Browser Fingerprinting: What is it and how to avoid it?
- 1 Browser Fingerprinting: What is it and how to avoid it?
- 2 Types of Fingerprint:
Anonymity has long since stopped being the default mode on the internet. Even if you don’t voluntarily share your information, your every online action is monitored & tracked to provide technology and advertisement firms a way to identify you in the digital world, while labeling this invasion of privacy a means to personalize your online experience. Today’s websites use a wide range of sophisticated techniques to collect information about you and the system you use and use it to identify information pleasing to your specific taste.
A common way for websites to track an individual is by means of a browser fingerprint. As the name suggests, it is a digital identifier made up of tiny bits of your personal data such as your operating system, settings, active browsers, installed plug-ins, etc. used for the purpose of identification. While it might sound unrealistic to uniquely identify a user just by the system they use, the sheer number of customization options and the combinations in which they used to make this realistic. To top it off, technological development allows a fingerprint – once generated – to be unique enough to identify users in 99% cases.
Types of Fingerprint:
The sophistication of digital fingerprinting has meant it has expanded into a number of use cases and types. Below are the types of Fingerprints that you should know.
These fingerprints like the name suggests are created by the data available through the browser you use. Besides the common aspects of installed browser plug-ins (their versions and updates), cookies and screen parameters, aspects like your IP address and Browser Headers (User-Agent, HTTP, ACCEPT, Do Not Track) are also utilized in this.
This will be generated using data that will remain consistent even when you switch browsers such as the underlying Operating System, a number of cores in your machine’s processor, languages installed on the machine, responses to 2D and 3D rendering, among others.
As you already know, for a user to view a webpage, some data such as the URL of a webpage and metadata (HTTP Request Headers) in every HTTP request is sent by the user’s browser over to the server. Much of this data is required by servers to accurately server a user, for example, displaying a Play Store link to a user using an Android device, or scaling the webpage as per your device’s screen resolution. A lot of this data is also useful in generating a unique browser fingerprint as you will see below :
This is a simple string that is sent with each HTTP request that lets servers identify the browser its underlying operating system, a vendor of the browser, and its version. This is obvious fingerprint information of the system.
Cookies can easily be cleared however and a lot of users do regularly clear their cookies periodically. One can also use Incognito or Private browsing mode to prevent cookies from being stored on your machine in the first place.
Web real-time communication nodes are used to collect IP address information, which can be used to determine the best route between two peers on the same network. This can also leak information that will aid the fingerprinting process.
With all this being said, there are methods a user can implement to reduce the possibility of fingerprinting by trackers.
VPNs and Proxy Servers
A VPN is the quickest and easiest method to negate the effects of digital fingerprinting. A VPN will change the IP address received by websites to an IP address available within the service. However, just using a proxy does not negate a fingerprint entirely. The cookies stored on your system already for instance, will not be affected by the change. Neither will your system information change via a proxy.
You can manually tweak some settings too, to reduce the effect of a fingerprint such as :
- Changing the time zone of your device.
- Choosing a different language for the device operating system.
- Setting a different language for your browser.
- Change your machine’s screen resolution.
- Change the viewing scale (zoom in/out) on a web page.
- Install or remove browser plug-ins.
Add ons & Plugins
Plugins such as Ghostery block analytics, trackers, ads, and other beacons on the websites you visit. It is available as a plugin for both Firefox and Chrome. User-Agent Switcher is another plugin that swaps the user agent of your browser, further limiting the scope of a fingerprint.
One can also complete block WebRTC on your machine entirely. In most cases, blocking it will not affect your experience in any significant way.
To do so in Firefox, type about: config and search for media.peerconnection.enabled., and set it to false and you’re good to go. if you’re not comfortable doing it yourself, you should find plugins that will handle this for you. In Chrome, change the setting by going to type: chrome://flags/#disable-webrtc. The extension WebRTC Leak will achieve the same goal if you don’t wish to do it manually.
Pale Moon, an open-source browser based on Firefox, Selenium, or Puppeteer are browsers built for anonymous browsing. While using them, you can choose to block the features that enable fingerprinting such as Java, Flash, WebRTC, WebGL, and canvas. You can also use a platform, specifically designed to swap browser fingerprints – Multiloginapp. It is designed to work with a large number of browser profiles, each of which is placed within its own unique container, eliminating the risk of leaking browsing history, cookies, and fingerprints between the profiles.