Ever heard about browser fingerprinting? If Yes, you might be a privacy freak. If Not, do you care about your privacy in the World Wide Web? Well, if you belong to either, this article will help you to cover up or fill up what you have already interested in or known.
Browser fingerprinting is one of the latest trending user tracking methods and is widely used in major tracking companies (Like Google and Facebook). Whatever you type, post or browse through, over 70% of the data is obviously being tracked by the above-mentioned companies. They are using cookies and session data to track you throughout the websites no matter how many browser tabs you have opened. Even when you leave a website, the cookie will be retained to track you later. However, as the security and privacy needs arise, the privacy conscious people are more magnetified towards keeping their data and session state safe from the major tracking companies. They use ad-blockers, private browsing tabs. And Firefox has recently added the tracking cookie blocking feature by default. Which minimises the uniquely identifiable information from exposing to the tracking companies. It alone is not enough. The website owners can still track the user by the HTTPS Headers. Which exposes identifiable information such as Browser vendor, version, OS, screen resolution, time zone, installed fonts, default language, use of AdBlock etc. By adding all of these data at once, a unique fingerprint can be created. This is called the ‘Browser Fingerprinting’. As an example, even if we use a widely using OS, Browser version, Default language, it can still identify you by the screen resolution, and the time-zone (Specially for Sri Lanka). Which is inflexible to change on our own. The most dangerous thing is they can track you even if you browse through the incognito tabs offered by browsers. Just think that you have just logged in to the Gmail and you have opened a new incognito window and do anonymous online shopping without logging in, they can still identify you and may display ads based on that. Which will not limit by that, also they will sell your data to third parties where they could provide you with free services. You were always the product. That is the cost of free services.
Most effective and one-shot ways
- Use Tor browser. Which is open source and it uses virtual tunnels where the connection goes through many tunnels and then lands on the website we are requesting. And the website could not identify us as a unique person and even if they identified, it will not be effective for them to keep our state as every Tor user uses the connection and thus, the fingerprint gets blurred. This is the best and easiest way. But the performance is slow. And using the widely known Google search is much harder as it asks to fill up a captcha to verify we are not bots. Alternatively, we could use the DuckDuckGo search engine which respects privacy. And it has an onion site too.
General, most practical and flexible methods
- Use Firefox 🦊 as the default web browser. It is open source and built for privacy from the ground-up. Google Chrome is not open source, which means only the Google knows what happen inside the browser backend. Which is tricky. Some of you could still argue about the fact that the Chrome is widely used and Thus having a common fingerprint. No. Even if it is true, the browser is made by a well-known tracking company. Would you trust them? Someone who does not reveal the browser source code!!
- In Firefox, there is a specific property to be changed to have a minimised fingerprint. It is not enabled by default as it is harder for the browser and the websites to debug the issues arise in a global point of view. To enable that, type ‘about:config’ in the browser address bar in Firefox. And then click on ‘I accept the risk’. Inside the browser window, search for ‘privacy.resistFingerprinting’ and make it to ‘true’ by clicking on it twice. Close and Open the browser and you might feel that your browser window size is changed. Yes, it is changed to provide a commonly used screen resolution value to the tracking party. And the advanced tracking features such as canvas fingerprinting is also minimised in this mode. Some of the websites might not work as expected. However, more than 90% of the websites I have browsed with this configuration is working fine without any issues.
Update: Firefox 67 has an option to prevent websites from fingerprinting.
Update 2: Firefox 72 (Released on 7th Jan 2020) blocks fingerprinting scripts by default.
- On top of the above methods, use Private browsing mode 👓 . It will also minimise the tracking caused by cookies.
That is all for now. I will come up with some privacy focused articles in upcoming days. Happy surfing 🌈😀.