What is Browser Fingerprinting?
Flipnode on Apr 20 2023
In the realm of user tracking, browser fingerprinting stands as the third avenue after cookies and supercookies. When websites analyze the requests sent by HTTP clients, they gather a digital fingerprint to uniquely identify a particular machine. The acquired data can be used to track users even after cookie deletion. Our concise article will cover the fundamentals of browser fingerprinting, its usage in tracking internet users, and potential measures to reduce the likelihood of being identified through transmitted details.
What is browser fingerprinting and how does it work?
This method of data collection captures information such as user agents, screen size and resolution, installed fonts, plugins and extensions, GPU/CPU, and more. Each data point contributes to the device's distinctiveness, making it easier for websites to identify a specific machine.
Methods used for fingerprint tracking
Browser fingerprinting is an increasingly common method used by numerous websites to identify both new and returning users. The technique has become so ubiquitous that even top-ranked websites and search engines like Google and Bing are utilizing fingerprinting measures to distinguish specific users.
One of the methods employed in browser fingerprinting is audio fingerprinting. By analyzing how sound is played on a device, including the hardware, software, and drivers, audio fingerprinting can provide information about a user's device and help to distinguish it from other devices.
Another method used in advanced browser fingerprinting techniques is HTML5 Canvas. This technique involves requesting a specific image to be rendered by the browser, which can reveal details about the operating system, browser, and GPU of a device. HTML5 Canvas takes advantage of the subtle differences in how GPUs render images to collect device-specific data.
In some extreme cases, clock skew analysis is used to identify device specifications. Clock skew occurs when electrical signals from the clock generator arrive at different components of a device unevenly, a phenomenon that can be influenced by temperature variations. By collecting enough data and performing numerical analysis, differences in clock skew can be measured to determine various hardware specifications of a device.
These methods and techniques are just a few examples of the complex and sophisticated methods employed in browser fingerprinting. As websites and search engines continue to develop new ways to identify and track users, it is essential to understand the implications of these techniques and how they impact our privacy online.
Understanding browser uniqueness
A user's identification through fingerprinting depends on the uniqueness of their browser. In other words, the process of comparing one device's fingerprint to a multitude of other computer fingerprints determines whether a user can be distinguished. If only a few similar fingerprints are found in the data set, the device is considered unique.
Due to the substantial amount of data that can be gathered about a device and its browser, a website may identify a user as unique without accessing cookie data. Research conducted by The Electronic Frontier Foundation (EFF) revealed that only 1 in 286,777 browsers share the same fingerprint. With such a high degree of browser uniqueness, fingerprinting alone can be used to easily recognize the same user.
It should be noted that the global uniqueness of fingerprints may be even lower than reported in the study, as the participants were likely more tech-savvy and privacy-conscious than the average internet user. However, accurately predicting the global uniqueness of a fingerprint is nearly impossible due to a mathematical limitation resulting from the difference between an experimental sample and the global set of fingerprints.
Improving browser uniqueness
To test for browser uniqueness, the EFF's Panopticlick project can be used. This tool will display all data collected about your device and suggest possible defense options.
If avoiding tracking by large companies is a priority, reducing browser uniqueness is the most effective protection measure:
- Use a commonly used browser. Uncommon browsers such as Comodo IceDragon can greatly increase the likelihood of having a unique fingerprint.
- Avoid using custom user agents. Unique user agents increase browser fingerprintability, so it's best to stick with common user agents.
- Limit the number of plugins used. Browser uniqueness is significantly impacted by the number of installed plugins.
- Narrow down the preferred language list. Requesting pages for different languages can increase browser fingerprintability. TorButton, for example, requests only English versions of websites by default.
- Use TorButton. This Firefox extension implements many of the security features found in the Tor Browser.
Ironically, some anti-fingerprinting solutions and plugins that are intended to enhance privacy and reduce uniqueness can have the opposite effect. Installed plugins and their versions can be detected, which may add to browser uniqueness instead of reducing it.
We recommend experimenting with these options, using the Panopticlick test, and browsing the internet to find the most suitable combination. It's not advisable to use all the options listed simultaneously as this may break many websites without providing a clear understanding of what happened.