Remember those mysterious coincidences, when you’ve been bombarded by ads for a product weeks after doing a casual Google search for it? Or seeing ads for something start to appear on your devices moments after casually expressing an interest in it to a friend?
On top of being incredibly annoying, these personalized ads are a constant reminder that we are being tracked on the Internet by websites, advertisers, or even hackers. It’s a common misconception that the problem can be resolved by blocking cookies (small files that websites store into your computer to identify you as a user). To some extent, incognito mode is helpful, as it blocks cookies and clears history. However, it won’t prevent advertisers from identifying you.
Companies are able to follow you and your devices by tracking fingerprints, a technology that uses a device’s configuration and browser output to create a unique identity for that device. In today’s post, we will answer the three most pressing questions that anyone concerned with digital privacy needs to ask: what is a fingerprint technique, how is it used by websites, and how to change the fingerprint in order to avoid being tracked?
What is browser fingerprinting
This technique is often compared to fingerprinting of cameras and typewriters: both these devices can be uniquely identified based on their output details, noise patterns, or ink leakage. Detectives a few decades ago used the technique of comparing ink leakage marks on two letters to determine whether they were printed on the same type-bars.
In a similar way, browser fingerprint technique uses identifiers collected through browser APIs to attribute activity to a particular device. These identifiers include the type of web browser, operating system, screen resolution, installed plugins, system language, hardware details of the device and many others. Check trusted and reputable services like Browserleaks or Panopticlick to review all fingerprints of your current browser. ClickClickClick does the same thing, with some entertaining extras.
Although fingerprints do not reveal any personal information about users (name, address, employment status, etc.), they provide additive pieces of information that can distinguish your browser from others, with a high level of accuracy. So, while the current version of a browser is the same for many users and completely non-unique, a snapshot of all identifiers can provide enough bits of information to point to your device with an accuracy rate of more than 94%.
How fingerprints can be used
So how do websites and advertisers use this information? Playing with users’ fingerprints on a single website is not very valuable; therefore, advertisers usually aim to track and link your actions across different websites. This data can be collected through social media ‘like’ and ‘share’ buttons or other widgets, which are added almost everywhere and can link your actions on different websites.
You might be tracked by social media companies for which you haven’t even signed up. Recently, Facebook has been accused of creating ‘shadow profiles’ of non-existent users and storing their data for analytics purposes and ads personalization. And social platforms are not the only ones that can spy on you.
Companies like AddThis, which provide widgets and supplements for web development, constantly track users without their knowledge. In 2014, AddThis started to trace the Canvas fingerprints of website visitors without notifying website owners or users.
Due to the increased exploitation of plugins that reveal additional bits of information, it has become easier to collect and process browser information. Case in point is a recent study by researchers at Lehigh University, which tested a new identification algorithm that allows tracking users across multiple browsers on the same device.
How to protect your privacy online
Fingerprinting is not necessarily a bad thing. One benefit of it is that it can be vital for preventing online fraud. You know those verifications you get via SMS when somebody logs in to your bank account or email from an unusual device? That’s thanks for fingerprinting. Some websites use this technique to prevent their users from creating multiple accounts or identify fraudulent behavior, improving the security and transparency of their platforms.
On the other hand, there are many other cases in which this technology has user interests far from mind. Advertisers may want to target you with even more specific ads, profiling you with algorithms over which you have no control. These fingerprints, however, can reveal far more about you than whether you prefer jeans or khakis. So is there a way to opt out?
The difficult part of keeping your fingerprints hidden is that they cannot be turned off completely. Although it is possible to disable some plugins like Flash, Java, or Silverlight, this means compromising your user experience. And even without plugins, the basic functionality of your browser reveals enough bits of information to identify you.
There are more advanced tools, as well, and these will allow you to mimic new fingerprints (and avoid being tracked), rather than cutting down your insidious trails. Kameleo is one of the best privacy software tools on the market. It allows you to create a new browser identity that looks natural for website tracking systems, face fewer CAPTCHAs, and even log in to multiple profiles from the same browser.
During your regular browsing session, third-party trackers may try to snatch your data for advertising purposes, to steal your personal information, or even attack your personal device with malware. To track your online behavior across different websites, they use fingerprints — minor differences in a device’s configuration and browser output — which, combined, allow you to be identified with a hair-raising degree of accuracy.
In recent years, there have been a lot of changes in the privacy realm and much more are to be expected in the next few years. While usage of cookies is regulated by GDPR and other laws, fingerprinting remains uncensored. Along with ongoing advances in tracking algorithms and additional browser functionalities, this technique is likely to be heavily exploited by all large companies. Users who value their privacy should take extra steps to maintain security on the Internet and avoid becoming the victims of intrusive targeting by advertisers or cybercriminals.