Browser Fingerprinting: A fingerprint that can track user private browsing.

By | July 20, 2017

Browser Fingerprinting: A Technique Used to Track Users in Private Browsing (or) Incognito Modes.

Even with the rise of more sophisticated Web and mobile applications web browsers are still the dominant interface for connecting users to the Internet.  Almost every modern operating system has default web browser pre-installed. Some of them are: Microsoft has Internet Explorer and Edge.  Apple has Safari, and ChromeOS has Chrome as default.

Besides, web browsers such as Mozilla’s Firefox, Opera are operating system-independent and contribute high in the competitive and diverse browser market.  Despite their features how much security or privacy can they offer to the user?

Browser Fingerprinting-InfoSeekOut

I am unique on the web?

The answer is YES.

Just using a private browsing mode or Incognito Mode on your web browser can’t stop you from being tracked.  Almost all the users who are using the private browsing modes can still be tracked by using a technique called Browser Fingerprinting.

 

What is fingerprint? (Or) What is Browser Fingerprinting /Device Fingerprinting /Machine Fingerprinting?

A browser fingerprint or device fingerprint or machine fingerprint is similar to a unique fingerprint of a person.  It is used to track users even though they surf the internet in private browsing modes.

 

How is a Browser Fingerprint / Device Fingerprint created?

A browser finger print can reveal a shocking amount of information about a user’s identity.  It is created with the collection of information about user’s browser configuration such as browser name, version, language, time zone, add-ons installed.  Not only that but also Operating System, Operating System Version, screen resolution, fonts, camera, and microphone etc.

 

How are the fingerprints collected?

Even though after turning off cookies and using private browsing fingerprints can still be collected.  Some of the parameters used are client-side scripting languages.  Likewise, JavaScript which is used by a high percentage of websites, and by default enabled on all major browsers.  User-Agent string – a field in the HTTP Request Header which allows the web server to set a string for the browser version.  Not to mention, HTML5 or CSS, the list of plugins, cookies preferences, Do Not Track preferences and various headers such as Connection, Encoding, Language etc.

 

What are the advantage & disadvantages of Browser Fingerprinting / Fingerprints?

Browser Fingerprinting or Fingerprints can be used as a way to combat online frauds like credential stealing.  By all means verifying that a user who logs into a particular site is in like manner the authentic user.

Browser Fingerprinting or Fingerprints can also be used, to put it another way by attackers to know the software modules likewise browser versions, language, fonts, plugins, etc. that are installed on a particular device.  Attackers with those exploits can track users across web sites and be able to collect information about their habits and tastes without users knowing it.

 

Where to carry Browser Fingerprint test?

AmIUnique(https://amiunique.org/) is one among the best websites to check your browser unique fingerprint.  The website is created and maintained by a group of researchers with an aim to provide users with basic information about their system and browser configuration.  Also, how trackable it is.

Other than the above, few more best browser fingerprint testing website are:

  • http://noc.to
  • http://fingerprint.pet-portal.eu

 

How to carry Browser Fingerprinting test?

To carry Browser Fingerprinting test on AmIUnique:

Visit the website https://amiunique.org/

Click on the button “Visit my browser fingerprint”

That’s it.  You will be displayed with a result.

 

To carry Browser Fingerprinting test on Fingerprint Pet-Portal:

Visit the website https://fingerprint.pet-portal.eu/

Click on “Start the fingerprint test!”

That’s it.  The result will be displayed to you.  Click on details tab for information such Locality, Operating system, Screen resolution, Timezone, User Agent String, HTTP Accept, Plugins installed, and Fonts installed.

Click on details tab for information such as Locality, Operating system, Screen resolution, Timezone.  Not only that but also, User Agent String, HTTP Accept, Plugins installed, and Fonts installed.

 

To carry Browser Fingerprinting test on Noc:

Just open the web browser and enter a link.  To put it another way, no action is required.  By all means, the website displays all the unique information.

