What is Browser Fingerprinting and Why Is It Important?
Everyone is talking about online privacy, whether it’s to declare it a potential terrorist threat or to claim it as a constitutional right.
While many of us have turned to adblockers, VPNs, and other cybersecurity tools to protect us and hide our online activities, few of us understand the full scope of online tracking or how it’s used to create a browser fingerprint that’s unique to each individual.
Browser fingerprinting sounds like something you might undergo if arrested for cybercrimes but it’s happening to all of us every time we connect to the internet. Whether you’re buying a birthday present online or scouting around for a new gym, trackers are consuming this information as you go and turning it into a clear picture of who you are.
Keep reading to find out more about the dangers of browser fingerprinting and what you can do to stop it.
What is Browser Fingerprinting?
The definition of browser fingerprinting is a technique used to track and identify an individual user each time they visit a website. The process requires the website itself to collect the information which is then used to create a unique identifier or browser fingerprint.
Rather than using the physical patterns on your skin, a browser fingerprint uses tiny pieces of information. For instance, if you think of the primary ridges that form your fingerprint when it comes to your browser fingerprint, this is made up of things like your device’s operating system, language settings, screen resolution, and location.
Information from individual sites, cookies, plug-ins, add-ons, and the like add in the detail required to narrow down the field and pinpoint a single user. In other words, each time you visit a website, you hand out another crumb of information about yourself, and these are used to fill in the blanks between the main ridges of your browser fingerprint. In an ironic twist of fate, even the adblocker you’re using can act as an identifying feature, making you even more unique.
How Does Browser Fingerprinting Work?
When the internet first came into being, you would have to reload a site repeatedly to access live updates but that changed with the introduction of JavaScript, which led to a more dynamic online experience. JavaScript was capable of much more, however, and, as the language became standardized, so it meant browser could offer more features and a more personalized online experience to its users.
JavaScript acts as a “bridge between the browser and the platform it is running on” and, by incorporating information from the user’s environment, can create a unique experience based on the user’s behavior.
Browser fingerprinting doesn’t just work out which websites you’ve been to, but this technique can also analyze the fonts you use to figure out what operating system you’re using. By using a complex technique that involves HTTP, JavaScript, and other complex methods and algorithms, browser fingerprinting can create a profile containing the following:
- The browser your using
- What time zone you’re in
- Your cookie preferences
- The plug-ins you use
- Your favorite fonts and average typing speed
- Whether you use an adblocker
This doesn’t sound like a world where your online privacy is being protected, does it? And, to be fair, in most instances it’s not. According to the Electronic Freedom Frontier, “there is a tradeoff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy”.
The basics of browser fingerprinting were discovered in 2009 when an undergraduate at Princeton University, Jonathan Mayer, “noticed that a browser could present “quirkiness” that came from the operating system, the hardware, and the browser configuration”.
A year later, a more in-depth study that used social media sites and other data sources to collect the data, browser fingerprinting became “much more precise”. These days, the Electronic Frontier Foundation’s Panopticlick technique uses JavaScript to “successfully identify 99.2 percent of users”.
That’s a sobering thought when it comes to our right to privacy and yet, surprisingly enough, there are some advantages to browser fingerprinting.
Pros and Cons of Browser Fingerprinting
Pros
There are some valid reasons for websites to collect this information and they would be virtually unreadable without it, failing to adjust to accommodate your device’s operating system, language settings, screen resolution, or location. Browser fingerprinting is also advantageous for the user as it prevents botnet click fraud and provides suggestions based on your browsing history.
If you delete your cookies, you’ll find out just how much you rely on them. Any items you had saved in online shopping carts will be gone, any login information saved to your browser will be lost, and all your website preferences will have to be reconfigured. Similarly, you may find suggestions and adverts are less relevant to your life than they were in the cookie days because you have effectively deleted part of your digital fingerprint.
Browser fingerprinting is the use of information gleaned from your online behavior to create a unique profile of who you are. Browser fingerprinting is also used by banks and other institutions to improve online security. By using browser fingerprinting as a form of electronic authentication in conjunction with the user’s login information, it’s possible to prevent unauthorized access to a system or account.
Cons
The most obvious disadvantage of browser fingerprinting is the negative impact it has on online privacy, especially given that much of it can be conducted without the user’s knowledge or consent. Your online data is valuable and data brokers make money out of it by using browser fingerprinting to create a profile that they can then sell to marketers and advertisers who, in turn, use it to inundate you with content recommendations and personalized adverts.
The security-conscious out there may be feeling rather smug now, thinking how their digital fingerprint is hidden behind layers of encryption provided by a combination of VPN and Tor. Sorry to burst your bubble but research indicates that advanced fingerprinting techniques “can be used to identify Tor users”. In today’s cyberspace, there is nowhere to hide!
There’s always a cybercrime contingent to anything that happens online, and cybercriminals are just as keen to get their hands on your browser fingerprint as advertisers. If a hacker knows what software you’re using to access the internet, they can deliver tailormade attacks and viruses that will be harder to detect.
A nefarious ISP could also use browser fingerprinting to inject invisible JavaScript into the code you’re using to connect to a website and gather data via a sophisticated type of Man-in-the-Middle attack. According to one study, the injected code could analyze the device fingerprint and then send a complete “record of the browsing history” to whomever they wanted, be it government officials or cybercriminals.
While those threats are real, the main issue with browser fingerprinting remains that it impinges on user privacy. There are sneaky and sophisticated techniques involved in browser fingerprinting and knowing where to look for them and how to disable them requires some pretty advanced computer skills. In other words, most of us have little hope of protecting our online privacy without the assistance of a cybersecurity tool or two.
