How You Can Be Tracked By Your Browser’s Fingerprint and How You Can Stop It

Digital Browser Fingerprint

You have your browser set to Private Browsing or Incognito mode where it doesn’t store coookies or history. You load up your favorite VPN, Tor, or I2P and are thinking, “I am totally secure and no one can track me now.” Wrong. You still are possibly leaving a digital fingerprint or browser fingerprint behind. Just because you have a secure computer and can change your IP, people can still find you. Browser Fingerprinting is how some agencies have been able to identify people even through Tor or a VPN.

The EFF, or Electronic Frontier Foundation, discovered this a few years ago and has set up a website to demonstrate their findings. Check out the website below, run their fingerprinting test, and see if your online fingerprint is unique to you out of everyone they have tested. Im guessing it will be.
https://panopticlick.eff.org

How does browser fingerprinting work? Once the tracking script is loaded and executed in your browser, it will detect detect things like fonts installed, screen resolution, browser, operating system, addons, and the exact versions of each. A hash is then made based on all the information the script has collected. That hash can help identify and track you like an IP address would.

I had a website where people were using VPN’s and Tor to connect to it to try and do nefarious things on it. Since they could change their IP with one click, I had to implement a different way to track and block them. I used a browser fingerprinting method to do just this. They could still get around the block by changing their resolution or browser, but it made it harder for them, and eventually they gave up.

From what I’ve seen so far, online fingerprinting utilizes javascript, flash, java, or silverlight, so you can still remain fairly safe by using browser addons like NoScript and only whitelisting or allowing scripts that you are certain are safe and not tracking you. However, This can be annoying and a tedious hassle because disable javascript will break most sites functionality. Instead of disabling scripts which can break websites, you can use an addon called Secret Agent, which randomizes your HTTP User Agent to prevent fingerprinting. This allows you to be bypass most fingerprinting without any annoying or negative effects. Disconnect.me is also a very popular privacy addon. This addon, which was founded by an ex-Googler, says “the browser extension helps users monitor and block more than 2,000 websites from collecting their data online.” Ghostery is another browser addon to help protect your privacy and curb companies tracking abilities. [More Info on Ghostery]

People are trying more and more advanced techniques to be able to fingerprint and track you online. One such example of this is called HTML5 Canvas Fingerprinting. The following browser addons are noted for their ability to block Canvas Fingerprinting.

Privacy Badger
DoNotTrackMe
CanvasFingerprintBlock

If you take away anything from this article, just know that it is easier than most people think to track people online. You should check out all the software and browser addons mentioned in this article and see which one or combinations of ones are right for you. There is no 100% certain way to prevent all forms of tracking, however with a little background knowledge and the right configuration and software, you can greatly reduce your chances of being tracked.

Here is some sourcecode that you can look at to learn from or use to implement a browser fingerprinting tracking system on your site. https://github.com/Valve/fingerprintjs

8 thoughts on “How You Can Be Tracked By Your Browser’s Fingerprint and How You Can Stop It”

  1. El Generali says:

    Most people think browser fingerprinting to be intrusive and a breach of privacy and they are correct, however, it’s not done (in most cases) just for the sake of it. They do it to try to prevent fraud. Any kid with a computer can buy a stolen credit card online and then attempt to use it. Any kid with a computer can Google “how to hack facebook”. It’s due to things like canvas fingerprinting that 90% of theses idiots get stopped. The other 10% use special browsers to stop fingerprinting and bypass most of these security features, so its far from ideal. See “Fraud Fox” or “antidetect” as examples of such browsers.

  2. Why can’t the browser makers stop this pretty easily ? I don’t see why most sites need to know what OS I’m running, or what fonts I have installed, or what add-ons I’m running. I don’t want to disable all Javascript.

    1. admin says:

      Unfortunately Google or Mozilla probably don’t truly care about our privacy. That’s why I listed a bunch of addons which can fill in where the Browser fell short. I have updated the article with a bunch more addons and extensions by the way.

  3. There are so many more ways to fingerprint a browser without JavaScript. http://www.browserleaks.com/ discusses many of them, and http://www.browserleaks.com/canvas does so without an JavaScript at all.

    The point is, if you get on the Internet, you can be tracked, profiled, and de-anonymized, especially with a web browser.

    1. admin says:

      There is an addon called “CanvasFingerprintBlock” which blocks calls to the HTML5 Canvas feature thus blocking tracking through that method. However, I do agree with your statement that there is no sure fire way to prevent all tracking. Just being aware of the topic and and a few methods to prevent tracking puts you a step or two ahead of most people. I like to be as secure and anonymous as possible, but there is never a sure thing with computers or the internet.

    2. Anon says:

      Canvas fingerprinting requires JavaScript to draw on the canvas and to capture the generated image as a fingerprint. In fact, the page you linked to (http://www.browserleaks.com/canvas) shows excepts of the JavaScript code used.

Leave a Reply

Your email address will not be published. Required fields are marked *