Is Your Browser Safe Against Fingerprinting?

gjgd
gjgd
Sep 9 · 4 min read
https://pixabay.com/photos/data-security-keyboard-computer-1590455/

Web tracking has been around for a long time, and exists in multiple forms. While most widespread ad blockers such as uBlock Origin, or AdBlock will block trackers and third party cookies they will not prevent Fingerprinting.

In this blog post we are going to talk about this lesser known method, and how to protect against it.

What is a Fingerprint?

Modern browsers expose a lot of information via their Javascript API, such as

  • User Agent: Information about the browser being used
  • HTTP Accept header: Media type and encoding accepted as a response
  • Browser plugin details: The list of plugins / add-ons installed (Later versions of Firefox now block this information, yay!)
  • Time zone
  • Screen information: Size, color depth
  • System fonts
  • Cookie settings: DNT enabled? Third party cookies enabled?
  • HTML5 Canvas information
  • WebGL information

When combined together, those information provide a unique identifier that is reliable for tracking and that, contrary to cookies, cannot be blocked or removed by the user.

An example of a fingerprint, generated using https://panopticlick.eff.org/

What is Fingerprinting?

Fingerprinting is the process of tracking users across websites using their fingerprint. When a user accesses a website, a fingerprint is generated on the client side, and is sent and stored on the server. Whenever two fingerprints match, there is a high likelihood that they correspond to the same user and thus the two sessions can be linked together for profiling.

Assuming that the fingerprint is unique, this identifier will reliably represent the same user across several domains, even if they clear their cache, use an ad-blocker, are in Private Mode, or change their IP address!

How to prevent Fingerprinting

It is not possible to prevent having a fingerprint, since the browser will always expose some information about your config. However it is possible to prevent being tracked by fingerprinting. Here are few tips:

Diagnosis

Find out whether your browser is vulnerable to fingerprinting (and other tracking methods) by visiting the Panopticlick website, from the EFF

Use a random fingerprint

By randomizing some information exposed by your browser, you will be able to obtain a new fingerprint every time you visit a new page, and therefore fingerprinting will be ineffective.

However, not all information can be randomized. For example screen size, current time zone, or system fonts while most likely alter the quality of your navigation. The User-Agent, on the other hand is a great candidate:

  • It is a long string with high entropy, therefore most fingerprint software will use it
  • It contains several version numbers (browser, browser engine, OS) that can be randomized without any impact on the navigation

Certain add-ons such as Random User Agent will do that for you, to ensure a new fingerprint is generated at a regular time interval, or every time a new page is visited

Use a common fingerprint

If your configuration is the same as most people who browse the internet, then your fingerprint will not be unique and your traffic information will be blended with other people’s, rendering it useless.

It is the approach used by the Tor browser. By using always exactly the same configuration it insures that each user are indistinguishable from each other because they all have the same fingerprint. Download it and give it a try!

You also may want to check out Tails, for routing your entire web traffic through the Tor network for even more privacy and security

For other browsers, you can check this list of the most common User-Agents and set yours using the Random User Agent add-on

Enable fingerprint protection

  • On Firefox, visit about:config and set privacy.resistFingerprinting to true
  • On Chrome: Not available

Disable Canvas fingerprinting

Canvas Fingerprinting is an advanced method that uses the HTML5 Canvas API to enrich the fingerprint with information about the client’s OS, graphic’s card, pilots, etc…

To protect against it, use the CanvasBlocker extension

Disable Javascript

Disclaimer: You probably don’t want to do this.

It is a more radical step that will break most websites, but will radically decrease the likelihood of being tracked using either fingerprint or cookies.

  • On Firefox, visit about:config and set javascript.enabled to false
  • On Chrome, visit chrome://settings and under Site Settings, set Javascript to Blocked

What about you? Do you know of an another way to protect against fingerprinting, or tracking on the web in general?

Resources

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade