Everyday people use a device to scroll through their email, news, or social medias, and along these digital adventures we are being tracked. Our computer browsers and devices need to know some specific information about us to render pages in specific ways to create a single user experience across all devices. However, they don't "need" to save or track that data and thus, they create a digital 'fingerprint', or profile, of us.
What is 'browser fingerprinting'?
Though originally used by security experts, browser fingerprinting is the process of collecting data from a user/user's digital experience(s) and compiling it into a profile about them. These can be things such as screen size, location, time spent on a page, and even amount of scrolling before changing pages or shutting off the device(s) screen. All of these actions, and more, can be used to make user experiences better and ads more relevant to the user or general data collection/tracking of a user.
Major companies like Youtube use this data to track a user and how they move across the site and determine the the best ways to keep them on it longer or get them to click ads.
What and how is data collected for fingerprinting?
An array of collected attributes is compressed into a shorter ID number using a cryptographic “hash” function that is only executed locally and never leaves your device. Then JavaScript on a site is used to detect information about your particular device. Your “user-agent” print is used to identify what browser and platform you are using.
Two interesting data points you’ll in the "user-agent" information pertains to "animating on the cover are the “font-list” and a “canvas-hash.” The former is the list of fonts you have installed on your computer. Browsers need access to your fonts in order to render the texts on your screen, but because users often add to the list of fonts that come default on their devices, this can become a particularly effective way to identify you online. The “canvas-hash” is perhaps the most unique characteristic. The HTML5 canvas is used by developers to draw 2D and 3D graphics in the browser using JavaScript." (3)
Can it be prevented and how?
According to Nick Briz of Mozila "Once it has been assembled, your digital fingerprint is persistently accurate. With recent developments in cross-browser fingerprinting, this technique is capable of successfully identifying users 99% of the time. That means even if you were to employ multiple recommended privacy precautions (masking your IP address through a VPN and deleting or blocking cookies) trackers can still use your digital fingerprint to re-identify and re-cookie your device when you visit a website." (3)
GDPR and the digital fingerprint
With the General Data Protection Regulation (GDPR) in place the general public has become more aware of their personal data in the world as the GDPR looks to protect any personal data that might be linked to an identifiable individual. "This definition not only covers all sorts of online identifiers (such as your computer’s MAC address, your networks’ IP address, or an advertising user ID in a cookie) but also less specific features — including the combination of browser characteristics that fingerprinting relies upon." (6)
Sad to say though that this does not seem to completely stop the digital fingerprint as every entity processing personal data can simply prove that they have grounds to legitimately do so... or have the user opt into cookies to be tracked.
In my opinion...
This is my own fingerprint from Amiunique.org. As it shows I am currently on a MAC with a Chrome browser that I am logged into. These are popular things to use but, as of writing this, because of my usage and particular add extensions my "full fingerprint is unique among the 1083878 collected so far." (5)
In my debatable opinion, I don't care a lot if I am being tracked in my day-to-day usage. I know this is happening and the more I blend in with the crowd... the better. The more that my data shown to the world looks less unique and less like something that should be looked at in detail the happier I am... for now.
Top comments (5)
Thanks DaNeil for the post.
Scary how I can be tracked with the digital fingerprint (even though I use VPN).
Hi Sung,
Thanks for the comment! As far as I understand it, unless you are able to hide your Internet traffic completely a site can still track you. It might be more "anonymous" but they are still able to make a bit of a unique profile on the information that they get and don't get. The lack of specific information is still information. And depending if they sell their data or can pool it with a parent company, they might be able to piece together a pattern out of their profile.
Thank you for the detailed information, DaNeil 😀
So would there be no way to mask the identity (say even using Tor Browser)?
As DaNeil wrote -
Browsers expose so many environment "variables", the very specific combination of them all make you unique. If you generalize your IP, it is just one variable, which even then can be narrowed down to IP ranges used by your VPN provider and VPN nodes (endpoint locations) you connect most often.
I bet, the best option is to hide in plain sight, even then it could be hard - being too generic in all positions is something unique. It's hard to fool statistics and analytics.
Use Brave browser everyone!