From website cookies and ISP tracking to browser fingerprinting, many things affect your online privacy.
So much that online privacy has become something of a myth.
Still, learning about the possible threats means learning new ways to protect yourself online.
For today’s lesson on online privacy, I’ll go over a technique that’s perhaps not something you often hear about but is definitely something you need to keep an eye on.
Browser fingerprinting.
So, what is browser fingerprinting, and are there ways to protect yourself from it?
Let’s have a look.
What Is Browser Fingerprinting?
Browser fingerprinting is a technique that websites use to track you online and collect personal data.
It collects many things, from the websites you visit to specifications about your graphics card.
This makes it a highly intrusive tracking technique.
But how can this happen without you knowing anything about it?
Most websites you visit give your browser instructions that come in the form of “scripts.”
That’s just part of the interaction between a website and your browser.
However, these scripts run quietly in the background of your browser, collecting data about you.
Unlike cookies or account logins, websites don’t ask your permission, don’t warn you against it, and don’t give you an option to disable it.
So, when you launch your browser and visit a website, you expose so much personal information about yourself, like the exact version of your browser, the time zone you’re in, what languages you’re using, your browser add-ons, and even things like your screen’s resolution or information about your graphics card.
The more scripts these websites collect, the easier it is to combine them to create your own unique digital “fingerprint” and narrow down the things that identify you as a unique user.
Hence the name, browser fingerprinting.
Why Is Browser Fingerprinting Used?
The simple answer is that websites use browser fingerprinting to spam you with personalized advertisements and provide a customized online experience tailored to your unique needs and demands.
But this is just the tip of the iceberg.
Websites also use this method in surge pricing, showing you completely different prices based on your interests or locations.
Imagine this.
You’re going over your summer holiday options online when suddenly you’re bombarded with sponsored ads from travel agencies, posts about best flight deals, or bookings.
This is called cross-site tracking, and it happens thanks to browser cookies and browser fingerprinting.
Now that your digital fingerprint has been identified, websites and ad networks can use this to their advantage based on the information they have on you.
For example, if you reside in a wealthier area, websites might show you higher prices on their products or services compared to the same deals in a different area.
Although I’m all about a more convenient online experience, I know where to put the limits on my online privacy.
And I want to help you do the same.
How Are Websites Tracking You?
Fingerprinting is a broad term for what happens when you use the internet without protecting yourself.
Websites use all sorts of tracking methods, all with an end goal to create a user persona that is easily distinguishable from others.
But how do they do it?
Browser Cookies Tracking
The most transparent method websites use to track you is through browser cookies.
All cookies are small bits of data.
Once you accept them, your browser downloads and stores them on your computer.
The next time you visit, the website can access these files on your device, identify you as a returning visitor, and offer you a more personalized experience.
Canvas Fingerprinting
Another way for websites to obtain your digital fingerprint is through canvas fingerprinting.
This technique runs “behind closed doors” and takes advantage of the HTML5 coding language by inserting a code that exploits the HTML5 canvas element, thus the name.
Almost 90% of all websites are written in HTML5, and the <canvas> is an HTML5 element originally used to implement the drawing option on a website.
Now, the script draws an image and adds text on your device, then observes how your browser processes this data.
Depending on your device, the result can vary in color and shape.
Based on this, the script detects your hardware and drivers.
WebGL Fingerprinting
Another technique that’s similar to canvas fingerprinting is WebGL fingerprinting.
It uses the same approach, only it renders interactive 3D objects instead of an image and text.
The website can see what operating system you’re using and obtain information on your graphic card, including the model and vendor.
The whole thing is done quietly, without the visitors ever suspecting a thing.
WebRTC Fingerprinting
WebRTC fingerprinting gives away your physical location through your IP address.
When you use Discord to talk to your fellow gamers or video call your grandma on Messenger, you rely heavily on WebRTC (web real-time communication) technology.
Many apps and websites use it to make talking in real-time across the internet possible, which is an amazing thing.
What’s less amazing is when it leaks your personal information.
Websites can see your IP address unless you use a VPN or Proxy to mask it.
But the software is not bulletproof and can sometimes leak your real IP.
When using a VPN, make sure you check for WebRTC leaks or turn off WebRTC on your browser to avoid leaks altogether.
Audio Fingerprinting
Unlike canvas or WebGL fingerprinting, audio fingerprinting collects personal information without consent by checking things like your audio or how the device you’re using processes sounds.
Researchers at Princeton University found that the technique uses AudioContext API to fingerprint your device, and common privacy tools and tracker blockers had difficulty recognizing it as a threat.
