use it with other prevention techniques.
However, this is not the best method to avoid fingerprinting because much other information than the IP address is still accessible.
Anti-malware software provides an extra layer of protection for browser fingerprinting and the devices’ overall security. This software can prevent harmful scripts, ads, malware, or spyware directly linked to the browser’s fingerprint.
They can scan the whole system and detect any downloaded files containing scripts.
There are security plugins you can install which will prevent fingerprinting scripts or trackers. Plugins like Privacy Badger, Disconnect, AdBlock Plus, and NoScript can block any harmful ads spying on you and any third-party trackers.
Privacy Badger, for example, can learn automatically to block invisible trackers. Also, you can allow those security plugins to run scripts only on specific websites that may be essential to render smoothly.
Browser fingerprinting has become one of the threats to online privacy. Not only do websites collect usual information like your IP address, but browser fingerprinting uses a lot of data points to create your unique browser fingerprint.
We will see more accurate methods evolve for browser fingerprinting with technological advancements. Meaning that it will be difficult to get away from it completely.
Thus, we recommend smartly using a combination of safe browsing methods discussed in this article to tighten your privacy and stop being a target of browser fingerprinting.
Is browser fingerprinting similar to cookie-based tracking?
No. Cookies and browser fingerprinting are completely different. Cookies get stored in the users’ devices, and users can delete them or expire. But browser fingerprints do not remain on the user’s devices. Moreover, fingerprints can update with the changes to the user devices and browsers. Thus, they are more reliable and remain longer than cookies.
Is browser fingerprinting legal?
Yes, it is legal in many areas of the world. For example, even though the General Data Protection Regulation (GDPR) of the European Union has regulations over cookie-based tracking, browser fingerprinting-related laws have not yet been in effect.
What is cross-browser fingerprinting?
Earlier, browser fingerprinting was limited to individual web browsers. It means If you switch to another browser regularly, your fingerprint cannot use with other browsers. A research paper (Cross-)Browser Fingerprinting based on OS and Hardware Level Features reveals browser fingerprinting works across multiple browsers, with more accuracy than single-browser fingerprinting.
How can you block fingerprinting in Firefox?
Firefox has a new fingerprint blocker which you can enable from a few steps. Open Firefox and click on the settings and then Privacy & Security tab. On the resulting page, select the standard browser privacy option, which automatically blocks fingerprints.
Is browser fingerprinting reliable?
Studies have found that browser fingerprinting is a very accurate way of identifying unique users. For example, in a study that has collected 3,615 fingerprints over three months, browser fingerprinting has had a 99.2 percent success rate.