• November 16, 2024

Web Fingerprinting

This is Your Digital Fingerprint - The Mozilla Blog

This is Your Digital Fingerprint – The Mozilla Blog

Mozilla invited Chicago-based teacher and activist Nick Briz to explain how people are tracked, surveilled and monetized on the web. In the fall, Nick will be leading a speaker series in Chicago on how date rules everything around us (the D. R. E. A. M series).
This piece was originally published in The Disconnect.
Today, anonymity is no longer the default of the web. While still free, the internet that was once predicated on privacy is now dominated by the information economy. For the sake of capital, tech firms and advertisers track, identify, and monetize our every move across the digital landscape, touting this exploitation as a method for a more personalized and convenient digital experience.
Even so, there is an overwhelming understanding of the importance of privacy. In 2015, at least 90% of Americans reported that privacy is “very important” to them, according to a survey by the Pew Research Center. For this reason, savvy internet users install ad-blockers to ward off malicious cookies, while savvier users will use VPN software to mask their true IP addresses. Even casual internet users clear their cookie cache now and again or use private browsing functions.
However, even as awareness grows, many users regard online surveillance as the nature of the modern web, complacently agreeing to the terms and conditions and accepting constant monitoring as a necessary trade-off for a taste of convenience and personalization. This view is a risk to the fundamental values of liberty that define privacy as a right.
This brings us to your digital fingerprint, which is made up of tiny bits of your personal data. This distinct, data-driven identifier is currently in the possession of countless corporate entities. The artwork above is a visual representation of your unique fingerprint, and it uses the same data as those corporations. (Curious how we did this? See the addendum. ) It was created to serve as a reminder that we’re never truly anonymous online and, just as you have a right to privacy, you have a right to know when and how that privacy is being violated.
Understanding how specific tracking methods work should not be the exclusive domain of those who seek to capitalize on your web activity. In this case, we will be shedding light on a widely used yet rarely discussed tracking technique: browser fingerprinting.
What is Browser Fingerprinting?
Initially developed for security purposes, browser fingerprinting (also known as device fingerprinting) is a tracking technique capable of identifying individual users based on their browser and device settings. In order for websites to display correctly, your browser makes certain information available about your device, including your screen resolution, operating system, location, and language settings. These details essentially make up the ridges of your digital fingerprint.
Much like detectives piecing together clues from a crime scene, trackers can assemble this data into a recognizable “fingerprint” and then use this identifier to trace your activity across the web. It might seem impractical to derive a unique fingerprint from a pool of innocuous settings and data, but considering the number of browsers and configurations available to a given user, there are a lot of possible combinations. In fact, the fingerprint of the laptop we wrote this piece on was completely unique among the 1. 7 million fingerprints collected by Electronic Frontier Foundation’s Panopticlick tool.
In addition, once it has been assembled, your digital fingerprint is persistently accurate. With recent developments in cross-browser fingerprinting, this technique is capable of successfully identifying users 99% of the time. That means even if you were to employ multiple recommended privacy precautions (masking your IP address through a VPN and deleting or blocking cookies) trackers can still use your digital fingerprint to re-identify and re-cookie your device when you visit a website.
A VPN can protect your identity. Find the right one for you in this Internet Citizen blog.
Why is It Used and Who Uses It?
Increased public concern for internet privacy has made precautionary methods more accessible and easier for users to implement, making traditional cookie-based tracking relatively untenable. This decline in cookie efficacy has led trackers to seek out more advanced ways of monitoring their users. Many of the companies that pioneered browser fingerprinting saw this as a commercial opportunity and quickly expanded their services into the world of online tracking.
Browser fingerprinting is just one of many other tracking techniques used by companies known as “data brokers. ” These third-party companies use your digital fingerprint to discreetly trace your activity across the web, collecting little bits of data about you along the way.
While trackers won’t necessarily match your activity with a face or a name, the data they derive from websites you visit, social platforms you use, searches you perform, and content you consume, can be considered personally identifiable. With this data, brokers build a general profile of who you are (age range, location, language, interests, etc. ) and sell this insight to advertisers and marketers who use it to relentlessly serve you personalized ads and content recommendations across the web.
While they are overwhelmingly used to violate user privacy, fingerprinting and other online tracking techniques are not all bad. For one, browser fingerprinting technologies are still used for the security and authentication purposes they were initially developed for: to prevent software piracy, identity theft, and credit card fraud among other security risks. For example, software security firms such as Sift Science offer enterprise solutions that employ fingerprinting technologies to help websites track, identify, and block “the bad guys. ”
