Browser Fingerprinting: The Risk, and What You Should Know

Internet privacy is one of the hottest of the hot button issues in the digital world these days, and it has been for quite some time. There’s so many different ones that are still discusses at length, and for good reason. News over recent years has indicated the surprising extent to which people’s private and other information has been exposed. There are ongoing efforts to counter this trend, but as is the case with many things it takes time to put effective measures in place.

Browser fingerprinting is one of them, and when one digs deeper into this particular issue it’s fairly common to have greater concerns about it. Here at 4GoodHosting, we are one of the many reputable Canadian web hosting providers who see the ‘insecurity’ of the World Wide Web to be as big a problem as it really is. As such we choose to make people informed of what they can do to protect themselves against the prying eyes that they likely have no idea are watching their moves online.

So what’s at issue here, how concerned should you be, and what can people do to be proactive in defending themselves against browser fingerprinting. Let’s look at all of this today.

Pervasive Peeping

A good number of people who use VPN services to hide their IP address and location may believe that by doing so they don’t have to worry about their browsing privacy being violated. This is the best place for us to start here, because that’s simply not true. With browser fingerprinting you can be identified and tracked.

One thing there’s no getting around is that every time you go online, your browsing device then provides highly specific information about your operating system, settings, and even hardware, to the site you’re visiting. This in itself is perfectly normal, and ideally shouldn’t be any cause for concern.

However, when this information is used to identify and track you online then you’ve experienced browser fingerprinting, and unfortunately many unique details and preferences can be exposed through your browser.

Once a sufficient amount of information has been collected, you are now regarded as having a ‘fingerprint’ for tracking and information purposes.

The sum total of these outputs can be used to render a unique “fingerprint” for tracking and identification purposes. What’s revealed as part of your fingerprint? Good question, and it’s quite a list:

  • User agent header
  • Accept header
  • Connection header
  • Encoding header
  • Language header
  • Plugins list
  • Platform
  • Cookie preferences (allowed or not)
  • Do-Not-Track preferences (yes, no, or not communicated)
  • User’s time zone
  • Screen resolution and its color depth
  • Local storage use specs
  • Session storage use specs
  • Picture rendered with the HTML Canvas element
  • Picture rendered with WebGL
  • Identifying and listing of any AdBlock software
  • List of fonts

Extent of Browser Fingerprinting Accuracy

Browser fingerprinting may be a tool to identify and track people as they browse the web, but it’s certainly not the first of them and it likely won’t be the last. There has been all sorts of talk in the news that there are many different entities – ranging from corporate and government ones – that have an interest in monitoring internet browsing tendencies and haven’t been reserved in the slightest about acting on it.

The most conspicuous ones are advertisers and marketers who find this technique useful for acquiring more detailed data on users, with increased advertising revenue being what’s at stake. Alternately, some websites use browser fingerprinting to indicate potential fraud, so it’s true that not every variation of browser fingerprinting is ill-conceived

Test Websites for Browser Fingerprinting

It’s fair to say, however, that you should be doing what you can to prevent your from being yet another information mine for those employing browser fingerprinting. Fortunately, there are some online resources you can use to determine the information that is being revealed by your browser.

The best one in our opinion is www.deviceinfo.me.

In addition, you may also want to try websites that make browser data known and also assess a ‘uniqueness’ score calculated via your variables in comparison to their database of browsers.

Panopticlick is a good one we’ve been introduced to, and amiunique.org is said to also be a good resource. Amiunique, however, is open source and provides more information and updated fingerprinting techniques, including webGL and canvas.

The question will of course be how accurate are these sites. The answer is that, for the most part, they’re only somewhat accurate. Go ahead and make use of them, but don’t take their findings to be absolute truths and a thorough representation of what may be made available through your browser.

Without going into extensive detail, browser fingerprinting test websites like the ones shared above are good for revealing the unique information and values that can be rendered from your browser. Beyond that, however, trying to beat the test by achieving a low ‘uniqueness’ score may be a waste of time by and large.

Mitigating your Browser Fingerprint

Browser fingerprinting is a very complex and evolving issue. One interesting more recent revelation is that there’s nothing you can do to mitigate some fingerprinting attacks on smartphones. That said, here are ways to mitigate your browser fingerprint:

  1. Modifications and Tweaks to the Browser

Sometimes there are different options for tweaks and modifications to mitigate browser fingerprinting. For Firefox, you can get started with this by typing about:config into the URL bar of your browser, hit enter, agree to “accept the risk” and make the following changes:

  • resistFingerprinting (change to true)
  • disabled (change to true)
  • peerconnection.enabled (change to false)
  • enabled (change to false)
  • firstparty.isolate (change to true)

We will mention as well Brave browser is a good option for those wanting a simple, privacy-focused browser that blocks tracking by default and still supports Chrome extensions. Brave also allows you to enable fingerprinting protection, which is under the Brave Shields settings:

  1. Browser Extensions and Add-ons

There are a number of different browser extensions and add-ons that you may find useful. Here are some of them:

  • Canvasblocker by kkapsner
  • Trace by AbsoluteDouble
  • Chameleon by sereneblue
  1. Use of Virtual Machines

Another option is to run different virtual machines, making it so that you’re able to run different operating systems on your host computer. VirtualBox is FOSS and offers an easy way to run different Linux VMs for more privacy and security. There are many different video tutorials online, depending on your operating system and the VM OS you are looking to use.

Virtual machines offer numerous advantages in terms of privacy and security, while also protecting your host machine. If the VM iscompromised, simply delete it and create a new one. Plus, different VMs can be used for different purposes.

  1. Avoid Browsing with a Smartphone

The reality is that every ‘smart’ device is a data collection tool for corporate entities (and their surveillance partners), and smartphones are especially vulnerable to browser fingerprinting. Most often they’re fingerprinted using internal sensors and there’s not much that can be done to prevent that. Attacks can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you, and a fingerprint is usually generated in less than one second. Plus, the calibration fingerprint never changes, even after a factory reset.

It should be noted that Apple has apparently patched this attack vector with iOS 12.2, while Google and Android still have yet to take any action on it

 

Post Navigation