What is Browser Fingerprinting?

Flipnode on Apr 20 2023

blog-image

In the realm of user tracking, browser fingerprinting stands as the third avenue after cookies and supercookies. When websites analyze the requests sent by HTTP clients, they gather a digital fingerprint to uniquely identify a particular machine. The acquired data can be used to track users even after cookie deletion. Our concise article will cover the fundamentals of browser fingerprinting, its usage in tracking internet users, and potential measures to reduce the likelihood of being identified through transmitted details.

What is browser fingerprinting and how does it work?

Browser fingerprinting involves actively collecting data by hashing specific browser parameters to create a digital signature. To accomplish this, websites can use additional JavaScript code that scans all public browser parameters and generates a unique signature from the data.

This method of data collection captures information such as user agents, screen size and resolution, installed fonts, plugins and extensions, GPU/CPU, and more. Each data point contributes to the device's distinctiveness, making it easier for websites to identify a specific machine.

Methods used for fingerprint tracking

Browser fingerprinting is an increasingly common method used by numerous websites to identify both new and returning users. The technique has become so ubiquitous that even top-ranked websites and search engines like Google and Bing are utilizing fingerprinting measures to distinguish specific users.

One of the methods employed in browser fingerprinting is audio fingerprinting. By analyzing how sound is played on a device, including the hardware, software, and drivers, audio fingerprinting can provide information about a user's device and help to distinguish it from other devices.

Another method used in advanced browser fingerprinting techniques is HTML5 Canvas. This technique involves requesting a specific image to be rendered by the browser, which can reveal details about the operating system, browser, and GPU of a device. HTML5 Canvas takes advantage of the subtle differences in how GPUs render images to collect device-specific data.

In some extreme cases, clock skew analysis is used to identify device specifications. Clock skew occurs when electrical signals from the clock generator arrive at different components of a device unevenly, a phenomenon that can be influenced by temperature variations. By collecting enough data and performing numerical analysis, differences in clock skew can be measured to determine various hardware specifications of a device.

These methods and techniques are just a few examples of the complex and sophisticated methods employed in browser fingerprinting. As websites and search engines continue to develop new ways to identify and track users, it is essential to understand the implications of these techniques and how they impact our privacy online.

Understanding browser uniqueness

A user's identification through fingerprinting depends on the uniqueness of their browser. In other words, the process of comparing one device's fingerprint to a multitude of other computer fingerprints determines whether a user can be distinguished. If only a few similar fingerprints are found in the data set, the device is considered unique.

Due to the substantial amount of data that can be gathered about a device and its browser, a website may identify a user as unique without accessing cookie data. Research conducted by The Electronic Frontier Foundation (EFF) revealed that only 1 in 286,777 browsers share the same fingerprint. With such a high degree of browser uniqueness, fingerprinting alone can be used to easily recognize the same user.

It should be noted that the global uniqueness of fingerprints may be even lower than reported in the study, as the participants were likely more tech-savvy and privacy-conscious than the average internet user. However, accurately predicting the global uniqueness of a fingerprint is nearly impossible due to a mathematical limitation resulting from the difference between an experimental sample and the global set of fingerprints.

Despite the seeming similarity of most browsers to the average internet user, the existence of unique fingerprints is not surprising. Uniqueness often arises from the information revealed by plugins, such as the numbering included in JavaScript version data that is intended only for debugging purposes (e.g. 1.6.0_17). With hundreds of different versions for a single plugin and numerous minor changes over the development process, combining the details of the browser, its plugins, and other data points can lead to millions of distinct, identifiable devices.

Improving browser uniqueness

To test for browser uniqueness, the EFF's Panopticlick project can be used. This tool will display all data collected about your device and suggest possible defense options.

If avoiding tracking by large companies is a priority, reducing browser uniqueness is the most effective protection measure:

  • Use a commonly used browser. Uncommon browsers such as Comodo IceDragon can greatly increase the likelihood of having a unique fingerprint.
  • Avoid using custom user agents. Unique user agents increase browser fingerprintability, so it's best to stick with common user agents.
  • Limit the number of plugins used. Browser uniqueness is significantly impacted by the number of installed plugins.
  • Narrow down the preferred language list. Requesting pages for different languages can increase browser fingerprintability. TorButton, for example, requests only English versions of websites by default.
  • Use TorButton. This Firefox extension implements many of the security features found in the Tor Browser.
  • Consider disabling JavaScript. While this is an extreme measure that will disrupt most websites, EFF found that NoScript users (an extension that allows users to disable JavaScript) were the most resistant to fingerprinting.

Ironically, some anti-fingerprinting solutions and plugins that are intended to enhance privacy and reduce uniqueness can have the opposite effect. Installed plugins and their versions can be detected, which may add to browser uniqueness instead of reducing it.

We recommend experimenting with these options, using the Panopticlick test, and browsing the internet to find the most suitable combination. It's not advisable to use all the options listed simultaneously as this may break many websites without providing a clear understanding of what happened.

Conclusion

As a tracking measure, browser fingerprinting is becoming increasingly common. Unlike earlier tracking tools such as HTTP cookies, defending against browser fingerprinting is considerably more challenging. While improving browser uniqueness is an option, the most effective measure is to disable JavaScript, which may cause client-side problems when displaying websites.

News and updates

Stay up-to-date with the latest web scraping guides and news by subscribing to our newsletter.

Subscribe

Related articles

thumbnail
ProxiesWhat is a Private Proxy? [Quick Guide 2023]

A private proxy, also referred to as a dedicated proxy, is exclusively assigned to a single user. It offers complete control over its usage, as it is not shared with any other individuals or entities.

Flipnode
author avatar
Flipnode
9 min read
thumbnail
ScrapersPlaywright Scraping Tutorial for 2023

Uncover the full potential of Playwright for automation and web scraping in this comprehensive article.

Flipnode
author avatar
Flipnode
12 min read
thumbnail
ScrapersHow to Run Python Script as a Service (Windows & Linux)

From Linux daemons to Windows services, this guide will detail the process of setting up Python script as a service in a few simple steps.

Flipnode
author avatar
Flipnode
8 min read