So what is browser fingerprinting? Browser fingerprinting or digital fingerprinting is the practice of collecting information on Website surfers. A code runs in the background of many Websites that can obtain information about a visitor’s device, location & habits without requiring their permission. Many of you may have heard of cookies but browser fingerprinting is less commonly known.
There are 2 types of code that run – code that runs in the browser & code that runs on a server. For code that runs in your browser, such as JavaScript, only cookies are regulated so far. No server side collection from HTML5 code is currently regulated. The combination of HTML5 collection techniques & a server side database to store information makes fingerprinting possible.
So What Really Is Browser fingerprinting & What Information Does The Server Collect?
The server can get your IP address, your general location (as opposed to your exact location), the type of device you’re using (although not the serial number), the last Website you visited & the browser you’re using. That is a lot of information, but on its own it’s not enough to “fingerprint” you. What the agent needs is permission for a few final pieces of the puzzle, your device’s serial number & your exact location – this information can be obtained in a number of innocuous seeming ways that most users are unaware of, & the really big thing about it is that it’s absolutely legal, everywhere.
It’s Not All About Cookies
Cookies, without permission, are illegal almost everywhere. But there are so many other ways that a Website can put together a portfolio on you & if they want, use it against you. Also, at this moment, there’s very little that you as an ordinary Web surfer can do to tackle it. There’s very little protection.
Websites use a combination of server side code & HTML5 APIs, such as audio & video APIs to track users, rather than cookies. By using these APIs, users give their tacit agreement for the Website to collect data.
Why Are Normal Protective Actions Useless?
Actions such as clearing browser data & using an incognito browser do not assist in blocking browser fingerprinting because information collected is not stored in cookies on the browser, but rather in a database on the server.
Websites offer users the opportunity to play videos & audio files, to draw images & many other actions, which gives scripts running in the background a host of information about the user, such as the type of plugins being used, the fonts installed on the system, as well as the type of apps the user is engaging with. This information can be used to discern many other vital pieces of information about the type of device the user has, the OS, & so forth. This information along with all the other pieces the code collects can be used to, invasively, track users’ actions & give Website owners valuable information, such as how affluent users are, how many hours they spend Online, how often they use e-commerce Sites & how much money they spend online – all this information is perfect for advertisers & allows Website owners to know who to target.
So What Can You Do To Protect Yourself Against Browser Fingerprinting?
Visit Cover Your Tracks, which is an EFF initiative that shows you exactly how you’re being tracked & what information is being used.
One of the best things you can do is use a commonly used browser which is too generalized to be of much use to the trackers. Another is to use a browser specifically designed to confuse the scripts running in the background, such as the latest version of Firefox.
If you’re using a computer to access the Web, you can install anti-fingerprinting software tools such as those offered by Avast.
For smartphone & Tablet users it’s best to install good anti-tracking apps such as ADgaurd for iOS & Avast for Android.
It’s important to note that apps downloaded to your device can also be used to build a fingerprint-profile that’s why Apple updated its rules for apps in April of 2021 so that it could reject apps that used the practice unnecessarily & force those that used it to benefit the user to declare that they were collecting data & put up a notice so that the user had the right to stop them doing so. We hope Google will, shortly, follow suit.
You may also want to read: Spear phishing: An all-too-common form of hacking
