Browser Fingerprinting For The Clueless

What’s Browser Fingerprinting?

Browser fingerprinting is a way people can track your online activity without using cookies or your Internet (IP) address. Fingerprinting even works if you’re using a VPN.

Once someone has your browser fingerprint, they can start monitoring your activity on any websites they control, advertise on, or buy information from.

Then they just need any kind of data that links any of your accounts to your real-life identity (credit or debit card transaction, mentioning a real name somewhere, etc.), and they know exactly who you are and what you’ve done online.

How Does Browser Fingerprinting Work?

When you visit a website with scripting turned on (which 95% of websites require if you want them to work correctly), it allows the site to run a series of tests to see what your web browser can do. It tests your video, your audio, and what plugins and hardware you have.

Because stuff like software update versions and video card speeds are so specific, it’s easy to combine all of these results into a unique profile that only you could have. That’s a browser fingerprint.

If you want to test it out, visit AmIUnique and try it for yourself.

Once someone has your unique browser fingerprint, they can sell that information on the open market, and soon everyone will have it: Governments, advertisers, law enforcement, and even private citizens who pay for the service.

What Kind Of Stats And Settings Make Up A Fingerprint?

On the video side, these scripts try to scrape: Browser window size, color depth, draw speeds, fonts, menu bar settings, graphics driver versions, web browser versions, and OS patch level.

On the audio side: Audio driver version, media device brands, available microphones, preferred audio formats, sound card firmware, device permissions, and browser audio settings.

And they can capture miscellaneous settings too: Keyboard layout, local storage permissions, geolocation settings, timezone, battery status, and plugin status.

All of these can combine to make a unique fingerprint that is used to track you.

Does Browser Fingerprinting Work On All Web Browsers?

Some browsers (Like Brave and Tor) try their best to mask your browser fingerprint. But it doesn’t always work. The amount of data that still leaks through can often be enough to make a unique ID. Browser fingerprinting is getting better every day, and these projects just don’t have enough manpower to keep up.

Also, web apps often use browser technology to create their user interface, so they’re vulnerable too. They may or may not send all of the same amounts of information to other sites, but it’s quite possible to be fingerprinted through a web app as well. It just depends on the function of the web app, and who is on the other end.

How Do You Prevent Browser Fingerprinting?

Either totally turn off scripting, which will break most sites on the Internet beyond the point of usability…

…or grab a good privacy app. In this case, you want a privacy app that runs each of your browser tabs and web apps on separate remote servers and streams the results back to you. That way the fingerprint will be of the remote virtual machine, and not your PC or mobile device. And every time a new tab is opened, a new fingerprint will be generated. These tabs shouldn’t share information between them unless you allow it.

An example of a privacy app that works like that is Hoody. It will also give you a different IP address, let you get around government censorship, and its encrypted network performs three times faster than your average VPN.

That’s your best bet at the moment. Browser fingerprinting tech is always advancing, and it takes a dedicated team of security and privacy experts to keep up. Stay safe out there!

If you want to know more about fingerprinting, then check out our Full Device and Browser Fingerprinting Guide.