Browser Fingerprinting Techniques
Most of us are familiar with cookies, especially since the European Union’s adoption of the GDPR, but who knew that those little packets of data contain information about the font size you use when browsing, or that you usually browse on an iPhone so it needs to present content using the best settings for your device?
Cookies may be small but they’re powerful and contain detailed information about your browsing habits and online activities.
A more recent development in browser fingerprinting is canvas fingerprinting which relies on the latest coding features in HTML5. This coding language is used to create websites and forms the core of what you see online. Within it is the ‘canvas’ element which generates content based on your chosen browser background color and font size. Websites using canvas fingerprinting use this information to create a unique fingerprint for each visitor to the site.
While you can choose to block cookies and delete them, canvas fingerprinting doesn’t load anything onto your computer, so there’s nothing to delete. This makes it more difficult to detect and nearly impossible to prevent.
How to Lessen Browser Fingerprinting
While we usually offer concrete solutions to cyber threats, in the wake of canvas fingerprinting, the techniques used to create your online fingerprint are so sophisticated, no complete solution is available. There are ways to reduce the threat, however, and boost your online privacy, but few of them involve the traditional approach.
You could, of course, use a VPN to mask your online activities and your original IP address, but this will do little to stop tracking or browser fingerprinting. While one of the best VPNs is a valuable cybersecurity tool when it comes to preventing IP tracking, there’s little it can do to protect against the fingerprints your device or browser might be leaving behind. In fact, according to one survey on browser fingerprinting, VPN users are even more vulnerable to device fingerprinting than those not using a VPN.
According to the survey, “Users funneling their network packets through a VPN (Virtual Private Network) are particularly vulnerable to browser fingerprinting as the VPN will only mask the IP address but it will not change the browser’s information”.
Peter Eckersley of the EFF also noted, “Paradoxically, anti-fingerprinting privacy technologies can be self-defeating if they are not used by a sufficient number of people”. Fortunately, software developers seem to be catching onto the privacy issues surrounding online tracking and browser fingerprinting and are introducing new features and products to address the problem.
Get Identity Theft Protection
While your browser fingerprint isn’t the same as your digital footprint nor your offline identity, tracking techniques are so sophisticated that cybercriminals won’t have a hard time linking them all together. While you’re taking the necessary steps to obscure your browser fingerprint, it’s worth keeping an eye on the rest of your online identity.
The best identity theft protection services will alert you the moment any of your personally identifiable information is leaked onto the Dark Web. Such services can not only help protect your business against identity theft but can also help reduce tracking and minimize browser fingerprinting.
Invest in Antitracking Software
Avast is one of the best antivirus software developers so it’s little wonder it’s one of the first to come up with an anti-track tool. Avast AntiTrack Premium is designed to expose and block invisible trackers, disguise your online behavior to make it more difficult to trace, hide your online purchasers to prevent targeted advertising, and remove cookies and other indicators from your browsing history.
Other antitracking tools are available, including the rather sophisticated Kameleo which includes an Intelligent Canvas Spoofing Mechanism designed to trick machine learning algorithms and block canvas fingerprinting. Even this isn’t foolproof, and nor is it cheap, but it does go a lot further than many of the alternative solutions available at present.
Add On An Adblocker Browser Extension to Prevent Canvas Fingerprinting
Even free adblockers and browser extensions can go a long way to reducing the clarity of your browser fingerprint. Not only are you seeing targeted adverts courtesy of those pesky trackers, but, in many instances, the adverts you’re looking at are also collecting data.
Adblockers like AdBlock Plus don’t just block the tracking cookies, but also blocks the script that would communicate with them. As a result, it also helps prevent canvas fingerprinting.
Change Your Browser Settings
Advanced users who feel comfortable behind-the-scenes of their software can tinker with the settings in their browser to make it more secure. Firefox is one of the most security-conscious web browsers and, like Safari and Brave, already block third-party cookies in its default settings. If you want more protection against browser fingerprinting, however, you can also disable WebRTC and reduce the risk of your original IP address being leaked or tracked.
Get a Password Manager
Password managers do a lot more than just protect your passwords – they also alert you to security vulnerabilities, like passwords you’ve used repeatedly or ones that are weak and easy to guess. The best password managers improve your online security overall and can help impede the threat of browser fingerprinting.
Use Tor
Connecting to the Tor network will hide your IP address behind several layers of encryption. The most vulnerable point is the place where you access the network so, if you use a VPN to mask that, you’re as good as anonymous and almost invisible. The problem is, the Tor network doesn’t change the HTTP request so, “if a cookie ID or a browser fingerprint is present in the payload, a server can uncover the true identity of a user”.
Nevertheless, experts say, “the Tor Browser can [still] be considered as one of the strongest defenses against browser fingerprinting”.
Conclusion
When it comes to protecting your online privacy, browser fingerprinting is as a big a threat as supercookies and IP tracking. Not only is browser fingerprinting relatively easy to perform, but it’s also surprisingly accurate and potentially permanent. Once you’ve been fingerprinted, someone, somewhere will always know what you’re up to.
Browser developers are looking at ways to reduce the threat of browser fingerprinting but it’s a delicate balance for some. Google Chrome, for instance, hasn’t yet introduced the blocking of third-party trackers by default because it’s still trying to find a happy balance between user privacy and advertising revenue.
In his paper on How Unique is Your Web Browser? Peter Eckersley urges policymakers to “start treating fingerprintable records as potentially personally identifiable, and set limits on the duration for which they can be associated with identities and sensitive logs like clickstreams and search terms”.
Whether this is a development that happens in our lifetimes remains to be seen but, in the meantime, reinforcing your cybersecurity with tools like a robust antivirus and reliable VPN is the first step in obscuring your browser fingerprint, while adding an adblocker to your browser will prevent more distinguishing features from being added to it.
Article comments