How to Protect Yourself Against Browser Fingerprinting

Browser fingerprinting is a powerful technique of tracking users all around the internet and uniquely identify them by the device they are using.

There is a lot of collected data involved in browser fingerprinting and it's a tricky job to prevent it. Especially because most of the data is tracked behind the scenes, without us being aware of it.

Although completely preventing browser fingerprinting is not impossible, it involves giving up a lot of the commodity that comes with using certain services, something that many users are not ready to do yet.

Still, there are ways in which you can limit the amount of data collected for browser fingerprinting and we'll go over them in this post.


What is browser fingerprinting

Browser fingerprinting is all the identification information collected about a device. Fingerprints are used to identify individual users even in scenarios when cookies aren't stored, the IP address is hidden, or multiple web browsers are used on the same device.

The data being collected includes your operating system, your timezone, installed plugins, screen resolution, installed fonts, language, and many more.

In fact, any setting you change in your browser is a variable that can make your fingerprint more unique. This is why it's not a good idea to go overboard with changing lots of settings in your browser or to install tons of extensions.

You can check to see how unique your browser fingerprint is by using one of the following sites:

What makes a fingerprint?

To limit the amount of data collected to create your unique fingerprint, it's important to first understand how websites and companies collect data about you when you're browsing online.

Cookies

Cookies are a well-known method for websites to collect information about users. Cookies are small files stored on your computer or device, that store a small amount of information about you. They hold information such as your online activity and data about your browser.

You must understand that cookies are not all the same. While some can be permanently deleted, some are more difficult to get rid of.

  • Supercookies - While traditional cookies have an origin specific to specific domains (website.com), supercookies https://en.wikipedia.org/wiki/HTTP_cookie#Third-party_cookie have a top-level domain origin (.eu,.com). They can be extremely dangerous for users' security as cybercriminals are able to mimic malicious requests to websites that share the same top-level domain and fake logins. For instance, say a supercookie with the .eu origin is stored on a user's device. An attacker could affect a request made to website.eu, even if the supercookie originated from that website because it was not specified. The newest versions of web browsers block the use of supercookies, but those using older versions might be vulnerable to supercookies and the security risks that come with them.
  • Zombie cookies - Some cookies can recreate even after they have been deleted. This happens if the cookie's content was saved in multiple places such as HTML5 Web storage or Flash Local shared object. When the cookie is deleted, it will be rebuilt by pulling the information sored in other locations.

Canvas fingerprinting

Canvas fingerprinting is one of the newest browser fingerprinting technologies. With this technique, the HTML5 canvas element is exploited instead of using browser cookies. Canvas is the HTML5 element that is used to render graphics and animations on the page using JavaScript. The HTML5 canvas element contains information about your installed fonts, your graphics driver, and more.

Your IP address

Websites can see your IP address at any time, meaning they are able to track your location and it is a unique identifier.

JavaScript and Flash

Many data about users can be drawn from both JavaScript and the Flash plugin. Though JavaScript, browser-specific data such as installed plugins, list of fonts, user agent, language, and many more can be pulled. The Flash plugin gives access to system-specific information such as the list of installed fonts, the operating system version, timezone, platform, language, and screen resolution.

Cross-browser fingerprinting

The above browser fingerprinting techniques create a fingerprint specific to one web browser. If you're using Google Chrome and websites created a fingerprint for you on that browser, when you switch to Firefox, they won't be able to track you there - a new fingerprint will be created.

With the introduction of cross-browsing fingerprint technology, now websites are able to track your fingerprint across multiple browsers. And it turns out the results are also more accurate than with single-browser fingerprinting.

Learn more about how browser fingerprints are used and how accurate they are:


How to protect yourself against browser fingerprinting

Private browsing

When you're browsing in Incognito Mode or Private Mode, cookies will only be stored as temporary files and they will be deleted when you finish the session (closing the incognito window) along with the cache and the information entered in forms.

You'll notice that you can't find the websites you visited in Incognito Mode in the History tab. Another distinguishable aspect is how the ads behave. There are fewer chances you'll be followed around by personalized ads based on what you've been searching in private mode. For example, if you use an incognito window to look for yoga mattresses, it's less likely you'll see yoga-related ads in the future.

While the incognito mode prevents websites from storing cookies and collecting part of the information, it doesn't mean you are completely invisible. Websites are able to see your IP address, hence they will record your visit and where it came from, information usually used for analytics.

Learn more about what Incognito mode does and doesn't hide:

Use Firefox

When it comes to online privacy, Mozilla Firefox is one of the best browsers you can use. With little tweaks to the privacy settings, Firefox can become a lot more private than other popular browsers such as Chrome, Opera or Safari.

Firefox's Enhanced Tracking Protection will give you more privacy with less tracking. Enhanced Tracking Protection is a set of features that block a lot of common trackers and malicious scripts and limits the amount of data third parties collect about your browsing behavior.

