Browser Fingerprinting (What Is Browser Fingerprinting?)
Websites use different methods to track visitors, including super cookies and cookies. Browser fingerprinting is a newer method of user tracking that allows websites to track users even after they have deleted their cookies.
This article will explain what browser fingerprinting is and give tips on browser fingerprinting protection to lower your likelihood of being “fingerprinted” by major websites. You can use the table of contents below to skip around among topics.
What Is Browser Fingerprinting?
Browser fingerprinting is a technique for tracking users by collecting the configuration and settings of their browsers. The websites that use browser fingerprinting can create unique fingerprints of computers that are difficult to spoof.
Once users visit a website, the combination of their browser version, plugins installed in their system, screen resolution, time zone, language, system fonts, etc., creates a unique fingerprint.
These fingerprints can be used to track users across websites, even after they’ve deleted their cookies.
Websites add a JavaScript code to the HTTP request response for a particular user. The JavaScript code then scans the parameters of the browser that are public. Finally, it creates a digital signature for that particular data.
Every data point, such as plugins and installed fonts, makes the user’s device more unique. In this way, the device becomes easier to identify for a website.
Browser fingerprinting vs. cookie tracking
The main difference between browser fingerprinting and cookie tracking is that internet users are much more aware of how cookies work, so it is easy to know when they’re being tracked. When a cookie is created, the website that placed it has access to personal data. Usually, browsers have tools for blocking cookies or warning users when they are being tracked.
However, browser fingerprinting does not rely on persistent cookies, so users won’t be able to block them easily. Instead of using cookies, websites use JavaScript code to track users.
Browser fingerprinting is a powerful tool for companies and websites because it can track users across multiple devices and browsers. Cookies are limited by their storage space. However, browser fingerprinting can track the exact device used to browse the web.
Browser fingerprints also help websites store information about a user’s behavior, such as the pages visited or requests sent.
Is browser fingerprinting legal?
Yes, browser fingerprinting is legal. In the U.S., there are no laws for data protection. Although Vermont’s Data Broker Law and California Consumer Privacy Act (CCPA) regulate forms of data collection and online tracking, they don’t have any provisions for fingerprinting.
Methods of Browser Fingerprinting
Today, browser fingerprinting has become increasingly common. Websites use different methods to track users. Here are some popular approaches.
Audio fingerprinting
Audio fingerprinting refers to the tracking method that uses the unique sound pattern of a user’s microphone. When a website plays a specific sound into your microphone, it can identify the browser you’re using and your device.
For example, if you have Chrome open on an iPhone but then switch to Safari on Mac OS X Yosemite, the site will detect this change. Sound waves give a lot of information about your device to the websites, such as drivers, software, and sound hardware.
Clock skew
Some websites use extreme measures to track visitors, such as clock skew. It refers to when electrical signals from network devices are used to get information about the user’s system time.
By doing this, websites can track more information about users, including browser versions or plugins installed on their devices. Clock skew was not considered a popular method of tracking in the past. However, technologies today have made it easier for websites to use clock skew.
Hardware temperature variations affect clock skew, allowing websites to differentiate one user from another.
With sufficient numerical analysis and data, websites can use the difference in clock skew to determine multiple aspects of a system, such as hardware specifications.
HTML5 canvas
HTML5 Canvas is a modern way to track users. It uses the HTML5 Canvas element, which renders an image based on the user’s device data, such as screen size and installed fonts.
It allows websites to accurately identify visitors’ browsers by requesting a rendered canvas image from their browsers. The technique can determine whether or not a user has changed their system.
HTML5 Canvas can show many things about a system, such as the GPU, browser, and operating system. Since GPUs render images differently, HTML5 Canvas picks up this change and acquires device-specific characteristics.
Rendering and WebGL fingerprinting
Both these techniques work much like Canvas fingerprinting. They force your browser to render images. The results are then used to infer information about your device’s graphics system and hardware.
