What is Browser Fingerprinting and can You Stop it?

By now you are probably aware that almost wherever you go on the Internet, someone will try to track you and collect your data.

Websites, for instance, use cookies. These are small data packets that the website stores on your device upon your first visit and they hold data that gives the website information about you, including how they might improve your user experience.

However, cookies also collect data for statistics, web analytics and marketing purposes.

Most people are by now wise to cookies and there are different methods to delete or block them.

For instance, almost all browsers have an option to  block cookies (usually hidden away, but with a little persistence, you will find it).

Taking Safari as an example, you can find this by going to Safari > Preferences > Privacy > Block all cookies. 

Easy-peasy. This will stop them from tracking you and collecting your data, right?

Well, no. There is another method that is even more invasive and is able to collect more data from you.

It is called browser fingerprinting.

What is Browser Fingerprinting?

So what is browser fingerprinting? 

Browser fingerprinting is a way to match a browser activity to an individual device.

Each time you use a laptop or smartphone to connect to the Internet, the receiving server will collect a great amount of data about what websites you visit from your laptop or smartphone.

Think about it as fingerprints that the police use to identify suspects. If your fingerprints are found at a crime scene and they are in the police database (you probably gave it to them when you were getting your ID or driver’s license), they’ll know exactly who you are and likely where to find you.

But how accurate is browser fingerprinting? We know from almost 170 years of forensic experience (the first fingerprint was used in 1858 by Sir William Herschel, an English administrator in India), that now two people (not even identical twins) can share the same fingerprint.

How does browser fingerprinting compare to that?

It’s probably not as unique, but according to the Electronic Frontier Foundation (EFF), only 1 in 286,777 browsers share the same fingerprint as another user.

This might not be as unique as 1 in 7.8 billion, but it’s still pretty unique.

How is it Collected?

Here’s a good question. How is browser fingerprinting collected?

This can be done in one of four ways:

1. Through user agents and accept headers

These are sent to websites automatically whenever a connection is initiated.

2. With the HTML5 <canvas> element

The original purpose of the HTML <canvas> was to draw graphics on a webpage. However, this element also generates the browser’s background color settings, font size and some other data on a website, which can be used to create a unique digital fingerprint.

3. Via JavaScript

The JavaScript provides access to many browser features, including:

• Your screen resolution;
• Color depth;
• OS platform;
• Timezone;
• Do you have cookies enabled;
• What plugins do you have installed;
• Use of local and session storage;
• Do you use an ad blocker;
• And more.

4. Through Adobe Flash

If you have the Adobe Flash plugin installed on your computer, its API will provide access to things like:

• What operating system (OS) do you use;
• Your timezone;
• Screen resolution;
• Fonts you are using;
• Etc.

Why is Browser Fingerprinting Used?

So why is browser fingerprinting used and is it always bad?

Websites and advertisers want to collect as much data about their visitors as possible. The more that data is unique to a specific visitor, the easier it is for advertisers to create a unique profile of them.

This means that they can target the user with their adverts even better and, consequently, increase their revenue.

By and large, both browser vendors and the standard bodies responsible for online data protection, agree that online tracking methods, like browser fingerprinting, are “potentially harmful to users and cannot be meaningfully understood or controlled by users”.

However, in some instances, browser fingerprinting is actually a good thing.

It can, for example, help banks identify whether an account has been accessed from a different location or a different device in a short time span and thus identify a potential fraudster.

Another way that browser fingerprinting can actually be useful is in identifying online bots and their characteristics since botnet connections always use a different device to establish themselves.

Using this, one can spot suspicious online behavior and potential fraud.

How to Test Your Browser Fingerprinting?

Can you see what your digital fingerprint looks like? You can and there are several tools that can test your browser fingerprint.

We’ll name the two biggest test tools here, show you how to use them and at the end, compare their results.

1. Am I Unique? 

Am I Unique collects the following 19 data attributes to create a unique browser fingerprint:

• the User agent header;
• the Accept header;
• the Connection header;
• the Encoding header;
• the Language header;
• the Upgrade Insecure Requests header;
• the Referer header;
• the Cache-Control header;
• the BuildId of the browser;
• the list of plugins;
• the platform;
• the cookies preferences (allowed or not);
• the Do Not Track preferences (yes, no or not communicated);
• the time zone;
• the screen resolution and its color depth;
• the use of local storage;
• the use of session storage;
• a picture rendered with the HTML Canvas element;
• a picture rendered with WebGL;
• Supported Audio formats;
• Supported Video formats;
• the presence of AdBlock;
• the list of fonts.

To check your browser fingerprint with Am I Unique, simply go to their website and on the main page click the “View my browser fingerprint” button. Keep in mind that this will put a cookie on your browser for the next four months.

For example, here are my results:

I am unique among 3.258,390 fingerprints (all time) and 105,029 (30 days).

2. Cover Your Tracks

Cover Your Tracks (formerly Panopticlick) is a research project by the EFF that shows how trackers view your browser. It can test if your browser:

• Blocks trackers (both “whitelisted” and invisible ones);
• Blocks tracking ads;
• Unblocks “Do Not Track” websites;
• Is your browser protected against browser fingerprinting.