Battery API Fingerprinting
Another type of fingerprinting discovered by the analysis is Battery API fingerprinting.
It uses a similar approach as the other methods I mentioned in the list.
By taking advantage of the Battery Status API, websites can see personal information of the device you’re using based on your battery charge level and discharge time, which can be used as an identifier.
Is Browser Fingerprinting Legal?
For the time being, browser fingerprinting is legal.
A few years ago, the European Union made a huge step towards data privacy after putting the General Data Protection Regulation (GDPR) into motion.
The GDPR puts user privacy before company interest.
It’s now obligatory for companies to ask their users for consent to implement browser cookie tracking and use their personal data.
Unfortunately, the law is limited to browser cookies.
Meanwhile, browser fingerprinting is still collecting users’ data, and no law addresses nor prevents the problem.
Another problem is that apart from EU countries, not many countries have privacy laws that protect internet users.
For example, the U.S has the California Consumer Privacy Act (CCPA), but this is a state-limited law.
Other attempts were made to improve online privacy, like the Social Media Privacy Protection and Consumer Rights Act of 2018, but the bill didn’t receive votes.
Most U.S citizens are still exposed to online tracking.
Browser fingerprinting is not regulated in larger countries like China or Russia, either.
China has even stricter privacy laws than the GDPR, but with no mention of browser fingerprinting.
And Russia is a different story altogether, where the state is in control of data privacy.
This means the country protects its citizens’ personal data but still largely inflicts state surveillance.
How to Test Your Browser Identity?
How easily identifiable do you think you and your digital fingerprint are online?
Let’s see if you’re right.
You can use many tools to see the effects of website tracking and test just how much information your browser is leaking to websites.
So-called browser fingerprinting can reveal a shocking amount of data, as this quirky demo shows:https://t.co/Wc3tpjPMO1
— DuckDuckGo (@DuckDuckGo) July 11, 2017
A few years back, DuckDuckGo tweeted a website that really got in my mind.
It shows you how easy it is for websites to track anything you do in real-time, including every interaction.
There are so many tools like this one.
Take, for example, “Am I Unique,” which exactly pinpoints your browser fingerprint, revealing whether you’re easily identifiable.
The website determines your browser fingerprint by using data points, like what computer you’re using, what browser and browser version, whether you enable cookies, etc.
It then provides you with a detailed list of the information your browser is transferring to the server.
Another test you can run is Electronic Frontier Foundation’s Panopticlick.
Once you click the “test me” button, the website gives you detailed information about your browser identity.
Or, if you’re using a VPN to mask your IP address, you can look into many online tools that can check for VPN leaks.
For example, use IPLeak.net to see detailed information about your IP address.
Connect to a server in a different country and check the IP.
If it still shows your real location, you’re dealing with a VPN leak like a WebRTC leak or DNS leak.
This tool can also show you details that websites use to pinpoint your fingerprint, like your physical location and time zone, and information like your screen resolution or the plugins you’re using.
And, finally, another tool that I quite like is DeviceInfo.
Although it works on the same principle as the other tools I already mentioned, you’ll really get the scope of information you give away to websites without being aware of it.
Browser Cookies vs. Browser Fingerprinting: What's the Difference?
By definition, cookies are files that websites install on your browser to make your online experience more convenient.
There are all sorts of cookies, and some are more intrusive to your privacy than others.
Still, website cookies are something most people are familiar with.
After all, any time you open a website, you’re greeted with a pop-up asking you to allow website cookies.
And that’s the crucial difference between the two.
When it comes to browser cookies, websites ask for your permission.
You can either allow some, all, or none.
Even if you allow cookies, you can always disable them in your browser settings.
However, with browser fingerprinting, websites collect information about you without asking, and the worst thing is it’s done legally, at least for now.
Another notable difference is that, unlike cookies, you can’t disable browser fingerprinting.
The whole process is done “secretly” on your browser, without the option to turn it off.
Some say that digital fingerprints are the “cookies of the future,” and they might be right.
But that doesn’t mean you can’t do anything about them.
In fact, there are a few things you can and should do.
Let’s go through the options.
How to Prevent Browser Fingerprinting?
Most websites won’t work on your browser without these scripts.
This means you can’t really disable the scripts and prevent browser fingerprinting.
You can, however, affect what these scripts learn about you by making your fingerprint too random or too generalized.
Here are some of the most important things you can do to minimize the effects of browser fingerprinting.
1. Disable JavaScript
JavaScript is a programming language that enables website interactions.
However, it also allows websites to detect information like your browser’s plugins and fonts, contributing to the overall browser fingerprinting process.