WebGL fingerprinting is a technique that uses WebGL, a JavaScript API used in web browsers, to render interactive 3D graphics. It gives websites access to your GPU and allows them to create a unique signature for your device’s graphics chip.
GPU rendering is quite different from CPU rendering, which might explain why these techniques can identify devices even within the same browser family.
Browser plugins
Website owners often use browser plugins to track their visitors. Companies can exploit these plugins to add extra code and collect data about users.
They can also send information about the device and operating system, such as the version of Flash installed on it or Java Virtual Machine (JVM) statistics.
These pieces of information allow websites to create a unique signature for your browser.
Device fingerprinting
Device fingerprinting is the process of collecting data about a device and creating its unique fingerprint. When websites collect this information, they can create a profile of the device to track users’ actions over time.
Most browsers store user agents, IP addresses, screen resolutions, system fonts, color depth, and other important characteristics that developers use for browser detection.
Since certain features vary from one browser to another, websites can use the difference in these features as a way to track users. Device fingerprinting uncovers media devices on your computer, including internal media components, such as your video and audio card.
This technique also gets information about connected devices, such as headphones.
Transparent pixels
HTML5 Canvas and WebGL fingerprinting techniques share similarities with transparent pixels, which is a technique that redirects client-side rendering tasks to the server side.
The redirection allows websites to collect information about browsers, screen resolutions, browser plugins, and other system characteristics.
Since you can’t change your IP address or DNS without changing the internet connection, websites can use these pieces of information to track you.
It’s not accurate enough to identify your name or address, but it works for other things like your interests, probable age, etc.
Why Is Browser Fingerprinting Used?
Internet users today are highly concerned about their privacy on the web. As a result, many people block and delete cookies to prevent tracking. Because of this, using methods that rely on cookies has become inefficient. That’s why websites use browser fingerprinting instead of other ways to track visitors.
Browser fingerprinting allows companies to track users more accurately and store their data on servers. Besides websites, “data brokers” also use browser fingerprinting to collect information about users on the internet.
Although browser fingerprinting trackers don’t necessarily match a user’s activity on the web with a name or a face, they can derive sufficient information from the websites a user visits, the searches they perform, and the kind of content they usually consume.
Using this information, these trackers create a user’s general profile with defining characteristics, such as language, interests, location, and age range.
Then, they sell this information to marketers and advertisers who use these details for content recommendations and creating personalized ads.
Initially, browser fingerprinting was used to prevent the following:
- Software Piracy: Security firms used fingerprinting to detect users who downloaded pirated software.
- Gaming Cheats: Online gaming sites use fingerprinting to stop players from modifying their system configurations or cheating in games.
- Credit Card Fraud: Websites used browser fingerprinting to create “online personas” of users that could be used to prevent credit card fraud. Since the website had the credit card owner’s “fingerprint,” it could decline requests for transactions from users with different fingerprints.
Now, companies have mastered the technique and use it as a way to track users online. They do it to make their marketing campaigns more accurate based on the consumers’ interests and requirements.
Browser fingerprinting for dynamic pricing
Companies also use browser fingerprinting for dynamic pricing. In today’s competitive market space, businesses use dynamic pricing to:
- Boost Sales. Dynamic pricing can help businesses make more revenue by offering special deals and discounts to specific users. They can then thrive in the highly competitive market space by offering products at attractive prices.
- Maximize Profits. Businesses can also increase their profits by selectively making certain products and services available to users with high purchasing power.
- Protect Brand Value. Dynamic pricing can help protect the brand value of businesses that use it. For example, companies that sell luxury goods such as perfumes and clothing can use dynamic pricing to stop gray markets from developing around their products. It is a major threat to a brand’s value because it can reduce the exclusivity of a product.
By using browser fingerprinting, businesses can determine which people are checking out their products or services and show them personalized offers depending on the type of device they use to browse.
Likewise, businesses can get more insights into customer behavior and demographic data to implement effective marketing strategies.
How To Prevent Browser Fingerprinting?
