DEV Community

Cover image for A deep-dive into browser fingerprinting and privacy
Rutuj Runwal
Rutuj Runwal

Posted on • Edited on

A deep-dive into browser fingerprinting and privacy

Digital Privacy

The standard definition of privacy includes two important elements: “the state of being alone and not being watched or interrupted by other people.” But when you compare this with the ever-evolving digital world this definition begins to diminish.

When you are scrolling through say a social media app, you are physically alone but are you alone digitally?
Do you remember one of those instances where you talk about buying a product on an app and suddenly your whole browsing experience is interrupted by ads pertaining to that product?

So does that mean someone is spying on me?
Tracking my every move? My interests,likes,dislikes,purchases?!

Well, the answer to this is in some capacity both yes and no
You are a data point.
A data point is a discrete unit of information that when gathered in large amounts can be used to create a digital profile that can be leveraged by a company for business growth.

The blurring lines between data collection and privacy

Data is important, it helps businesses make appropriate decisions and it is crucial to get the right data at the right time. A website/service/application can collect data for the following use cases:

  • Audience Demographic Analysis
  • Find out section(s) of the website that get most interactivity(And improving the user experience for the onces that don't)
  • Protect against hacks
  • Detect and Block Malicious Access
  • Check if user is a bot
  • Verifying Ad revenue generation and providing tailored recommendations
  • Telemetry and "Anonymous" Usage Statistics

Data is necessary but a check is needed to find out the amount and kind of data some services collect. Take a look at the key-value pairs collected by a popular framework.It includes(but is not limited to) Users Geo location,The time of the visit,Whether user has a VPN service,Interaction with the content,Advertisments displayed to the user,Interaction with the advertisment,Interest based classification of user habits and so on.
Data Collection

Browser Fingerprinting

So now that we know what kind of data collection is possible from the user side let's take a quick look at what is possible to get from the browser itself.
A device fingerprint, machine fingerprint, or browser fingerprint is information collected about your device for the purpose of unique identification or "fingerprinting". Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off. Just like our " fingerprints" are unique to you,digital fingerprints are unique to your browser.
Take a look at this excerpt of a script from doubleclick-net[A robust tracking network] employing fingerprinting technology.The code is obfuscated and minified but after pretty-printing,the snippet occurs at about line 8095:

doubleclick.net tracking

This script extracts information like the type of operating system you use,screen resolution,timezone,if Js is enabled or not,browser type and version,language,active plugins,installed fonts,CPU class
device memory and various other settings.

Enforcing Privacy

To check how much fingerprinting data is sent out from your browser take a look at:
https://coveryourtracks.eff.org/
OR
https://amiunique.org/

To take back control of your private data and limit the amount of tracking by using open-source research-driven tools.

Browser Extensions

There are a few modern open-source browser extensions that you can use to enforce privacy.
Ublock Origin:
https://github.com/gorhill/uBlock/blob/master/README.md
RR Adblocker:
https://github.com/Rutuj-Runwal/RR-Adblocker/blob/main/README.md

You can test these products with a quick adblocker test(also opensource): Adblocker Test

Techniques

Modern web-browsers allow extensions to apply many techniques to limit tracking including filtering of requests based on pre-set lists,regEx,blocking 3rd party cookies,prioritizing HTTPS.
Recent advances in AI and deeplearning have also been tested and will be soon phased in browser extensions
Reference 1, Reference 2

Creating a context-menu malware scanner: Here
Let's Connect: Linkedin
Thank you 😇
Cheers!

Top comments (0)