browser fingerprinting featured image

Browser Fingerprinting: Why it’s such a huge problem

Last edited: October 29, 2019
Reading time: 7 minutes, 39 seconds

We here at VPNOverview enthusiastically endorse the use of VPNs to all internet users to ensure a better and safer online experience. VPNs offer more online freedom, safety, and anonymity in one neat package. Freedom by getting around geo-blockades. Safety by encrypting your internet traffic. And anonymity through hiding your IP address.

However, hiding your IP address is no longer enough to ensure your online anonymity. There are many ways to identify a person online. Checking an IP address is one of the easiest and straightforward detection methods out there. Your identity can also be revealed through other, fairly simple methods: cookies, malware, using the same email address across sites, or by just logging into an account with your real name and picture.

Since more and more people have started protecting their online privacy over the last few years, more inventive techniques have been developed to identify you online. The most persistent and thorough technique by far is browser fingerprinting (sometimes also called device fingerprinting).

While VPNs mask (change) your IP address, they do not protect many other details about your device and browser. It does not hide what Operating System you are using, what screen resolution you have, or what fonts you have installed on your device. Trackers have caught on to this and managed to use this to their advantage to identify you. This article will take you through the basics of browser fingerprinting and what you need to know about it.

What is browser fingerprinting?

Browser fingerprinting is a way for websites and/or other online trackers to assign a unique profile (or “fingerprint”) to you in order to track you across the web. This fingerprint will then collect your internet behavior, patterns, interests and thus invade your privacy for advertising or other unspecified purposes.

So, even without the aid of an IP address, browser fingerprinting can identify and track you through user-specific data. Instead of trying to figure out your real IP address, fingerprinting focuses on user-specific data about the browser and computer you are using. These details, such as your screen resolution, graphics card, plugins etc., are then used to assign you a unique fingerprint. Browser fingerprinters are sometimes called “cookieless monsters” because they do not have to be installed on your computer or in your browser. They will recognize you without implanting anything. Fingerprinting is more detailed than cookies, does not have to be installed, cannot be deleted, or be defended against by browser extensions.

How does browser fingerprinting work?

Laptop Leaking InformationAs you visit a website, your browser is programmed to pass along a certain amount of information to that website so it can be accurately loaded. With some simple codes and requests, websites can ask browsers to reveal an absurd amount of data about your browser and device. These are details such as your operating system, screen resolution, the fonts you have installed, which extensions and plugins are loaded into your browser, what graphics card you have, what the latest update of your firmware or drivers are. And the list goes on and on, until, eventually, there are so many specific details that nobody but you are left, in the process of user-identification. Computers are so complex, and have so many different levels and versions of software, hardware, firmware, updates, settings, preferences etc., that every single user can be uniquely identified. And this is exactly what happens with browser fingerprinting.

These details, however, do not reveal who you are. Not directly, that is. Not every unique fingerprint or computer is assigned to a name or individual, after all. Because each fingerprint (i.e. the unique collection of specific device and browser data) does not have a name, you are assigned one. You are given a unique fingerprint code. You have one right now, even though you don’t know about it. A browser fingerprint looks like this:

cd1df51c8e2cfa514dfd8b59de2ed757

This string of letters and numbers does not say anything specifically about you, but it is nevertheless an identifier. A way for the site to recognize you when you come and go, what you are looking at, what kind of content appeals to you, and so on. As you go across the web, specific behavior, interests, websites, and patterns are logged and connected to that string of numbers and letters. If you happen to log into a website that contains your personal information, such as Gmail or Facebook, then you have temporarily linked yourself to this identifier. This is temporary because people do not keep the same browser and device forever. Eventually you will get a new one, and then your fingerprint changes. The goal for users who want to be anonymous is to allow this identifier as little personal information about you as possible — otherwise it is impossible to do anything anonymous on the web anymore, whether you have a VPN or not.

What are some concrete examples of browser fingerprinting?

Desktop With Logos of Browsers Edge Brave VivaldiListing every possible way a computer or browser can be fingerprinted is not worth the trouble writing down or reading. There is simply too much to mention. Think of any small detail that your computer or browser has that another one hasn’t — and then multiply by each single variable. The list is endless.

However, there are some very specific “categories” for which you can check. These include, but are not limited to: fonts, monitor resolution, headers, WebGL, WebRTC, media Devices API, MIME Types, Web Speech API, Touch API, Battery status API, System Uptime, Timezone and Clock offset, JavaScript performance fingerprinting, and many more.

For a specific look at some of these categories and how your browser fingerprint compares, have a look at browserleaks.com 

Some other websites where you can get a better idea or feel for your browser fingerprint are:

Interesting to note is that, while you might be relatively anonymous according to one test, you could be perfectly identifiable according to another. There are so many different techniques of identifying someone through browser fingerprinting, that it is practically impossible to fool every single metric.

Why is browser fingerprinting such a problem?

Browser fingerprinting gives big-tech companies such as Facebook and Google (as well as their advertising customers), oppressive regimes, hackers, stalkers, etc. the opportunity to invade everyone’s privacy without any consideration of a user’s consent or even knowledge. This renders people who wish to simply be left alone, not be influenced by ads, investigate controversial subjects, or state unpopular opinions, incapable of doing so without fear of investigation or online reprisals. Moreover, current European Union guidelines on online privacy stipulate that citizens have to be informed about the kind of tracking methods that are employed on a website and have to actively consent or “opt-in” before such tracking takes place. The application of browser fingerprinting is a major disregard of this privacy guideline.

Is there a solution to browser fingerprinting?

Short answer: no. This is the tragic thing about fingerprinting. There is no single solution or method you can undertake that will completely resolve the issue. At best, you can try a number of different techniques, with varying degrees of success, to try to reduce the problem. These will soon be outlined in the next article on browser fingerprinting.

What should you definitely not do?

Fortunately, there are some pitfalls you can avoid to reduce the problem of browser fingerprinting. None of these are particularly hard to execute, but they do require consistency.

  • Do not use one browser for everything: separate your activities according to browsers. That way, each browser has a unique fingerprint and cannot be interlinked. Your download behavior will thus be separated from your social media behavior, for example
  • Don’t log into an account that contains your personal information with a browser that you use for anonymous purposes
  • Don’t browse without a VPN. Browser fingerprinting makes it harder for you to stay anonymous, but this does not mean you should make it easier for trackers to follow you. Hiding your IP address and encrypting your internet traffic is still a valid and important part of protecting your online safety and anonymity
  • Don’t think you can solve this problem by installing a bunch of extensions into your browser or by changing some settings in your browser. The more extensions you install or the more private you set your browser, the more likely your fingerprint will be picked up.

In summary,

Browser fingerprinting is such a huge problem because it invades your privacy in such a way that you cannot fully protect yourself by using a VPN, a specific browser, special browser extensions, or some other form of privacy software. There is no silver bullet to address the problem of browser fingerprinting. The more you try to adapt and avoid being detected, the more conspicuous a target you become. If you install an extension to spoof your screen resolution, you’ll just be that one-in-a-million user who has an extension that spoofs their screen resolution. This makes you, if anything, more identifiable with browser fingerprinting.

Try to reduce your fingerprint by subdividing your activities into different browsers and /or operating systems.

Main author:

More articles from the ‘Anonymous Browsing’ section

Comments
Leave a comment
1
Comments
  1. Another good website that shows information that could be used for fingerprinting:
    https://www.deviceinfo.me

Leave a comment