Getting browser fingerprinting protection is very difficult since browsers use HTTP headers to assign a user a fingerprint. Since these headers are an important component of requests sent to browsers, the only practical way to completely stop browser fingerprinting is to not use the internet.
However, you can mitigate the risk of browser fingerprinting in the following ways. These practices make it difficult to track your online identity and ensure that advertisers don’t get access to your personal information or web browsing history.
Disable Flash
Flash allows websites to access the graphics processing unit to change colors, text, and objects on a web page. Therefore, websites can easily identify your system from other users who have different graphic cards.
In addition, Flash also records your activities on the web. To prevent this type of tracking, you should disable Flash in your browser by going to the “settings” tab and unchecking the “Allow sites to run Flash.”
Fortunately, many browsers have stopped using Flash or will discontinue its use soon. However, if your browser still uses Flash, you can uninstall or disable it right now to prevent browser fingerprinting.
Reduce the number of plugins and extensions
Browser plugins are usually created to handle certain tasks such as playing videos, managing downloads, and blocking advertisements. However, they also create unique browser fingerprints since each plugin has a different “signature.”
In addition, some plugins collect information about users that can be used for fingerprinting. Therefore, it is recommended that you review the list of plugins installed on your browser by going to the “settings” tab and clicking on the “Show advanced settings” option.
Then, click on the ”content settings” button in the ”privacy section.”
You can disable third-party plugins from this window (which should be open by default) since they can create unique fingerprints similar to tracking cookies.
The more extensions and plugins you have on your browser, your fingerprint will be more unique. Therefore, you should minimize the number of extensions and plugins on your computer.
Keep in mind that merely disabling the extensions won’t be helpful. They can be used for browser fingerprinting since they’re still in your browser. Instead, you should use extensions for Javascript disabling. Such an extension disables the use of JavaScript.
JavaScript is a programming language that allows developers to add content and features to web pages. Often, websites use JavaScript for fingerprinting programs.
By disabling JavaScript, you can prevent your browser from enabling these fingerprinting tools and creating a unique fingerprint. If you need to enable JavaScript for a specific purpose, you can do so by going to the settings again.
Otherwise, it’s best to keep it turned off to prevent unwanted tracking.
Update all software
It’s important to update all of your software regularly to ensure that you always have the latest version of the program and security updates. Updates prevent users from using insecure connections or unpatched systems.
You can keep third-party fingerprinting tools out of your system and browser by keeping your system updated.
Use plugins
You can use certain plugins, such as AdBlock Plus, Privacy Badger, and NoScript, to block scripts designed to enable invisible trackers and spying ads.
However, make sure you’re not using too many plugins as they make it easy to fingerprint your browser.
Use incognito mode
The incognito mode is the most popular and the easiest way to prevent browser fingerprinting. It can be used on all modern browsers and allows you to browse anonymously without saving any information about your system or computer.
When you open a new tab in incognito mode, your browser does not save cookies or any other temporary files that allow advertisers to track your activities online. Therefore, if you regularly use incognito mode, your browser will have a consistent fingerprint that can’t be used to track you.
However, keep in mind that your bookmarks and other extensions are still active when browsing anonymously. So, consider removing or disabling them before entering the incognito mode so they don’t send any data and create unique fingerprints for your browser.
Use a VPN
A virtual private network (VPN) can be an additional tool to prevent fingerprinting by changing your IP address. It allows you to change the information sent to websites, so they see it as originating from another country, city, or even a specific device.
VPNs encrypt all of the traffic that goes through the network, which adds to anonymity and prevents third parties from knowing exactly where you are, who your ISP is, and what websites you visit.
However, VPNs can also slow down the performance of your browser since all traffic needs to be encrypted before being sent to the network. Large file downloads might take longer but will still work even if they’re slower than usual.
While using a VPN is a simple and effective way to prevent fingerprinting, it does come with one major drawback. Since all of your traffic is encrypted before being sent through the network, the VPN cannot selectively send certain data.
