In this guide we will discuss the issue of browser fingerprinting and how it can de-anonymize you based on a variety of different inputs – even if you are using a good VPN.
What Is Browser Fingerprinting?
Browser fingerprinting is an increasingly common yet rarely discussed technique of identifying an individual user by the unique patterns of information visible whenever a computer visits a website. The information collected is quite comprehensive and often includes the browser type and version, operating system and version, screen resolution, supported fonts, plugins, time zone, language and font preferences, and even hardware configurations. These identifiers may seem generic and not at all personally identifying, yet typically only one in several million people have exactly the same specifications as you.
Browser fingerprinting is a highly accurate way you can be identified and tracked whenever you go online. Even if you’re using a VPN service and other privacy measures. Luckily there are some easy steps you can take to protect yourself from this risk. But first let’s cover some basics.
Whenever you go online, your computer or device provides the sites you visit with highly specific information about your operating system. Such as settings, and even the hardware. The use of this information to identify and track you online is known as device or browser fingerprinting.
Methods Used for Fingerprint Tracking
Websites use several different methods to track users on the internet. By doing so, they can collect information and fingerprint your browser – and you wouldn’t even know or see that websites are doing this!
Now, the question is: how do they do it? The technology allows websites to interact with your browser and retrieve information. In the following sections, I’ll provide you with information about how websites interact with your browser and how they obtain information.
1. Cookies & Tracking
A common way for websites to obtain your data is by using cookies. Cookies are small packets of text files that are stored on your computer, which contain certain data that may give websites information to improve the user experience.
Websites remember and track individual computers and devices by loading the cookies (small data packets) onto your computer.
Every time you visit a website, your browser will download cookies. When you visit the same website at a later time, the website will assess the packets of data and provide you with a personally-customized user experience.
Think about the font size or screen resolution you view on a website. If a website knows you’re always using an iPhone 8, it will provide you with the best settings for your iPhone. Also, this way, the website knows whether you’re a unique visitor or a returning visitor. Cookies also store data on browsing activity, habits, interests and much more.
Furthermore, websites employ Javascript, which will interact with visitors in order to carry out certain tasks, such as playing a video. These interactions also trigger a response, and as such, they receive information about you.
2. Canvas Fingerprinting
The newest method to obtain browser information is called “Canvas Fingerprinting.” Simply put, websites are written in HTML5 code, and inside that code, there is a little piece of code that takes your browser’s fingerprint.
So, how are websites doing that, exactly? This new tracking method that websites employ to obtain your browser fingerprint is enabled by new coding features in HTML5.
HTML5 is the coding language used to build websites. It’s the core fundamentals of every website. Within the HTML5 coding language, there’s an element which is called “canvas.”
In plain English, what this means is that the HTML5 canvas element generates certain data, such as the font size and active background color settings of the visitor’s browser, on a website. This information serves as the unique fingerprint of every visitor.
In contrast to how cookies work, canvas fingerprinting doesn’t load anything onto your computer. So you won’t be able to delete any data, since it’s not stored on your computer or device, but elsewhere.
3. Browser Fingerprinting vs. Your IP Address
I believe that many online privacy-minded people, like myself, are aware of the fact that covering up your IP address is an important method to use to hide your online identity.
The IP address protocol is designed to send a request to a receiving web server every time a user interacts with a website or service. Because the receiving server needs an IP address to send a response to.
That means that your IP address is a unique string of numbers that points directly to your device. Tech-savvy website owners are even able to track what other websites you visit, the account you’re logged into and sometimes even your geo-location.
Of course, this would require a bit more effort, but it’s kind of scary that it’s possible.
How to Defend Yourself Against Browser Fingerprinting
It’s probably not possible to protect yourself completely against fingerprinting. Perhaps new software or other ways to sufficiently combat browser fingerprinting will be developed in the near future.
However, there are quite a few tools and methods available to enhance your online privacy and minimize the possibility of identification.
