Photo by Phil Desforges:

Fingerprinting: who needs your fingerprints on the Internet?

Mar 12, 2023

Browser fingerprinting is a technique utilized by websites to identify and track users. Its primary purpose is to personalize ads for users, but it can also help safeguard websites and accounts from unauthorized access.

So, what exactly is a browser fingerprint? A website generates a user profile by examining particular information sent by your browser and compiles it into a unique profile. This is called a fingerprint because, similar to our fingerprints, with enough data, it can be made distinct.

It's important to note that the terms "browser fingerprint" and "device fingerprint" are frequently used interchangeably, but they refer to two distinct things. A device fingerprint is information about a device collected through a browser or application, while a browser fingerprint is a more specific collection of data gathered through the browser.

  • browser name and version;
  • operating system;
  • browser language;
  • screen resolution, etc.

The site you visit can use this information to determine who you are and use this data to target ads.

How does fingerprinting work?

The list of data that can be used to narrow the profile is long and the fingerprinting algorithms are quite accurate.

For example, in a 2016 study , 81% of website visitors made up a unique profile.

This is done not only through passive data such as browser type and screen resolution, but also through more active means, including:

  • Canvas fingerprinting : The fingerprinting script launches an invisible "canvas" over a website that renders differently with the script depending on the type of graphics hardware you're using. This is the way to determine your video card and drivers. WebGL fingerprinting uses a similar method.
  • Sound fingerprint : This type of script analyzes how sound is played on your computer. Slight tone variations can determine your audio driver.
  • Media Fingerprinting : This method detects the media drivers on your computer.

The trick to browser fingerprinting is not to find a single data point that tells the script who you are, but to find as much information as possible and aggregate it to form your profile.

However, fingerprinting is also used for security purposes. For example, your bank takes a fingerprint every time you log in to online banking to make sure you are you. This method raises warnings when you log in from a different location or device.

What is fingerprinting for?

The main reason for creating a fingerprint is so that advertisements can be more accurately targeted to users. By narrowing down the user pool, it is easier for the algorithm to determine which ads to show and which not to, depending on the circumstances. If, for example, the algorithm determined that you are using an Android device, you will not see iPhone-related messages.

Fingerprints can be compared to browser cookies , but despite serving the same purpose, they work in completely different ways . A cookie is more like a tracking device - once it's on your computer, the site will know where you are and what you're doing. The browser fingerprint is more static. It uses established data about you and your device to determine exactly who you are and notes when you visit a site, but cannot track you.

Because of this, the data that the cookie collects is of great value, although you can turn it off. In addition, browsers are increasingly blocking third-party cookies to prevent user tracking. The fingerprint is almost the opposite: since most of the data it transmits is vital to internet surfing, there is no way to turn it off. It's less revealing, but almost imperceptible - and almost impossible to turn off.

How to protect yourself from fingerprinting?

Browser fingerprinting is a difficult technique to evade, as disabling JavaScript or other browser features, such as the Tor browser, may only mitigate some of the data being transferred. This means that while browser fingerprints can offer some level of protection, they can also make it difficult to access certain online resources. Without the data collected by fingerprint scripts, many websites may not display properly. Even using incognito mode or a VPN cannot fully prevent browser fingerprinting, although some browsers, such as Mozilla, claim to block it. Nonetheless, browser fingerprints are still obtained and shared with websites.

Anurag Deep

Logical by Mind, Creative by Heart