And while you can’t disable browser fingerprinting, you can disable JavaScript.
You can either manually do it on your browser or opt for the much easier option and use a browser add-on like NoScript.
The software extension blocks JavaScript, Flash, Java, and other executable content on all websites.
It’s also convenient, allowing you to whitelist the websites you trust.
NoScript presently works with Firefox, other Firefox-based browsers, Google Chrome, and SeaMonkey.
If you’re using one of these browsers, I highly recommend it.
2. Revisit Your Extensions and Plugins
Just a few years back, I had so many browser extensions – one for pretty much anything.
That was until I learned that having so many can be a potential privacy risk.
With each browser plugin or extension you install on your browser, your digital fingerprint gets more unique, making it easier for websites to identify you.
Now that you know this, it’s time to do a cleanup.
Remove the browser extensions and plugins that you don’t use daily.
Don’t just disable them, but completely uninstall them and only leave those that are absolutely necessary.
Instead of using browser plugins and extensions, when possible, you can use standalone desktop software on your computer as an alternative.
For example, instead of handling your passwords with the LastPass browser extension or spell check with Grammarly for browsers, you can download the software on your Mac or PC.
3. Use Anti-Malware Software
When your online privacy is jeopardized, you’re susceptible to cyberattacks.
Whether it’s malware attacks, viruses, or other exploits, you should consider quality anti-malware and antivirus software.
I recommend Kaspersky antivirus software, which comes with its own VPN, or Malwarebytes, which is fairly cheap for personal use.
4. Keep Your Software Updated
Although updating your software might not seem relevant to browser fingerprinting, it absolutely is.
It’s not enough to use anti-malware or antivirus software.
It’s also essential to keep it updated at all times to keep cybercriminals at bay.
That, of course, applies to any software that you have on your computer.
Even one simple slip-up can be damaging to your privacy.
5. Use Tor Browser
The Tor browser is notoriously known for its connection to the dark web.
However, using Tor is so much more than that.
The browser is extremely private, and it doesn’t allow any fingerprinting.
It’s also compatible with most operating systems and easy to set up.
It might take some time to get used to it.
But if you’re privacy-conscious and you really want to take every precaution, you’ll learn it in no time.
And don’t worry, Tor is completely legal, as long as you’re using it legally.
One downside to using Tor is that it’s much slower than your regular browser.
Forget about things like streaming, online gaming, or anything that requires a faster connection.
My advice for an alternative is Firefox.
In recent years, the browser has been working on upgrading its security features.
Nowadays, you can customize your browser to make your experience much more secure.
Firefox is actively fighting against fingerprinting.
The browser blocks third-party requests to companies that use fingerprinting to collect your data.
6. Use DuckDuckGo Instead of Google
When it comes to search engines, most of you know that Google tracks its users extensively.
But do you know to what length?
If you’re using the Google search engine while reading this article, click here to see your personalized ad settings.
The first thing you’ll notice is personal information like your age and gender, the websites that you visit regularly, and your interests.
Needless to say, Google allows fingerprinting.
That’s why you should opt for a privacy-friendly search engine, like DuckDuckGo.
DDG is an excellent alternative to Google, as it prevents websites from generating digital fingerprints on their users.
Instead, DDG gives out false positives to websites, and the search engine doesn’t store personal profiles.
It’s a big myth that search engines need to track your personal search history to make money or deliver quality search results. We've been profitable since 2014 w/out storing or sharing any personal info on people using DuckDuckGo.
— DuckDuckGo (@DuckDuckGo) August 6, 2021
@yegg explains how: https://t.co/9jEHdShX2f
7. Use A VPN
Finally, one last recommendation from me is to use a VPN regularly.
Websites can still track some of your information, but with a VPN, you’ll be able to hide your IP address, and thus, your real physical location.
Keep your privacy intact by applying most or all of the tips I listed in this article.
Then, take your online privacy a step further and get a premium VPN, like NordVPN or ExpressVPN.
Conclusion
If your test results are not what you expected, perhaps it’s time to try out the tips I listed above to protect yourself from browser fingerprinting.
My advice is to always keep an open eye on new possible threats, invest in good security software, and remember to use a VPN as much as you can.
Pick one that values your privacy, like NordVPN.
It keeps no logs since it’s located in Panama, where data retention is not mandatory, plus it constantly invests in top-notch security features.
So, if you are privacy-conscious like I am, grab this discount and try NordVPN for yourself.
In the meantime, remember to constantly improve your online habits and not underestimate the importance of online privacy.
There will always be something or someone who’ll try to invade your privacy, but as long as you’re aware and careful, you’ll always remain one step ahead.