To check this, go to the Cover Your Tracks page and click the “Test Your Browser” button.

My results are as follows: 

According to the tool, my browser fingerprint is unique among 286,298 tested in the past 45 days.

As you can see, both “Am I Unique” and “Cover Your Tracks” show pretty consistent results, with maybe some disparities here and there, but that is mainly due to the techniques and databases they are using for browser fingerprinting.

Can You Stop Fingerprinting?

Reading all of this, you are probably wondering “can I stop or prevent browser fingerprinting?”

Unfortunately, according to a paper by Jiexin Zhang and Alastair R. Beresford from the University of Cambridge (SensorID: Sensor Calibration Fingerprinting for Smartphones), some forms of browser fingerprinting cannot be completely stopped.

What you can, however, do is mitigate it and reduce how much digital fingerprint you leave behind.

Here are several methods you do to accomplish that:

1. Browse Incognito

Popular browsers, including Google Chrome, Apple’s Safari and Mozilla’s Firefox all offer the ability to browse in incognito or private mode.

How does going “incognito” reduce your digital fingerprint?

This is done by setting the user’s “profile” to certain general data points, which should make your browsing fingerprint more similar to other profiles and reduce its uniqueness. 

However, you shouldn’t rely on incognito mode to provide privacy as your information is still visible to your Internet service provider (ISP) and the websites you visit. In addition, Google has been caught tracking user data even in incognito mode.

2. Disable JavaScript and Adobe Flash

Both JavaScript and Flash provide a plethora of information for trackers about you. Here is a table from a 2019 dissertation, titled “Web Browser Fingerprinting: Attack on Privacy”:

You can see in the table that JavaScript and Flash provide the most values for analysis, especially regarding plugins (47,057 distinct values, JavaScript) and fonts (36,020 distinct values, Flash).

Fortunately, you can disable Adobe Flash without much repercussion as it is mainly used by some old websites. In fact, with HTML5 and WebGL, Flash is pretty much dead and is no longer supported by Adobe since December, 2020 and the same goes for all major web browsers as well.

Disabling JavaScript can be a little trickier than this, however, mainly since it may cause some websites to break (not run properly), but this way, they won’t be able to install cookies on your browser or see fonts or plugins you use.

3. Install Anti-Fingerprinting and Anti-Tracking Plugins

Now here’s a tricky one. 

On one hand, using a plugin, or extension, or add-on (so many different words used for pretty much the same thing) will make your digital fingerprint more unique. On the other, certain plugins can help you reduce your fingerprint.

For instance, you can try Privacy Badger by EFF, Canvas Blocker by Fingerprint Project (both available as Chrome plugins), or NoScript for Firefox (also endorsed by Edward Snowden as an anti-state surveillance countermeasure).

Keep in mind that using a canvas fingerprinting blocker may actually make your fingerprint more unique.

4. Use a VPN

A Virtual Private Network, or VPN, won’t protect you against browser fingerprinting per se. Instead, what it will do is hide your real IP address and location from your ISP and make it more difficult for the ISP to keep an eye on your online activities (in some countries this is even mandatory by law).

As such, you should combine VPN with browser fingerprinting protection techniques.

5. Use Tor Browser

Tor browser is created for anonymity and already has many anti-tracking tools by default. This includes:

• Anti-tracking features;
• HTTPS Everywhere;
• NoScript;
• Blocking webGL;
• System cloaking;
• Canvas image extraction block;
• Timezone preferences block;
• Language preferences block;
• Etc.

However, it’s best not to use any extensions or plugins on Tor as, according to Tor Project:

“Plugins or addons may bypass Tor or compromise your privacy.”

6. Use a Popular Browser

Now, this may sound counterintuitive to the whole Internet privacy and anonymity idea, but hear me out.

The whole idea of browser fingerprinting is to find how unique the user is. Using a web browser like Chrome, for instance, is like hiding in a mass of other people that all look very much alike. 

Of course, you still need to keep in mind that Google itself will collect data from you more than likely.

With that in mind, your better option, if you are going to use a popular web browser is Firefox and you can read why in our Choosing the Best Privacy Browser for 2021 article.

How to stop browser fingerprinting?

You cannot entirely stop browser fingerprinting, but you can mitigate it using a privacy-focused browser like Firefox or Tor, installing certain plugins and by using some other anti-tracking and fingerprinting techniques.

Can browser fingerprinting identify me personally?

Luckily, browser fingerprinting is not as accurate as regular fingerprinting that the police use. This (browser fingerprinting) will not show you as 100% unique, but will, depending on different factors (your OS, web browser, plugins, etc.) show you as unique among a certain number of other users.
This is probably not enough to identify you personally, but it is enough for advertisers for instance to make a profile of you.

Conclusion

We all want to be unique and different, but sometimes that can cause more problems than is worth. 

Browser fingerprinting is one of such problems as it can help create a unique profile of you that will help marketers collect data and create a unique profile of you.

This is why you should be aware of it and know how you can stop fingerprinting (or at the very least reduce it).

Hopefully, this article has helped you learn more about what browser fingerprinting is and how you can deal with it.