What tracking Firefox blocks:

  • Social media trackers - Social media platforms embed trackers on other websites so they can follow around your activity on the web: what you do, see and watch. By default, Firefox blocks common trackers from Facebook, Twitter, and LinkedIn but the blocking is limited so it doesn't cause the websites to crash. The strict mode blocks even more trackers but some websites might not display correctly.
  • Cross-site tracking cookies - These cookies follow you around multiple websites so companies can get a complex profile of your browsing habits. Firefox block these kinds of cookies. Other cookies, such as those that remember what's in your shopping card are still allowed.
  • Cryptominers - They are a type of malware that use your system's computing power to mine digital currency. Firefox blocks cryptominers in both Standard and Strict mode.
  • Tracking content - When websites load external content on their page (e.g. videos, ads, forms, buttons), the code behind the content contains trackers. With the Standard mode, Firefox only blocks tracking content in Private Mode but, with the Strict mode, these trackers are blocked everywhere.
  • Fingerprinters - Fingerprinters collect data about your browser and device so it can create a detailed profile of you to follow you around the web. Examples of the data collected are your OS, device, language, installed fonts, info on your network connection, extensions on your browser. In the Strict mode, fingerprinters are blocked.

Browser extensions

Privacy Badger

Privacy badger is an add-on that blocks third-party trackers from recording your online activity. It works by keeping track of the websites you go on and, if it notices that an advertising company tracks you across multiple websites, it automatically blocks that advertiser from loading more content in your browser.

What Privacy Badger says about browser fingerprinting:

Browser fingerprinting is an extremely subtle and problematic method of tracking, which we documented with the Panopticlick project. Privacy Badger 1.0 can detect canvas based fingerprinting, and will block third party domains that use it. Detection of other forms of fingerprinting and protections against first-party fingerprinting are ongoing projects. Of course, once a domain is blocked by Privacy Badger, it will no longer be able to fingerprint you.

uBlock Origin

uBlock Origin is a free and open-source efficient blocker that blocks intrusive trackers and ads (including annoying Youtube Ads). Besides adding more privacy to your browsing, it can also speed up page loading.

Because some websites won't allow you to access the content when you have an ad blocker enabled, uBlock provides users a button to turn off the blocking on a specific website either temporary or entirely.

Disconnect

Disconnect is another browser extension designed for privacy. Their free basic tool blocks major third-party companies from tracking the websites you visit by automatically detecting if your browsers connect to anything than the website you're visiting. Not only this is a great extension for improving your privacy, but by blocking tracking requests, the page and app loads will speed up.

All you have to do is install the extension and it will run in the background with the default settings. You are able to block or unblock third party requests in your toolbar view either individually or by categories (advertising, analytics, social).

NoScript

NoScript is a browser extension that identifies and blocks scripts on websites. It allows JavaScript, Java, Flash, and other plugins to be executed only by trusted sources.

This extension is not an install and forget about it type of tool. It must be configured to work properly and it can take time to find the perfect configuration so that pages won't break. If you don't have the patience to learn its ways, then uBlock Origin is a good and easy alternative.

JavaScript and Flash

If JavaScript and Flash are not enabled on your browser, websites can't get data about what plugins you have installed, the fonts you use, and it will limit the amount of cookies that can be installed.

The downside of disabling JavaScript is that some websites will not display properly. For example, Facebook doesn't run without JavaScript.

The most efficient way to keep JavaScript and Flash disabled is to use the NoScript browser extension we mentioned above. It disables JavaScript by default. But if you should happen to run into a website that doesn't work without it being enabled, you can turn off the restrictions only on that particular page with only two clicks.

Tor browser

Tor is the most popular software that allows you to surf the internet anonymously. You can also find it referred to as the onion browser because it comes in the form of a browser you install on your device (as you do with Google Chrome).

The Tor browser makes your IP and location invisible, creating a secure way to access the internet if you want to keep your privacy safe. This is why it's known to be highly used in the cybercrime landscape.

Tor works by encrypting the data in multiple layers. When you send an online request, it will pass through at least three nodes (servers) before it reaches its destination. The nodes are chosen randomly so the path followed by the data is never the same. The whole route your data takes until it reaches the target destination is not visible to any of the nodes it passes through. One node can only see where the request is coming from, and where it’s going.

The disadvantage of Tor is that the internet connection might get significantly slower, which makes it not suitable for streaming videos or file sharing.

VPN

A VPN (Virtual Private Network) is a type of technology that encrypts your online communication and allows you to browse the internet in a more private and secure manner.

A VPN represents a network of multiple servers located in various countries around the world. The data that’s sent from your computer, is first sent to a VPN server before it reaches its destination. Same happens when information is sent from the internet to your computer, it first passes through a VPN server then it’s transmitted to your device.

When you make an online request (accessing a webpage, downloading) using a VPN, the VPN client encrypts the data and makes your real IP invisible. When you’ll connect to a website, it won’t show your real IP and location but the IP and location of the VPN server your data is transited through.

When you choose a VPN provider make sure that it comes with a kill switch.

The kill switch makes sure your data is never exposed by mistake and prevents your real IP address to leak. What the kill switch does is it automatically stops all your internet traffic if the internet requests fail to go through the VPN server.

In today's world, VPN services are more than some services for geeks and tech enthusiasts. They became a necessity for any online user who wants to have a more private browsing experience, with less tracking and limited browser fingerprinting.

So if you are concerned about your privacy, you should consider investing in a VPN service. There are a lot of affordable options out there you can opt for.

Our VPN software is affordable for any individual and comes with various benefits.

Fast, secure, no logs VPN software from DrSoft

Fastest, highly secure and anonymous VPN software