On a larger scale, these tracking techniques, and the intrusive ads they facilitate, make the modern internet possible. The large players that arguably shape the course of the web sustain their businesses on the profits made through targeted online advertising. In 2017, both Alphabet (Google’s parent company) and Facebook made an overwhelming majority of their total profits through digital advertising—88% and 97%, respectively. Online advertising also plays a crucial role in supporting free journalism and keeping media outlets afloat. Without ads, we’d have very limited options for staying informed.
Privacy is clearly a difficult challenge to tackle in an increasingly digitized world. On one hand, companies consistently violate our privacy and exploit our data, while on the other, they make the web as we know it a sustainable hub for information and social connection. Some accept this condition as the nature of the web—just something that we have to deal with to ensure two-day shipping. However, you shouldn’t have to decide between privacy or convenience every time you open your laptop or pick up your phone. We should have equal access to privacy and convenience. Is it possible for us users to have our cake and eat it too?
Mozilla podcast, IRL, discussed helpful ways to breakout of social media bubbles. Platforms use our digital fingerprint to serve us content that sometimes cuts off from others who don’t share our point of view.
What Can We Do?
The most obvious approach to this dilemma is to protect yourself by any means necessary. That entails employing all the appropriate measures to ensure your privacy. However, due to its nature, browser fingerprinting is not easy to circumvent. While it’s technically possible to thwart this technique by exclusively using the privacy-focused Tor Browser or by blocking all JavaScript with a browser add-on like NoScript, to say these options are impractical is an understatement. (NoScript renders most websites you visit, including The Disconnect, virtually unusable. ) It’s also worth noting that some measures, while intended to improve your privacy, can actually make a browser more distinct and therefore easier to fingerprint and identify.
A simpler (and arguably more effective) approach to this dilemma is education. As stated earlier, it is important to understand how your privacy is being violated—not to make you feel scared or apathetic, but to make you aware, which is our exact purpose for writing this piece. Improving our current digital circumstances starts with education. A true calibrated response to our current fingerprinting situation should include advocacy and innovation, but for either to be effective, a bit of digital literacy is a prerequisite.
Education reinforces consumer advocacy. Though policy has been relatively slow to react to our privacy concerns, consumers saw a major win earlier this year with the General Data Protection Regulation (GDPR), which is a new set of European Union rules aimed at giving users more control over their personal data online (and the reason for all those “privacy update” emails that flooded your inbox). It has only recently gone into effect, so we’ve yet to see how this might affect browser fingerprinting; however, the GDPR is a testament to the positive results that can come from consumer advocacy.
In addition, spreading knowledge of how our privacy is currently handled creates a larger demand for privacy-focused developers and entrepreneurs. Armed with an understanding of our current circumstances, these individuals will be able to effectively question the ways in which the internet works for us and against us, allowing them to develop new, creative, and practical ideas that protect the future of online privacy as well as allow companies to prosper and profit on the web. In an industry defined by innovation, we can’t be completely out of ideas, right?
In order to truly reform online tracking practices, we must understand the issue in its entirety. This means that, in addition to understanding the conditions and technologies we’re up against, we must also understand the importance and value of privacy.
Firefox keeps your data safe. Never sold.
Download Firefox
Why is Privacy Important?
Privacy is often seen merely as a safeguard against prying eyes and exploitative corporate entities. However, to summarize the ideas of Georgetown University law professor Julie E. Cohen, privacy is more than an instrument to advance liberty or check control. It is a buffer for self-development free from the influence of society and culture. It enables all the factors we need to develop distinct identities: autonomy, free thought, creativity, experimentation, and exploration. And through this same buffer, we are afforded the resources to discover the type of society we want to be a part of and the steps we need to take to get there. These are decisions we need to make while we still have the agency to do so.
By regarding the internet as unregulable, we are giving companies the green-light to continue building technologies (like browser fingerprinting) that have the potential to manipulate the way in which people think and behave, setting society on a path mirroring a dystopian sci-fi. Surveillance creates an environment that breeds conformity, obedience, and submission; the very ingredients that define the totalitarian societies feared by the likes of Orwell, Bradbury, and Huxley. And as things stand now, it feels as if we are moving in this direction.
Because data is the lifeblood for developing the systems of the future, companies are continuously working to ensure they can harvest data from every aspect of our lives. As you read this, companies are actively developing new code and technologies that seek to exploit our data at the physical level. Good examples of this include the quantified self movement (or “lifelogging”) and the Internet of Things. These initiatives expand data collection beyond our web activity and into our physical lives by creating a network of connected appliances and devices, which, if current circumstances persist, probably have their own trackable fingerprints. From these initiatives, Ben Tarnoff of Logic Magazine concludes that “because any moment may be valuable, every moment must be made into data. This is the logical conclusion of our current trajectory: the total enclosure of reality by capital. ” More data, more profit, more exploitation, less privacy.