 

How to minimize the attack surface and decrease success rate an attacker?

Browser Fingerprinting is an alternative to cookies.  The existing counter-measures like Private Browsing and Incognito mode are of limited or no use as they don’t alter a browser’s fingerprint.

Even though privacy conscious users who use browser plugins to manage cookies and other Virtual Private Networks mechanisms are in like manner make their fingerprints more different, but not less.

Nonetheless, there is no single and good way to protect yourself from tracking.  But, there are few things that you can do to make your fingerprint less distinct.

 

Use the extensions like:

AdBlock Plus: blocks all annoying ads

Disconnect: allows you visualize and block the invisible websites that track you

Ghostery: increases browsing privacy, protection, and speed by blocking trackers on the Web.

Lightbeam: shows who’s tracking your online movements

NoScript: blocks malicious and unwanted scripts like Java, JavaScript.

Privacy Badger: blocks spying ads and invisible trackers

Self-Destructing Cookies: Automatically removes cookies from local storage as soon as you close browser tabs

uBlock Origin: An efficient ad blocker which is easy on memory and leaves less distinct CPU footprint.

 

Use Search engines like:

DuckDuckGo: The search engine that especially doesn’t track your online activities.

 

Use browsers like:

Tor browser: A browser that you can use on Microsoft Windows, Apple MacOS, or GNU/Linux without installing any software.

 

Use operating systems like:

Tails: Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distro aimed at preserving privacy and anonymity.

Additionally, it is a live operating system that you can start and work on almost any computer from a DVD, USB stick, or SD card.

 

Use software like:

TrackOFF: A privacy software that secures your identity & personal data online instantly.

 

Who else working (or) doing research on browser fingerprinting?

The Electronic Frontier Foundation (EFF) is the leading non-profit organization protecting civil rights in the digital world.  It was founded in 1990.  From time to time, they work to ensure that rights and freedoms are enhanced and protected.  Because of the public use of technology grows.

On this side, in 2010 EFF launched Panopticlick.

 

What is Panopticlick?

Panopticlick is a website or an online tracker tool created with this intention of uncovering techniques used in online trackers and also tests the efficacy of privacy add-ons.

In the first place, the tool gathers information about the configuration and version information.  In brief, your operating system, browser, and plug-ins.  Further, compares it with EFF database of many other Internet users’ configurations.

Then, it generates a unique score allowing you to see how easily identifiable you are when you surf the web.

In 2015, EFF released an upgraded Panopticlick 2.0 with a new feature called tracker blocker testing.

 

Why should you run a test on Panopticlick?

Running tests on Panopticlick gives you an enormous amount of tracking information about your browser.  In fact, it also helps EFF use statistical methods to assess the abilities of Internet tracking and advertising companies.

 

What tracking information do they collect?

Panopticlick anonymously logs the following information, and compares it to with a database of many other Internet users’ configurations:

  • User agent string from each browser
  • HTTP ACCEPT headers sent by the browser
  • Screen resolution and color depth
  • Timezone of system set to
  • Browser extensions/plugins, like Quicktime, Flash, Java or Acrobat, and the versions of those plugins
  • Fonts installed on the computer.
  • Whether your browser executes JavaScript scripts or not
  • Yes/no information saying about whether the browser accepts various kinds of cookies and “super cookies”
  • A hash of the image generated by canvas fingerprinting and WebGL fingerprinting
  • Yes/no about whether your browser is sending the Do Not Track header
  • Computer system platform (e.g. Win32, Linux x86)
  • Your computer system language (e.g. en-US)
  • Your browser’s touch screen support

 

Conclusion:

In conclusion, for day-to-day browsing, the best options are to Use the Tor Browser, Disable JavaScript and use a “non-rare” browser that will block some tracking info (unfortunately not all) from the domains that try to perform browser fingerprinting.

Leave a Reply

Your email address will not be published. Required fields are marked *