Therefore, if you’re using a service that allows location spoofing without encryption for better performance, the VPN will have to send all of your traffic through the encrypted channel and will be unable to fake your location.
Use anti-malware tools
Malware can be used to discover your browser fingerprint, track you across multiple sites, or even steal sensitive data.
Therefore, it’s best to have anti-malware tools installed on your computer that can scan all of the traffic moving through your system and remove malicious programs.
With advanced malware protection tools in place, you don’t have to worry about your browser fingerprint or other data being sent without your knowledge.
Use specialty browsers
Like a VPN, Tor is an additional tool that can help you avoid fingerprinting by hiding your IP address and other important details like browser, operating system, and hardware information.
By using encryption and moving data through multiple servers in different parts of the world, Tor helps to anonymize your online activities.
However, like VPNs, Tor can slow down performance since it encrypts all of the data that goes through the network before sending it to different nodes.
If you’re serious about preventing your system from being identified and want to keep third parties away, you should consider switching to a “privacy-oriented” browser such as Tor Safari.
It uses the Tor network, which routes traffic through multiple servers and encrypts it along the way. Thus, it can make it harder for ISP or anyone else to track you.
Tor is an open network that allows users to browse the web anonymously and access blocked content. The system uses multiple layers of security to encrypt and route data through a series of relays.
The downside is that since many people use Tor, it’s slower than regular browsers. Therefore, you might experience slower browsing speeds when accessing websites with Tor Safari. It’s also worth noting that some sites block the browser entirely due to the extra security.
Don’t use your smartphone
With device fingerprinting, data brokers can use your device’s hardware and software information to create a unique fingerprint based on the way it functions. This includes your set of installed web browsers, browser extensions, screen resolution for text, time zone, system fonts, plugins, and language settings, among other things.
Many people get their smartphones from mobile carriers with pre-installed apps or even special plans. Data brokers can create unique fingerprints based on the number of devices available in each region.
Therefore, if you want to keep your fingerprinting profile as minimal as possible and prevent others from identifying your system, it’s best not to use a smartphone when browsing.
Although it’s impossible to completely prevent browser fingerprinting, you can still reduce your risk with these simple methods. By disabling Flash, minimizing the number of plugins and extensions, and updating software regularly, you’ll be a lot more secure from third-party tracking.
Use randomization and generalization
Keep in mind that you cannot shut off website scripts collecting your personal data since that will make it impossible for websites to work. But you can confuse the website scripts through generalization and randomization.
Generalization
Generalization is about masking your system with fake information to confuse the website scripts. In other words, instead of showing all of your specific data elements, you can remove or change some of them from being sent across the network.
It manipulates the API results of the browser and makes your requests seem generic. Simply put, it masks the unique attributes of your system and allows you to blend in with other users.
Randomization
Randomization refers to changing your data elements to different ones. For example, you can use a different browser language for a session.
As far as website scripts are concerned, using a hashtag in your email address can be helpful for generalizing your identity. A hashtag or having a dot between the first and last name contributes to anonymization.
Even changing your language on social media platforms can help you since some websites use these settings to create targeted ads.
Additionally, instead of using the real IP address, you can use IPs located in other countries. You can do so by intercepting traffic through a proxy server.
Proxy servers allow your browser to access the internet anonymously, which prevents you from being tracked. By using a proxy server, you can make it harder for websites to track your physical location, demographics, and other information.
Two types of proxies are most commonly used:
- Residential proxies: A residential proxy allows you to choose a location and surf the web as a real residential user in that area. It is an intermediary between your browser and the destination server. That’s why people can’t trace you if they know your IP address since it will be different from where you really are. But make sure to stay away from free services since most of them don’t work as well as paid ones. Rayobyte’s residential proxies allow you to surf the web without worrying about someone finding your real location.
- Data center proxies: These proxies come from server centers with thousands of connections to the internet. They allow you to fake your IP address and make it look like you’re connecting from there instead. Rayobyte’s data center proxies allow you to surf the web via a server located in popular regions such as Europe, Asia, and North America. By using a popular or common location, you can lower your browser’s uniqueness and minimize the risk of browser fingerprinting.
