Browser fingerprinting happens when websites use special scripts to collect enough information about you — such as your browser, timezone, default language, and more — that they can uniquely identify you out of the sea of other internet users. Keep reading to learn how browser fingerprinting works and how privacy tools like Avast Secure Browser can help prevent it.
This article contains:
What exactly can scripts find out? They can determine a lot about the device you’re using, such as its operating system, your browser, the software installed on your device, what timezone you’re in, which language you’re reading in, whether you use an ad blocker, your screen’s resolution and color depth, all the browser extensions you’ve installed, and even more granular technical specifications about your graphics card, drivers, and more.
Imagine you want to identify a person in a crowd: you can do so by listing their attributes and other defining features. For example, you could describe someone as a woman with long blond hair, a red shirt with a white collar, a grey skirt, black shoes, red lipstick, etc. With enough attributes, it’s easy to identify this woman, even in a crowd of other people.
Browser fingerprinting provides enough specific attributes about your device and its settings that you can be reliably identified out of a crowd of internet users.
Similarly, browser fingerprinting provides enough specific attributes about your device and its settings that you can be reliably identified out of a crowd, even the extremely large crowd of millions of internet users and billions of devices. In fact, device fingerprinting can identify users with 90 to 99% accuracy.
Not convinced you could actually be identified? Try it for yourself: Visit AmIUnique, a research project that helps developers identify techniques to fight back against fingerprinting. You’ll see how easily identifiable you are based on your fingerprint. AmIUnique shows me, for example, that my fingerprint is unique among the more than two million fingerprints in their dataset. I can also see the 75+ attributes they use to identify me in a matter of seconds.
Cookies and fingerprinting are completely different. While digital fingerprinting is a new concept to many, you might be more familiar with tracking cookies, which are also able to follow you around the web.
One difference between fingerprinting and cookies is that the latter are regulated (at least in the European Union), meaning that websites are required to notify you and gain your permission to use them. (These notifications are those annoying pop-ups you see on most websites.) That is not the case for digital fingerprinting, which happens silently and without your knowledge or consent. And unfortunately, browser fingerprinting scripts are indistinguishable from all the other scripts required to make a website function.
And while you can delete your cookies, there’s no way to delete your browser fingerprint. Your fingerprint allows you to be identified as the same user when you revisit sites or visit other sites around the web that employ fingerprinting. Put together, information from your browsing activity provides a clear picture of your online history, preferences, hobbies, and even life circumstances — it identifies you even when you’re not logged in to a site or if you’re using incognito or private browsing mode.
Browser fingerprinting works because websites use scripts that run in the background of your browser. Today’s web browsers have built-in software functions called APIs, which can be used by website scripts to collect information. Generally, scripts are designed for legitimate purposes like rendering videos or photos. If we were to block them, then most websites wouldn’t run properly — they’d “break.”
That means there’s no way for someone to know when websites are collecting their personal information, because fingerprinting scripts look just like any other script running on a website. These scripts collect the attributes — device specifications, OS, browser settings and plug-ins, user agents, audio and video capabilities, timezone, and more — that can be compiled into a “hash” or digital fingerprint.
Many website owners and ad networks share browser fingerprinting functionality to perform cross-site tracking. That means they use your online fingerprint to track you across the web, and collect intimate details about you: your search history, shopping and news preferences, and more.
Your digital fingerprint, or hash, follows you around the web.
With the help of the following advanced techniques, fingerprinting online allows websites to identify individuals with an extremely high degree of accuracy.
Canvas fingerprinting: Canvas fingerprinting uses the HTML5 canvas element to force your browser to draw an image or some text. This occurs invisibly in the background, so you won’t see it happening. But the precise way your browser renders the image/text provides detailed information about your font style, graphics card, drivers, web browser, and OS. Canvas fingerprinting is one of the most widely used digital fingerprinting techniques.
WebGL fingerprinting and rendering fingerprinting: Like canvas fingerprinting, these two techniques force your browser to render images off-screen and then use these images to infer information about your device’s hardware and graphics system.
Device fingerprinting: While device fingerprinting is often used synonymously with browser fingerprinting, it also refers to a particular technique that uncovers a list of all the media devices (and their IDs) on your PC. That includes internal media components such as your audio and video card, as well as any connected devices like headphones.
Audio fingerprinting: Rather than forcing your browser to render an image, audio fingerprinting tests the way your device plays sound. The resulting sound waves provide information on your device’s audio stack, including specifications about its drivers, sound hardware, and software.
Once you’ve been tracked, a profile can be compiled that includes intimate details about your life. That profile can be sold to data brokers, who are already hard at work compiling as much information as possible about everyone. Data brokers combine offline information (from public records, offline loyalty cards, and other sources) with online information, and the precise details from your device fingerprint are just what they need to complete their files. Data brokers then market this information, often selling it to advertisers who use it to target you more effectively.
Strong anti-tracking software disguises your browser fingerprint and helps prevent advertisers from knowing who you are. Avast AntiTrack blocks trackers on every site you visit, and our advanced anti-fingerprinting technology keeps your identity safe against even the most advanced tracking techniques.
