What is browser fingerprinting?

The never-ending cat & mouse game where we are constantly trying to protect our right to privacy against creepy corporate marketers watching everything we do on our devices, tech companies have developed a stalking tool called “browser fingerprinting.”.

What is browser fingerprinting?

Web fingerprinting uses JavaScript code on a web page or location to analyze your browser settings, computer, & other hardware specs, such as fonts, monitor screen resolution, which OS you use (& what version), extension settings, the type of graphics card you have, & other hardware configurations.

The point of browser fingerprinting is to enable the tracking company (data controller) to identify unique individuals among a sea of Internet users so that they can be tracked, a behavioral profile can be created, & then targeted advertising can be served to them.

In this way, a site can track your browsing habits without relying on cookies, which we are all now aware of & have learned to block & delete.

However, fingerprinting can be used to recreate tracking cookies that you have already deleted.

Let me repeat that.

In spite of your knowledge & consent, corporate trackers are not only peering into your machine to see its configuration & characteristics, but they are also re-creating trackers that you have deleted.

And this doesn’t just apply to the sites you visit directly. The pervasive inclusion of remote resources, like fonts, analytics scripts, or social media widgets on websites means that the third parties behind them can track your browsing habits across the web, rather than just on their own websites. – source

Browser Fingerprinting for fraud prevention

It’s not all bad. Browser fingerprinting is used to help detect fraud, unauthorized log ins say to your bank account, & even dating apps.  I personally have no problem with its use for security purposes. The issue is that everyone is using it & most aren’t using it for your security, they’re using it to track you & your specific characteristics to profit from your data.

There are no rules, industry ethics, or legislative oversight whatsoever.

What can browser fingerprinting detect?

The totality of data that browser fingerprinting can siphon from you specifically is an effective tool in building your individual profile.

• Your user agent header info
• your Accept header
• your Connection header
• you’re Encoding header
• your Language header
• your list of plugins
• your platform
• your cookie preferences (allowed or not)
• your Do Not Track preferences (yes, no or not communicated)
• your time zone
• your screen resolution & its color depth
• your use of local storage
• your use of session storage
• your pictures rendered with the HTML Canvas element
• your pictures rendered with WebGL
• your use of ad blockers
• your operating system & version
• last key pressed
• which browser you are using
• which add-ons you have installed
• your installed fonts
• your microphones
• your webcams
• what kind of graphics card you have installed
• your CPU & # of cores
• how much RAM you have
• Battery level
• Bluetooth status
• accelerometer info
• …& more.

See your browser fingerprint

The following sites allow you to see your browser fingerprint:

• deviceinfo.me
• Panopticlick (from EFF)
• amiunique.org

Arguments against mitigation

There are some privacy “experts” & enthusiasts that say attempting to mitigate browser fingerprinting with add-ons & tools just makes you st& out more & create an even more unique profile.

I disagree with this position for 2 reasons.

1. St& out to whom? Whom are we afraid of, so much so that we should be scared to use the tools & resources that we want on our own devices as we see fit? And what are we afraid of? That they’re going to track us more?
2. Given the specific data browser fingerprinting captures, doing nothing is already a unique fingerprint. I mean, how many people with your IP address use the same version of the same browser, & are on the same devices that use the exact same OS, CPU, GPU, RAM, & Fonts?
   Yes, many people across the internet may have that exact same configuration, but this isn’t about averages & weeding through them to find the one that matches you. We are way past that now.They are spying on you through a direct connection to your device, & gathering data specifically to you & your hardware. No matter what consumer level tools you use, unless you’ve created them yourself just for your own usage, you’re not the only one on the planet who is using them.

Arguments for mitigation

In my opinion, you should use whatever tools at your disposal to limit data collection against you without fear that something will anger the data gods & make you even more of a target. We haven’t been able to hide among the crowd for at least five years.

The more of us who make it harder & harder to siphon our data, the more the cat & mouse game continues, the more I can make my data fuzzy, incorrect, uncertain…the more data collectors will have to spend in time & money to keep trying to thwart our efforts to keep their noses out of our private actions & business.

Nothing about all of this is perfect, & we can’t get this right without significant legislation that provides some oversight & protections, or at least limits who can observe & control our activities. Until then, I will do what I want with my device. Isn’t that the point of privacy & freedom in the first place?

What can you do about it?

I do not like reinventing the wheel. Many have done good work on this issue & explaining pros & cons of some “solutions”.

Before I do that, I’ll just tell you what I use & how I use it.

Firefox

I use multiple browsers for various things, or just to mix it up now & then. But I like that Firefox has some privacy features & controls out of the box & can be tweaked & customized to harden it even further.

https://www.mozilla.org/en-US/firefox/new/

Firefox’s add-ons that I use (some may be redundant) to address fingerprinting, cookies, tracking, & social networks.

• Firefox Containers. Containers allow me to put visited sites inside a barrier that prevents that website’s cookies from seeing other cookies & information about my browser or device other than what’s inside its own container. By default, Firefox puts Facebook in a container.
   https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
• Privacy Badger (from EFF) “Privacy Badger is a browser add-on that stops advertisers & other third-party trackers from secretly tracking where you go & what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.”
   https://privacybadger.org/#What-is-Privacy-Badger
• HTTPS everywhere (from EFF): This is more about general security than it is browser fingerprinting.
  “HTTPS Everywhere is a Firefox, Chrome, & Opera extension that encrypts your communications with many major websites, making your browsing more secure.” In short, it forces every website you visit to use its “HTTPS” secure version & warns you when you’re visiting a non-secure website.
   https://www.eff.org/https-everywhere
• Disable JavaScript. Since browser fingerprinting relies on its use of JavaScript, simply disabling JavaScript from running has a significant effect on trackers that use it.I suggest running your own experiment by installing just this extension on your Firefox browser & see the difference in what the browser fingerprinting tools above can & cannot see when you toggle JS off & on.
  https://addons.mozilla.org/en-US/firefox/addon/disable-javascript/
• Use a VPN. I will discuss this more later, but if you already have or use a VPN service, you definitely want to use it when you want to throw a misdirect at the websites you visit.

I use other tools such as a Pi-hole, my own VPN & use different operating systems mostly because I just generally like tech & trying different things. Having some variety in how you use your devices, & the internet can make it more difficult to get a clear read on your exact details.

Even if you’ve read this far you may not care about any of this. If you’re using work devices on work networks, whether they’re tracked & fingerprinted may not directly affect you.

If it’s your own fingerprint & it angers you that r&om websites are peeking at your hardware configurations, you may want to mitigate that.

Below are some guides & solutions put together by privacy organizations that have done a deep dive into possible solutions including using advanced Firefox settings.

More guides, solutions & options

• Browser Fingerprinting – Explanation, Tests, & Solutions
•  Browser Fingerprinting – What Is It & How to avoid It
•  What You Do Online Is Your Business, Not Ours
•  Is your browser safe against tracking?
•  Firefox Privacy – The Complete How-To Guide
•  How your browser can make your online life a little more private

There are no doubt more options & solutions available to you, but this is enough to get you started in the right direction.