Web Fingerprinting Gets Frighteningly Good: Sees Through VPNs and Incognito Mode
Web fingerprinting is not a new technique to identify visitors on the Internet, but it is a technique that has become frighteningly good in recent time.
Fingerprinting describes a set of methods that sites and advertisers use to track users across the Internet. These methods do not rely on cookies and other common forms of tracking, which mostly rely on storing data on user devices, but use device parameters and other information to compute a fingerprint.
It should not come as a surprise that some browsers, mostly those focused on privacy, have implemented anti-fingerprinting protections in recent years. Brave Browser introduced language and font fingerprinting protections in 2022, and Mozilla's Firefox web browser anti-fingerprinting protections as part of the browser's Tracking Protection feature.
While some web browser makers have upgraded defenses to protect against fingerprinting, developers of fingerprinting solutions have also made advancements. Take Fingerprint as an example; the web service promises that its commercial solution has a 99.5% accuracy. In other words: it can identify 995 out of 1000 returning visitors correctly, even if these visitors clear browsing data, use a VPN connection or switch to private browsing modes.
The company advertises it as a solution against fraud, account takeovers and spam, and it can very well be used for that.
Local tests done in several web browsers confirmed the accuracy. The website identified three visits using Firefox, Firefox with private browsing mode and Firefox with private browsing mode and a VPN connection, as coming from the same user.
Similarly, it identified the same user correctly in Brave, Google Chrome and Microsoft Edge. The only browser that it could not detect correctly was Tor Browser. Firefox users who have enabled fingerprinting protection in the browser manually are also not identified as a single user by the site's script.
It is necessary to set the preference privacy.resistFingerprinting to TRUE on about:config. Please note that doing so may result in some usability issues when using the browser.
The script did not connect visits across different web browsers, only when the same browser was used.
Fingerprint offers an open source version of the script, which is less accurate, as it lacks some advanced features, and a commercial script, which uses machine learning and additional techniques to improve the accuracy significantly.
How to protect against fingerprinting
Internet users have two main options when it comes to protections against fingerprinting-based tracking. Either use a browser with proper protections against these types of tracking, Tor Browser or Firefox with privacy.resistFingerprinting set to TRUE are two valid options, or use different web browsers for different tasks.
Now You: do you use protection against fingerprinting? (via Bitestring)Advertisement