Browser Fingerprinting Protection: How To Improve Browser Uniqueness?
Now you know what browser fingerprinting is and how you can minimize the risk of data brokers doing that to your system. Apart from these methods, you can also minimize fingerprinting by making your system less unique.
The more unique your browser is, the easier it will be for data brokers to track you and separate you from other visitors.
Here are some ways to lower your browser’s uniqueness.
- Use a popular browser. When you use odd browsers, it increases the uniqueness of your browser and makes it easier for data brokers to separate your identity from other people. Meanwhile, if you use a commonly used browser, a data broker will have a hard time differentiating you from other online users.
- Lower plugin use. As mentioned earlier, lower the number of plugins and extensions you install. It will lower your system’s uniqueness since plugins and extensions can be used for browser fingerprinting.
- Reduce language preferences. If you request web pages in different languages, it will make it easier for data brokers to track you. Instead, narrow down the number of preferred languages on your browser.
- Avoid custom user agents. A user agent is a piece of data that tells the computer to use a different language when it accesses a website. By default, the user agent is set up depending on your browser’s location. When you request pages in languages other than yours, it will make it easier for data brokers to identify you. Thus, avoid sending custom user agents when browsing online.
- Disable autoplay. Disable autoplay for videos and audio. This way, you’ll make your browser more unique and stay safe from audio fingerprinting.
How Can You Test Your Browser’s Fingerprinting?
If you want to check your browser’s fingerprinting, you can use a browser tester, like Cover Your Tracks. This tool is a project of the Electronic Frontier Foundation and allows you to test your browser’s fingerprint.
You just have to click on the “Test Your Browser” button and follow the on-screen commands. The tool runs multiple tests to assess the identity of your browser. It also checks if your browser blocks ads, “whitelisted” trackers, and invisible ads.
Plus, it also checks if your browser is protected from browser fingerprinting on the whole.
FAQs
Here are some frequently asked questions about browser fingerprinting.
Can my browser be fingerprinted?
Your browser can be fingerprinted if it has unique features. These features include browser extensions, plugins, and languages you’ve accepted, among others. Your IP address location can also contribute to your browser’s uniqueness. Since these aspects are imperative to internet surfing, it’s practically impossible to completely eliminate the risk of browser fingerprinting.
Who uses browser fingerprinting?
Data brokers use browser fingerprinting to identify and track users. They can then use this information for marketing purposes. Web advertisers also use the information collected through browser fingerprinting to target ads towards specific groups of people.
Can a browser protect you from fingerprinting?
Some browsers protect you from fingerprinting as they have disabled Flash. They also block third-party requests from companies known to be involved in fingerprinting.
Does using Tor help?
Yes, you can use the Tor browser to prevent fingerprinting. In this way, you’ll be able to remain anonymous online by avoiding the unique features of your computer.
Final Words
Before individual internet users can take active steps to prevent browser fingerprinting, they need to know what it is and how it works. Plus, experts need to explain the importance of privacy to raise awareness. That way, you can avoid any threats to your online freedom and anonymity.
Browser fingerprinting gives data brokers access to your information that can be used for personalized ads and, often, nefarious practices.
Some ways to minimize the likelihood of browser fingerprinting include disabling or deleting tracking cookies, turning off third-party scripts, and avoiding plugins. Also, consider using the Tor browser for greater anonymity online.
You should also lower your browser’s uniqueness by disabling autoplay videos. If you want to know whether your browser is prone to fingerprinting, you can also test it using the EFF’s Cover Your Tracks tool.
All in all, it’s imperative to be familiar with browser fingerprinting protection, as having a secure browser that offers greater anonymity and higher security is vital for every individual.
The information contained within this article, including information posted by official staff, guest-submitted material, message board postings, or other third-party material is presented solely for the purposes of education and furtherance of the knowledge of the reader. All trademarks used in this publication are hereby acknowledged as the property of their respective owners.