Find the most effective methods to protect yourself below. Let’s see:
1. Use Private Browsing Methods
Various browsers like Chrome, Safari and FireFox allow users to browse in incognito mode.
Incognito mode makes your browsing private by setting your “profile” to certain standard data points. These data points are part of your fingerprint. So, since many people use the same “profile” settings, the fingerprints look similar.
This will greatly reduce your chances of having a unique fingerprint.
2. Use Plugins
You can also opt to install plugins that disable trackers, which are employed by certain websites, from running on your browser.
Plugins like AdBlock Plus, Privacy Badger, Disconnect and NoScript are designed to block script that potentially enables spying ads and invisible trackers from running in your browser.
For some websites, this means that the user experience might be somewhat less satisfactory. But it’s also possible to disable the plugins from running on websites that you trust by whitelisting them.
Panopticlick recommends using their Privacy Badger, which is a browser extension. It blocks advertisers and other third-party tracking software from tracking your online activities.
NoScript requires more time to set up and use effectively. Because the plugin blocks JavaScript on every website by default. That means that you’ll have to enable JavaScript manually on every trusted website.
3. Disable JavaScript and Flash
One of the more effective methods you can use to protect yourself against browser fingerprinting is to disable JavaScript and Flash.
When JavaScript is disabled, websites won’t be able to detect the list of active plugins and fonts you use. Also, they won’t be able to install certain cookies on your browser.
The disadvantage of disabling JavaScript is that websites won’t always function properly. Because it’s also used to make websites run smoothly on your device. This will impact your browsing experience.
On the other hand, Flash can be disabled without a negative impact on the user experience. Generally, Flash only impacts the browsing experience when you visit very old websites.
4. Install Anti-Malware Software
Anti-malware software is always helpful, regardless of whether you’re looking for online privacy protection or you just desire overall protection for your device and personal files/data.
Malwarebytes and HitmanPro are both outstanding anti-malware software tools that run seamlessly alongside your antivirus software and serve as a second layer of protection.
In most instances, anti-malware blocks ads, harmful or annoying toolbars, and spyware software that might be running in the background on your system.
These software tools and scripts are directly linked to your browser’s fingerprint. So, it’s better to have a clean browser and delete these threats with an anti-malware tool.
When you install an anti-malware tool, be smart and go to the settings in order to enable automatic weekly or (at least) monthly full-system scans.
5. Use the Tor Browser
If you’re extremely serious about secure browsing and preventing browser fingerprinting, you should consider installing the Tor (The Onion Router) Browser.
The best way forward would be to run the Tor Browser in combination with a proper VPN. Due to the fact that Tor uses certain default settings, which are identical for every user, it’s harder to identify unique browser fingerprints.
Additionally, the Tor Browser aggressively blocks JavaScript code on websites.
The major downside of using the Tor Browser is the slow browsing speed, and the fact that it only protects the internet traffic sent through the Tor Browser and not others, like Firefox or Chrome.
6. Use a VPN
One of the most popular methods to hide an IP address is to install a Virtual Private Network (VPN).
As shown in the image below, a VPN is like a middle man. Instead of connecting directly to a web server, you connect to the VPN’s server first. Then the VPN will connect you to a website. By doing so, your IP address will be unknown to the web server.
Using a VPN is a very effective method to hide your IP address. Because the web server can only see the IP of the VPN (which is probably used by many other users). But, your IP address is only one aspect of your online identity.
Regardless what IP the web server can see, your browser settings, version and so forth, which generate unique browser fingerprinting data, can’t be blocked out by a VPN.
That means that the data of your browser still allows the web server to identify you as a unique visitor regardless of whether you’re using a VPN; since your IP address is only one aspect of your browser fingerprinting profile.
A VPN is great at hiding your real IP address, but it’s not the most effective method to protect you against browser fingerprinting, as many other attributes are part of your fingerprint as well. Used in conjunction with other methods, though, a VPN can be a great asset.