Browser fingerprinting is mainly used for web tracking. It’s a more secretive way to track people than simply using tracking cookies, which require consent. But what do companies do with the information they collect? The large majority use this data to advertise to you and personalize your experience online. While being served personalized ads may not seem like a serious issue, the amount of information collected through digital fingerprinting and other tracking methods has the potential to be used quite nefariously.
Just imagine how much sensitive data is included in your online search history. If you search for chest pain, that information becomes part of your search history, which is included in the information that data brokers buy and sell. That means when a data broker later sells your search history to a health insurance company, the insurance company could infer that you’re at risk of heart disease and increase your rates.
If a health insurance company has access to your search history, they might think you’re at risk of heart disease and increase your rates.
Dynamic pricing is another example of how browser fingerprinting is used. Most people are aware that travel and ecommerce sites can and do adjust prices based on various factors. If browser fingerprinting pinpoints your location in an affluent area, you can expect prices to rise on almost everything you see online: airline tickets, clothes and other products, apps with subscription services, and more.
Browser fingerprinting can reveal lots of information about your finances and buying habits.
Those are just a few examples. As device fingerprinting becomes more prevalent and more accurate, companies will have increasing amounts of information about you — and more ways to wield this information to their advantage. It’s concerning, to say the least.
To protect yourself against online fingerprinting, consider using a privacy-focused browser like Avast Secure Browser. Our browser masks your digital identity and confuses website scripts so that they can’t collect accurate information to build your digital fingerprint. Download it today to get free protection against insidious online tracking.
But it’s not all doom and gloom: there are a few legitimate uses of browser fingerprinting. It can be used to identify the characteristics of botnets to help prevent DDoS attacks. Fingerprinting can also help to identify fraud and other suspicious activity. Banks use browser fingerprinting to detect potential identity theft and banking fraud.
Yes, browser fingerprinting is legal in most areas (as of this writing). In the European Union, the General Data Protection Regulation (GDPR) requires companies to get consent from users before tracking them with cookies. An additional law, the ePrivacy Regulation, is supposed to address browser fingerprinting — but it still hasn’t come into effect.
The US doesn’t have national laws on data protection. The California Consumer Privacy Act (CCPA) and Vermont’s Data Broker Law attempt to regulate some forms of online tracking and data collection, but they don’t address online fingerprinting.
In fact, some people think that device fingerprinting was actually developed to circumvent regulations like GDPR and CCPA, which focus on protecting personally identifiable information by regulating tracking cookies.
Without sophisticated tools, browser fingerprinting is extremely difficult to avoid. The normal privacy tricks — like using private browsing or Incognito mode, cleaning your cookies or search history, or using an ad blocker or a VPN — can’t prevent browser fingerprinting. In fact, it’s such an insidious and pervasive tracking technique that even if you use all of the privacy tactics we just mentioned, your unique fingerprint is still identifiable.
But don’t despair — there are ways to fight back against online fingerprinting. While it’s impossible to shut off the website scripts that collect your personal data, because websites wouldn’t work without them, you can confuse the scripts by using two techniques: generalization and randomization.
Generalization refers to manipulating browser API results to make you seem generic. In other words, it masks your unique attributes and helps you blend in with the crowd.
Randomization changes your attributes periodically so that your fingerprint is constantly changing and you can’t be reliably identified.
But how can the average person use generalization and randomization to hide? You’ll need to rely on a tool or service to do it for you. Avast AntiTrack uses advanced anti-fingerprinting technology to insert fake data when scripts attempt to collect your digital attributes. That lets the scripts continue to run (to avoid breaking website functionality), while hiding your true personal information so that it can’t be collected.
Avast AntiTrack also warns you of tracking attempts so you can see exactly which sites are trying to track you. And it’ll periodically clear your browsing history and cookies to ensure maximum privacy. Download it today to keep advertisers, data brokers, and other privacy invaders off your back.
Another option is to use a browser that offers built-in anti-fingerprinting protection. As more advertisers use online fingerprinting, some browsers are starting to fight back with various anti-fingerprinting measures. Tor Browser generalizes users, while Brave Browser uses randomization and Firefox simply tries to block specific fingerprinting scripts.
Avast Secure Browser offers the most comprehensive protection by employing both generalization and randomization (depending on the site). Specifically designed to prevent all known forms of browser fingerprinting, Avast Secure Browser offers advanced privacy without breaking websites, to make sure you get an optimal browsing experience without sacrificing your privacy.
These days, it’s safe to assume that you’re being tracked every time you log on. But you don’t have to put up with it! Built by the same cybersecurity engineers who painstakingly protect hundreds of millions of users worldwide, Avast Secure Browser is one of the most sophisticated anti-fingerprinting solutions out there.
From canvas fingerprinting, to audio fingerprinting, and everything in between, Avast Secure Browser stops trackers from accessing your personal information. Our browser also offers Adblock, Anti-Phishing, Stealth Mode, a password manager, and loads of additional privacy features. And, because we believe that anyone who uses the internet should be able to do so without being tracked or mined, we’ve made it completely free. Download it today to get essential digital privacy.