Browser Fingerprinting – Almost 100% Effective at IDing Anyone

Advertisers and web site owners have always wanted to know who is visiting their web sites and tracking interests across web sites.

Early on advertisers used cookies, but then users started blocking cookies or erasing them.

Then they moved on to Flash cookies which are very hard to erase.  But of course, a lot of people no longer run Flash.  In fact, several browsers (most recently Microsoft Edge on Windows 10) are blocking Flash entirely.

Advertisers and web site owners are never going to give up, of course.  It is too important to them to be able to track your behavior.

Browser fingerprinting has been popular for a little while.  The process uses API calls that the browser provides to characterize the system.  What fonts are installed in what order, the OS version, graphics card features and other parameters are combined to create a profile.  Put that all together and it provides a good picture of the device.

It used to be that browser fingerprinting was around 80% accurate.  Researchers in France last year bumped that up to around 90%.  A new technique from a group of U.S. researchers has bumped it up to over 99%. This new technique has the extra benefit of being able to track users across different browsers, so if you use Chrome sometimes and Firefox other times, this technique still tracks you.

There are ways to defeat this technique but none of them are simple.  Basically, you have to either present fake data to the browser or block the browser from calling certain APIs at all.

For example, there is a new API which allows the browser to see the percentage of charge left in your device’s battery.  While I am sure that you could come up some reason for why this is important, it isn’t that important.  Block the browser’s ability to get an answer to the battery charge and there is one less data element to use in mapping your device.

What you have to be careful about is that you don’t block too much information or the web page might not display correctly.  For example, if the browser tells the web site that your screen size is different than it is, it may not render the web page the way you want it to.

One way that does work is to use the TOR browser since it is designed to make your browsing experience anonymous.  It already disguises a lot of the browser parameters.  Most people are not going to take the performance and inconvenience hit of using TOR, so that is not really practical for most users.

But, stay tuned because as this technique becomes more popular, developers will make browser add-ons to deal with it. There already are some add-ons and there likely will be more.  How well they work – or not – is the next chapter in the cat and mouse game of tracking your actions.

Information for this post came from ZDNet.

Leave a Reply

Your email address will not be published. Required fields are marked *