In a recent interview with O’Reily Media, author and digital rights activist Cory Doctorow paraphrases Harvard Law School professor Lawrence Lessig’s four modalities of regulation: “…the world is influenced by four forces: 1) code, what’s technologically possible, 2) law, what’s legally available, 3) norms, what’s socially acceptable, and 4) markets, what’s profitable. ” Together, these forces are what regulate the internet. Lessig’s modalities suggest that if privacy is not a priority and there are no incentives for it, then the technologies built under these circumstances will not provide it. By this reasoning, the key to preventing device fingerprinting and similar privacy-killers from developing any further boils down to normative intervention. Norms dictate what is profitable; therefore, we get to choose how these forces should regulate. The choice is not whether the web should be regulated or not, rather it is whether we, the users, should be present in choosing the code that will ultimately choose our values as a society.
While markets may drive the development of device fingerprinting techniques, we need to look to what Lessig describes as “technologically possible” in order to truly regain agency in this space. Through proper education, relentless advocacy, and creative innovation, we can evolve social norms to prioritize online privacy. And even though we may have already seen new regulations drafted to reflect this shift in social norms, there is still quite a bit of work to be done. In the cat and mouse game for online privacy, device fingerprinting currently gives trackers the advantage. If that makes you feel powerless, it shouldn’t. Remember that control over our data and agency online is a never-ending negotiation. Digital rights, like all human rights, must continually be defended
(For more information on the various data points used in creating your unique device fingerprint, see the addendum. )
Addendum: How We Get Your Fingerprint
The strings of text that make up the ridges of the algorithmically-generated fingerprint in the piece above are unique to you and are made up of the same data points used by commercial device fingerprinting. Typically, this array of attributes is compressed into a shorter ID number using a cryptographic “hash” function. It’s worth noting at this point that The Disconnect is not tracking its readers’ fingerprints and thus isn’t hashing these attributes to send that unique ID back to The Disconnect’s server. Instead, the code used to render the piece is only ever executed locally and never leaves your device.
So what are these attributes and how do websites get access to them? JavaScript, the de facto programming language of the internet, is regularly used to convert simple websites into interactive applications like Google Maps. In order for these web applications to work properly, the web developer often uses JavaScript to detect information about your particular device. If you are on a desktop or laptop browser, you can actually do this yourself using your browser’s JavaScript Console:
Firefox: Control+Shift+K (or Command+Shift+K on Mac)
Chrome: Control+Shift+J (or Command+Shift+J on Mac).
Safari: Command+Option+C
Edge: F12
Once open, type erAgent and hit enter. You should see your device’s “user-agent” print to that console. The “user-agent” is used to identify what browser and platform you are using.
The “user-agent” is the first bit of data you’ll see on the cover. This is followed by other information specific to your browser like the current language it’s set to (nguage), whether or not you have “do-no-track” set (NotTrack) and a list of any plugins (ugins) you may have installed. This is followed by information about your device including your screen’s resolution ( and) and color-depth (lorDepth), what time zone your clock is set to (TimeFormat(). resolvedOptions(). timeZone) the platform underlining your operating system (atform), how many CPU-cores your computer has (navigator. hardwareConcurrency), what GPU (or graphics processor) vendor and renderer is and whether or not you’re on a touch device. After this you’ll see a list of storage types and whether or not your browser supports them. Printing the GPU and touch information to the console requires a bit more code than the previous attributes, but you can view a fully annotated version of the source code behind the cover art here if you’re curious to learn more.
The last two data points you’ll see animating on the cover are the “font-list” and a “canvas-hash. ” The former is the list of fonts you have installed on your computer. Browsers need access to your fonts in order to render the texts on your screen, but because users often add to the list of fonts that come default on their devices, this can become a particularly effective way to identify you online. The “canvas-hash” is perhaps the most unique characteristic. The HTML5 canvas is used by developers to draw 2D and 3D graphics in the browser using JavaScript. Though the same canvas code executed on different devices will render images that appear the same to our eyes, because of a list of differences among devices, the images will not be 100% identical at the pixel level. For this reason, when the pixel data of a rendered canvas image is sent through a cryptographic “hash” function, the resulting ID will be unique to that device and thus ideal for fingerprinting.
———————————————————————————————————————————-
Want More?
If you’re interested in learning more about the attention economy, check out Mozilla’s original podcast IRL: Online Life is Real Life. In IRL’s Paid Attention episode, explore all the ways your attention has become monetized on social media.
Tune In: IRL
What is fingerprinting and why you should block it - Mozilla

