What is browser fingerprinting and how does it work?
MARCH 8, 2023 | FINGERPRINTS
Browser fingerprinting is the process of third-party websites and platforms gathering enough information about you as a user that they can uniquely identify and trace you.
This has severe implications for any business running multiple accounts online and is a top reason for account bans. Read on to find out more about how browser fingerprinting works and what you can do to protect your accounts from bans and suspensions.
How Browser Fingerprinting Works
Let's start with the basics 😏
Browsers help you access information on the internet. When you visit a website, your browser sends a request to the server, which sends the information back to your browser. During this process, the browser collects information about your device and settings, which can be used for fingerprinting.
Browser fingerprinting collects various data from your browsers, such as:
IP address: unique identifier for internet-connected devices
User-agent string: information about the web browser and operating system being used
Installed fonts: fonts available on the device
Installed hardware: hardware components of the device
Cookie settings: user's preference for storing website data
Screen resolution: dimensions of the device's display
OS version: version of the device's operating system
HTTP header attributes: information about the HTTP request being sent
Language settings: user's preferred language for web content
Browser extensions: installed browser add-ons and plugins
Keyboard layout: layout of the device's physical keyboard
Audio fingerprinting data: unique audio characteristics of the device
Browser privacy: privacy settings and configurations of the browser
HTML canvas fingerprinting data: information about the browser's rendering of HTML canvas elements
These pieces of data are used to create a unique identifier for you. And yes, they can then be used to track your online behavior and provide personalized advertising and marketing.
Browser fingerprinting Techniques
Websites are equipped with technology that enables them to interact with your browser and gather information about your online behavior. Let's take a look at how websites can interact with your browser and obtain the data they need.
User-Agent Fingerprinting: Collects information about the browser, operating system, and device used.
Browser Plugin Fingerprinting: Looks at the list of plugins installed on the browser, such as Adobe Flash, Java, or extensions, to identify the user.
Screen Resolution Fingerprinting: Determines the screen size used to browse the web to identify the user.
Timezone Fingerprinting: Looks at the timezone settings of the device to identify the user.
Language Fingerprinting: Collects information about the language settings of the device being used to browse the web.
Cookie Fingerprinting: Examines cookies used by the browser to track the user.
WebGL Fingerprinting: Analyze the rendering capabilities of the browser to identify the user.
Use Cases For Browser Fingerprinting
Browser fingerprinting is used for various purposes, including advertising and marketing, fraud detection, security and privacy, and user tracking.
Security
Browser fingerprinting can be used for security purposes, such as tracking and blocking devices associated with suspicious activity. For example, if someone uses multiple devices and locations to access online accounts, browser fingerprinting can help identify and track these activities.
Fingerprinting is an efficient identifier that can bypass private browser windows, virtual private networks (VPNs), and other evasion measures to track fraudulent internet users, making it harder for them to conceal their actions.
Although not foolproof, browser fingerprinting can be a helpful tool when combined with other anti-fraud measures.
Marketing
Device fingerprinting is a common practice used by marketers to understand their audience better and create personalized advertising campaigns. It involves collecting information about your device, such as your user agent and IP address, to create a unique profile of your preferences and behaviors.
This information lets marketers target personalized ads based on users' interests and online behavior. For example, if you're using an expensive Macbook Pro, they may “assume" you have a higher income and show you ads for luxury products. If you're browsing from a particular location, they may offer you ads for local businesses.
Device fingerprinting also allows marketers to analyze the results of their advertising campaigns and track their performance. They can use this information to make data-driven decisions and optimize their campaigns for better results.
Creating individual user profiles is crucial for successful targeted marketing campaigns, and personalized ads are more likely to resonate with consumers. In addition, marketers can reach their intended audience more effectively by grouping consumers based on similarities in their profiles.
Fingerprinting also allows digital marketers to avoid account bans. How exactly?
Fingerprinting isn't just used for tracking and data collection - digital marketers also use it to avoid getting banned from social media platforms. For example, marketers often create multiple accounts on social media to increase their reach and improve their chances of success. But platforms have algorithms that can detect and ban accounts that violate their terms of service, such as using fake names or spamming.
Using fingerprinting allows marketers to create multiple accounts without being detected by these algorithms. In addition, modifying their device's settings to create a unique fingerprint for each account can make it difficult for the platform to detect that they are operating multiple accounts.
However, it's important to note that using fingerprinting to avoid account bans goes against the terms of service of many platforms. Furthermore, if caught, you can risk permanently banning their accounts, which can be detrimental to your business.
Browser Fingerprinting vs. Cookies
Have you ever noticed a pop-up window asking you to allow 3rd party cookies while visiting a website? It's a common practice often viewed as an annoyance that hinders you from accessing the desired content.
Many people accept these cookies without giving them much thought, just like when they accept the terms of service before downloading a program. However, it's essential to know that by accepting cookies, you're essentially permitting a unique identifier to be placed on your web browser. Cookies and browser fingerprinting are two different things, even though they may seem similar.
The main difference between cookies and browser fingerprinting is in their approach to privacy and security.
Cookies are specific data that anyone can access and track personal information like your name, address, and credit card number. Therefore, cookies require permission because they can give third parties access to your personal information.
In contrast, browser fingerprinting operates differently and doesn't need permission since it doesn't track personal data that others can easily access. Instead, it collects unique data to identify users, making it more effective in identifying suspicious site visitors.
Unlike cookies, fingerprinting is challenging to hide, even with ad-blockers, and deleting them within your browser's settings is not easy.
Is my browser fingerprint unique?
It is unique enough to give a very slim chance your profile will run into its long-lost sibling: as we've previously discussed in our research, figures from Panopticlick show that only around 1 in 286,777 browser fingerprints will be the same.
Does blocking browser fingerprinting work?
Blocking browser fingerprinting can make it more difficult for websites to track and identify individual users, but it is not foolproof.
There are several techniques that websites can use to gather information about users, such as tracking cookies, IP addresses, and browser plugins. If a website cannot collect information about a user's browser through fingerprinting, they may use these other techniques instead.
Some websites may deny access to users who have blocked fingerprinting, as it may be a requirement for using their services.
Blocking browser fingerprinting is an obvious sign for the websites you are trying to hide and will likely lead to your account being banned.
Why does browser fingerprinting cause account bans?
As we mentioned in our blog on why platforms like Facebook Business ban accounts, these platforms, and websites are always hunting in the background for anyone running multiple accounts – even for legitimate reasons.
Imagine running multiple Amazon or eBay storefronts for different brands within your e-commerce business, or you're an agency handling various clients' Google Ads accounts from the same devices.
If these are detected as coming from the same device or as being linked, they will, in most cases, automatically be flagged as suspicious and banned or suspended. And in many cases, it is your browser fingerprint that has helped their systems to link them together.
How do I stop account bans if blocking fingerprinting doesn't work?
The best way to stop account bans is simply through segregated, unique profiles that allow Facebook, Google, and so on to read your browser fingerprint.
Now, one way to do this would be from multiple devices: OK, if you have two accounts, a lot more expensive, unreliable, and impractical when you want to scale to 100, 1,000, 10,000...
The most reliable and easiest way to scale when stopping account bans is through virtual browser profiles. Through a tool like Multilogin, you can create utterly native browser profiles – segregated from one another without leaking each other's fingerprint – from a single device. That way, websites can read your fingerprint as if they were genuinely unique devices without raising suspicions.
To learn more about how browser fingerprinting works in-depth and why attempting to block or spoof another device simply doesn't work, read our latest research article from our Cyber Security Researcher. And to learn more about Multilogin and how it can help protect your business when running multiple accounts, visit our use cases page.