Browser Fingerprinting

What is Fingerprinting?

Recently I had an interview where my interviewer mentioned fingerprinting as a way to recognize a particular user. I hadn't heard much about it and was intrigued so I decided to do some research on the topic.

Browser fingerprinting is a method used to partially or fully identify a user based on information collected about the user's browser, computer, preferred language and more. Although you might expect that many people would have the same setup on their device as you, it is rare that two user's fingerprint is similar. In fact, according to this article, "only 1 in 286,777 other browsers will share the same fingerprint as another user."

How Fingerprinting Works

Most tech-savvy people are aware that your web traffic can be tracked with cookies or that your location can be determined with your IP address. However, fingerprinting can still partially or fully identify you without either of these things.

With fingerprinting, client-side scripting is used to collect a wide variety of data about you including your operating system, OS version, browser, browser version, screen resolution, list of plugins and much, much more.

Fingerprinting doesn't require cookies. JavaScript knows information about your screen resolution, device size and more to be able to display web applications properly. If you open your developer tools, and type navigator.userAgent you will see your device's user-agent in the console. This has information about your browser, computer, operating system and more. There are other commands you can use such as navigator.plugins to view what plugins you have installed.

HTML5 Canvas

Another way for companies to get data for fingerprinting is by using HTML5's canvas element. This element is used to draw graphics on a web page via JavaScript. Developers will use this feature to draw graphics on your device. Since different devices render images differently, the rendered canvas graphic can be sent through a hash function to create a unique ID for fingerprinting.

Why is Fingerprinting Used?

These days, companies are doing everything they can to collect data about their users. This data can be used to improve marketing, improve the user experience, it can be sold to advertisers, and more. However, it is also used for security and authentication and in fact was originally developed to prevent security risks for users. Ultimately though, fingerprinting is a privacy issue and I think everyone should be aware of it.

Can You Stop It?

There are different ways to prevent fingerprinting if you are worried about your privacy. You can block all JavaScript with an add-on such as NoScript, however this will change the functionality of many websites unless you allow JavaScript to run on them. You can try to use the most popular browser and version, but this is quite hard to do.

The most promising option I found is that the newest Firefox browser protects you against fingerprinting. It blocks "third-party requests to companies that are known to participate in fingerprinting."

Are you Unique?

If you would like to see if you are unique, check out this website. The website checks things like your list of plugins, language header, timezone, presence of adblock and more to see if you are unique.

Thank You

Thank you for taking the time to read this post. What are your thoughts on internet privacy and fingerprinting?

Additional Resources

• Mozilla Blog on Fingerprinting