What is fingerprinting and why you should block it – Mozilla

What is fingerprinting?
Fingerprinting is a type of online tracking that’s more invasive than ordinary cookie-based tracking. A digital fingerprint is created when a company makes a unique profile of you based on your computer hardware, software, add-ons, and even preferences. Your settings like the screen you use, the fonts installed on your computer, and even your choice of a web browser can all be used to create a fingerprint.
If you have a commonly used laptop, PC or smartphone, it may be harder to uniquely identify your device through fingerprinting. However, the more unique add-ons, fonts, and settings you have, the easier you’ll be likely to find. Companies can use this unique combination of information to create your fingerprint. That’s why Firefox blocks known fingerprinting, so you can still use your favorite extensions, themes and customization without being followed by ads.
Fingerprinting is bad for the web
The practice of fingerprinting allows you to be tracked for months, even when you clear your browser storage or use private browsing mode — disregarding clear indications from you that you don’t want to be tracked. Despite a near complete agreement between standards bodies and browser vendors that fingerprinting is harmful, its use on the web has steadily increased over the past decade.
Firefox blocks fingerprinting
The latest Firefox browser protects you against fingerprinting by blocking third-party requests to companies that are known to participate in fingerprinting. We’ve worked hard to enable this privacy protection while not breaking the websites you enjoy visiting. (Read more here, if you want the technical details. )
And it’s not a deep setting you need to dig around to find. In the latest Firefox browser, fingerprint blocking is the standard, default setting. Visit your privacy protections dashboard to see how you’re being tracked behind the scenes and how Firefox prevents it.
You probably wouldn’t appreciate someone tracking your moves in real life. There’s no reason to accept it online. If you don’t already have Firefox, download and protect yourself from digital fingerprinting.
What is my digital fingerprint? - Medium

What is my digital fingerprint? – Medium

“A man sitting with his arms crossed looking at his laptop” by on UnsplashYour “digital fingerprint” is a combination of data about your web browser and computer that can be used to uniquely identify and track your web browsing. Much like a human fingerprint, you leave a trail of “digital fingerprints” on the web that trackers use to collect personal information about the things you do you noticed advertisements for things you’ve looked at online following you around? That’s one form of online tracking, and it may be because you’ve left your “digital fingerprint” behind. This allows the trackers to see what you read, view, and only do these methods violate your privacy, it also allows the trackers to create a “profile” about your online behavior, with details about nearly everything you’ve done online. These companies may sell or share this information with others, or it may be requested by the government for ackOFF uses state of the art algorithms to intrinsically alter your digital fingerprint in real-time. The beauty of TrackOFF is that it was designed not to disrupt or disturb your browsing experience, as many other privacy products do. It does not block scripts from running, as that could affect the way pages are loaded or displayed, and even break certain page elements. What TrackOFF does is render the tracking scripts useless, by constantly altering and masking your digital fingerprint, so you appear different from one website to ields your identity & private data from fingerprinting techniques. TrackOFF shields your identity from tracking companies by masking your digital fingerprint. When you see “Your Digital Fingerprint Changed! ” in TrackOFF, rest assured that your digital fingeprint is protected. Bonus: TrackOFF also allows you to clear all of your web browsers’ cookies and history with one-click. Click here to purchase and activate your regularly clear your cookies & browsing history. Digital fingerprinting is starting to replace the use of cookies, but some tracking companies still use them, so it’s a good idea to remove them if you’re not using private browsing all the additional privacy? For additional privacy protection, you may consider using private browsing mode. Private browsing mode will allow you to browse the web without storing any cookies or history data after you close the browser window. All of the popular web browsers (Google Chrome, Firefox, and Internet Explorer) have private browsing modes:Chrome users: Select the “File” menu in the top right of the screen, and then select “New Incognito Window. ”Firefox users: Select the “File” menu in the top right of the screen, and then select “New Private Window. ”Internet Explorer users: You can start InPrivate Browsing from the Safety menu, by pressing Ctrl+Shift+P, or from the New Tab page. I hope this article helped you understand how online tracking works, and the steps you can take to protect yourself. If you have any questions, I love speaking to readers and helping others learn how to protect their privacy. You can reach me at my e-mail Flach, Chief Technology Officer, TrackOFF

Frequently Asked Questions about web fingerprinting

What is fingerprinting on the Web?

Fingerprinting is a type of online tracking that’s more invasive than ordinary cookie-based tracking. A digital fingerprint is created when a company makes a unique profile of you based on your computer hardware, software, add-ons, and even preferences.

What is my digital fingerprint?

Your “digital fingerprint” is a combination of data about your web browser and computer that can be used to uniquely identify and track your web browsing.Mar 19, 2018

What is browser fingerprinting Javascript?

Also known as online fingerprinting, browser fingerprinting is a tracking and identification method websites use to associate individual browsing sessions with one site visitor. Using Javascript, a plethora of data can be collected about a user’s browser and device.Apr 1, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *