Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Browser fingerprints, and why they are so hard to erase

Lance Cottrell, chief scientist, Ntrepid | Feb. 18, 2015
Since the fingerprint is derived from a host of system-based characteristics, circumvention is far more complex than the historical process of deleting cookies.

Web advertisers and many others have long appreciated the volumes of information they can collect on us based only on our web browsing patterns. The data can be quite telling, revealing our locations, incomes, family status, interests and many other facts that advertisers can use to target you.

Understandably, most of us would prefer that "big brother like" advertising networks aren't always watching over our shoulder, while going about regular activities including product research and purchase option exploration and especially not while investigating medical or other highly sensitive topics.

With this in mind, it only makes sense to spend a little extra time to remain anonymous while browsing. In addition to tracking, identification can result in sites blocking access to pertinent data, showing higher prices, or in the worst-case scenario intentionally directing you to inaccurate or misleading information capable of completely derailing your efforts.

As such, most users concerned with their Internet privacy commonly delete browser cookies. However, as tracking technologies continue to evolve, the practice of deleting cookies has become much less effective at shielding a user who is trying to avoid detection. This has understandably led to users embracing a host of other solutions including "Incognito" or "Private Browsing" modes to automatically stop cookies and using VPNs or other IP masking tactics.

Most of these attempts at anonymity fail to fully shield a user for one reason: the growing power of the frustratingly sticky browser fingerprint.

What's in a Fingerprint?

Browser fingerprinting is an increasingly common yet rarely discussed technique of identifying an individual user by the unique patterns of information visible whenever a computer visits a website. The information collected is quite comprehensive and often includes the browser type and version, operating system and version, screen resolution, supported fonts, plugins, time zone, language and font preferences, and even hardware configurations. These identifiers may seem generic and not at all personally identifying, yet typically only one in several million people have exactly the same specifications as you.

A quick look here (https://panopticlick.eff.org) provides a glimpse of the type of information any website can see about you, and also shines a light on the uniqueness of your individual configuration.

The browser fingerprint technique took another big step in 2012 with the release of the Mowery and Shacham paper, which focused primarily on the effectiveness of the canvas fingerprint. The technique for creating the canvas fingerprint is to give the browser a somewhat complex image to render, capture the actual pixel values produced, which is then hashed down to make the actual fingerprint. This study determined that "fingerprints are inherent when the browser is — for performance and consistency — tied closely to operating system functionality and system hardware." They also summarized the possibility of distinguishing between systems with seemingly identical fingerprints by rendering scenes that stress the underlying hardware.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.