We have more tools than ever to protect your identity online. You can ban cookies – small pieces of information websites store in our browsers to identify us – block aggressive trackers from our machines, switch to Incognito Mode, cross-check with Apple’s latest iOS update Apps can opt out of tracking, or even go at all. To surf the web only through a highly encrypted Virtual Private Network.
But there is one tracking method that can still surpass these defenses and it is growing in popularity: fingerprinting.
anatomy of a fingerprint
What makes fingerprinting so elusive and difficult to defend is that the data it exploits is essential to the basic functions of the web.
“Fingerprinting is a threat to user privacy because it enables a non-transparent way for companies to track and identify users and devices.”
There’s a valid reason why companies need this data and why they can get it without your explicit permission. You see, all of us web users access the Internet through a variety of different means, and it’s important to ensure that a website or app loads as intended for every user, regardless of which browser or app or phone or computer they use. These sites require you to know certain details about the way you access them. But this seemingly innocuous data collection also powers fingerprinting.
Trackers create your unique fingerprint by tying together the properties of your device such as its display size, its operating system, your language preferences, and more. They match this pattern across all sites and apps to identify you and target you with relevant ads.
Once a website captures your fingerprint, it is possible for track you for 100 days — no matter how many security measures you have taken on your browser.
Since this all happens silently in the background as you surf the Internet, you cannot detect fingerprinting, nor is it possible for you to delete your fingerprint – just like how you can with third-party cookies. . Since your device’s fingerprint will always be the same, this tracking method cannot be limited to specific limitations such as switching to a private window or clearing your browser’s cache.
Patrick Jackson, chief technology officer of Disconnect, a privacy app for iOS and Mac, says, “Fingerprinting is a threat to user privacy because it enables companies a non-transparent way to track and identify users and devices. “
finding a fix
There is currently no great way to prevent fingerprinting, but Internet companies have begun to address the threat and look for possible ways to combat it. Chromium-based browser Brave takes the most compelling shot at thwarting malicious fingerprinting we’ve seen so far.
Brave’s solution is simple: Whenever a website requests the kind of data that could potentially enable fingerprinting, the browser obliges — but it also mixes in just enough noise or random information that it can’t access your data. Doesn’t end the web experience. This allows you to have a unique fingerprint for each session and for each webpage. Therefore, trackers can no longer capture a single fingerprint of you and match it to websites to follow you as your device will signal a different fingerprint each time.
In our tests, Brave was the only mainstream browser that passed the Electronic Frontier Foundation cover your tracks Testing, which determines how effectively your browser can protect against practices such as fingerprinting.
Other browsers, including Safari, Google Chrome and Mozilla Firefox, have had limited success with their existing anti-fingerprinting mechanisms. Unlike Brave, which takes a more dynamic approach to dealing with fingerprinting, these apps have a one-size-fits-all implementation that attempts to limit how much information your device’s data websites can access and to block them. Depends on the list of known fingerprinting domains for . .
hitting a moving target
The reason why these older efforts are no longer effective is because fingerprinting is a widespread, evolving concept. It is a practice that has become more complex with the advancement of the Internet and it becomes more and more sophisticated every year.
For example, some trackers force your browser to draw on an invisible canvas on a web page. When your computer does this, it releases information such as the resolution of its screen. Similarly, trackers can determine your fingerprint based on how your device processes acoustic signals when Plays an audio file online.
Benoit Baudry, a software technology professor at the KTH Royal Institute of Technology, Stockholm, believes fingerprinting is difficult to pin down “because its limits are vague and keep changing.”
“A cookie has a single, specific purpose: to identify a user,” says Baudry. “Meanwhile, browser fingerprinting is ‘re-purposed’ technology to something else. That’s why it’s more difficult to understand than cookies: there isn’t a specific script, object, or packet to intercept.”
Besides cashing in on essential web data, the other factor that prevents browser makers from imposing an outright ban on fingerprinting is that it is also employed for positive purposes such as fraud detection. When websites detect that a user is trying to sign in with a new fingerprint (which essentially means a new machine), they request additional data for authentication to ensure that The source is not malicious.
However, experts such as Zubair Shafiq, an associate computer science professor at the University of California, Davis, argue that fingerprinting is “more for fraud detection use cases.”
At this point in time, several companies are working toward this exact goal – including Google, which is actively researching ways to prevent fingerprinting.
Fingerprinting has so far largely flown under the radar as advertisers and tracking firms have reliable and direct channels to profile users. Now, as the web’s biggest gatekeepers, including Google and Apple, crack down on traditional tracking frameworks like cookies, fingerprinting has been pushed into the limelight, and if its adoption plays out widely, it could be a threat to our privacy. could be the most significant threat. . And this is where it seems.
The presence of fingerprinting trackers in websites has doubled since 2014, and Disconnect’s Jackson also noted that in anticipation of cookies and Apple’s cross-app tracking ban, companies are trying to calculate (and collect) a fingerprint on the device. A large amount of device data is being collected for Or doing calculations on your server with the raw data.”
Pierre Laperdrix, a researcher at the French National Center for Scientific Research who has been studying fingerprinting for more than a decade, believes it will always remain a strange game for Internet companies. All they can do is stay one step ahead of trackers.
“In my opinion,” Laperdrix said, “I don’t think we can completely eliminate fingerprinting without reengineering the way browsers and servers work.”