The only two approaches to combat browser fingerprinting
MAY 9, 2017 | FINGERPRINTS
We are all aware that websites can track and identify visitors. The most common ways include cookie files or finding the IP address that is used. However, these common methods can be easily bypassed, as users can block or delete cookies and mask their IP address.
This is why browser fingerprinting was developed. Browser fingerprinting is the process of gathering information about a user through their browser for identification. The reason why browser fingerprinting is so dangerous is that its prevention is much harder than with other forms of online tracking.
Because of this, we’ve put together an article to help understand browser fingerprinting, why it’s dangerous, and what are the only two effective ways of fighting it.
What enables websites to track your identity?
Websites can collect user's information and fingerprint browser without them ever knowing it. But how exactly does it happen?
The answer lies behind a technology that websites employ and how they interact with your browser. But before going into that, let’s think about the information you need for identifying an individual.
Collecting a single piece of information about a person such as gender, date of birth, or zip code, it’s not enough for identifying them. However, it’s much easier to single out a person and accurately deduce their identity having all three pieces of information put together.
Websites that actively fingerprint your browser, operate under the same concept. Your browser reveals numerous details about your identity. Separately, these pieces of information mean nothing. These include list-plugins, list of system fonts, OS version, screen resolution, etc. When collected together, this same information can accurately determine your identity.
Sites that conduct browser fingerprinting use JavaScript to interact with your website’s components for performing tasks like playing sound or video. These tasks reveal mounds of sensitive information and thus allow browser fingerprinting.
First generation methods to combat browser fingerprinting
Browser fingerprinting is very effective because it uses almost every single piece of information available for accurate identification.
Because of this, the only real way to combat browser fingerprinting is masking your IP address. These are disabling JavaScript in the browser (meaning no add-ons and extensions), and any plugins that help websites identify you.
Some browsers specialize in letting you navigate internet add-on free. For this example, we will use the Tor Browser, but there are other options available depending on your specific requirements. Tor disables potentially dangerous components and allows you to browse the internet safely through its layered encrypted connection.
In a nutshell, Tor avoids browser fingerprinting by connecting you through a series of virtual tunnels before connecting with the website you’re visiting. Tor Browser also masks your IP address, and at the same time, disables JavaScript and plugins that may cause fingerprinting.
Tor Browser is Awesome, but...
The main issue with websites that fingerprint your browser is that they use JavaScript to do so. It's a popular scripting language that allows websites to interact with your browser’s components. Disabling JavaScript means having a minimized, almost-crippled browsing experience.
JavaScript helps websites interact with browser components and carry out different tasks that enhance the browsing experience for users. These include playing sounds, videos, animations, checking for validity of form input, and more. All popular websites use JavaScript for enhancing the user experience. Thus, disabling it would limit browsing experience greatly.
Think about it this way: in one hand you have a smartphone, and the other one holds an outdated dial-pad phone that is worthy of a ‘90s sitcom. Now choose which one to use every day for any tasks.
Because of its many capabilities, smartphones are way easier to track than basic phones. Mobile applications can access a smartphone’s exact location through its GPS feature, as well as saved pictures, message history, and other pieces of information. These can then be used to find out exact details and identify the person using the smartphone.
Older dial-pad phones have very limited usability, and their lack of features make their owners hard to identify. The older phone can’t monitor you, or at least not on such a grand scale, so it provides the safest alternative.
In an ideal world, most people would choose the safest option. However, because we live in an experience-driven world, most people would choose the smartphone even if they know it’s much easier to fingerprint.
So, what should you do in this case?
Combating browser fingerprinting by actively managing your browser’s fingerprint
Despite identity protection should be a priority, it's hard to deny oneself to browse the internet with diminished usability.
In these cases, you can always turn to browser identity management and automation platforms to help you browse the internet while still protecting your identity. These platforms allow you to combat browser fingerprinting while maintaining full browser experiences.
Instead of disabling add-ons and plugins, browser identity management platforms actively mask all the information that can be used to deduce your identity. This is achieved by creating numerous online profiles you can then use to access websites.
At the same time, browser identity management platforms deploy numerous counter-fingerprinting technologies that prevent these sites from connecting multiple accounts that belong to the same user. Although websites will be able to fingerprint these profiles, they will not be able to link them either you or one another.
In other words, you can create and manage each profile and choose which one to use every time you enter a website, which leads us to our next point…
Choosing the best way to combat browser fingerprinting for you
Both Tor and browser identity management platforms offer great alternatives to fighting browser fingerprinting, but there are significant differences between the two.
Tor Browser masks the parameters that identify you, but you will still have the same static parameters every time you connect to the internet. In other words, if you connect 50 times in a day, you will have 50 connections that look the same, except for their IP address. Furthermore, your connection will look the same as the connection of thousands of other Tor Browser users.
This can set off temporary blocks on accounts and other restrictions, sometimes resulting in major setbacks.
That being said, Tor Browser can be a great tool for certain industries in specific scenarios, such as:
Journalism: Journalism often requires researching for sensitive information. These search terms can trigger government agency red flags, which can pose a huge inconvenience. To avoid this, journalists can access the information they need without worrying about being contacted or questioned by authorities.
Law Enforcement: Law enforcers often access open source databases online, and may require anonymity to avoid leaving any evidence of an ongoing investigation.
Independent and Alternative News Channels: Independent news channels often become targets for exposing injustices. Maintaining high levels of online privacy helps to avoid any repercussions.
On the other hand, browser identity management platforms provide a great solution if you need to connect with a specific identity each time you access a website.
Browser identity management platforms create several unique identities. So every time you connect to any website you can choose which one you want to use. All parameters used to fingerprint your device are masked each time you access a website, safeguarding your identity and allowing full browser functionalities.
Some common uses for browser identity management platforms include:
Online Marketing: Marketing experts often need simultaneous access across many social media accounts. They manage accounts for customers and do multiple logins a day. With browser identity management software, marketing experts can create different unique identities. It allows accessing social media and other platforms simultaneously.
Web Application Testing: Web application developers need to test websites and apps through multiple browsers and different configurations. Logging in with multiple identities helps them by emulating users and providing valuable feedback to help during product development and testing.
Corporate Intelligence: Companies can use multiple identities to reverse-engineer their competitor’s ads targeting strategy for valuable insights on their sales and marketing schemes.
Use multiple identities to navigate the web with Multilogin
We developed Multilogin to balance off the need for more effective methods that fight browser fingerprinting. Multilogin protects your identity from browser fingerprinting and other forms of web tracking while still allowing you to have a full browsing experience.
The beauty of Multilogin is that it takes into account all the parameters that web trackers use to fingerprint your devices. Then it creates unique values for each one of them to create numerous unique identities. You can choose which identity to use with some specific sites, keeping your real identity safe and maintaining full browsing functionality.
These unique identities can be tracked and fingerprinted individually, but they will not be linked with each other or your own real identity. Multilogin allows you to fool web trackers as they complete specific tasks, and navigate the web without diminished usability.
Final thoughts…
With browser fingerprinting technology evolving at a fast pace, keeping your identity safe is more important than ever before. Use one of the approaches outlined above to prevent browser fingerprinting and safeguard your identity.