Browser Fingerprinting

What Is Browser Fingerprinting and How Can You Prevent It?

What is browser fingerprinting?
Browser fingerprinting (also called device fingerprinting or online fingerprinting) refers to tracking techniques that websites use to collect information about you. Modern website functions require the use of scripts — sets of instructions that tell your browser what to do. Working silently in the background, scripts can identify lots of information about your device and browser that, when stitched together, forms your unique online “fingerprint. ” This fingerprint can then be traced back to you across the internet and different browsing sessions.
What exactly can scripts find out? They can determine a lot about the device you’re using, such as its operating system, your browser, the software installed on your device, what timezone you’re in, which language you’re reading in, whether you use an ad blocker, your screen’s resolution and color depth, all the browser extensions you’ve installed, and even more granular technical specifications about your graphics card, drivers, and more.
Imagine you want to identify a person in a crowd: you can do so by listing their attributes and other defining features. For example, you could describe someone as a woman with long blond hair, a red shirt with a white collar, a grey skirt, black shoes, red lipstick, etc. With enough attributes, it’s easy to identify this woman, even in a crowd of other people.
Browser fingerprinting provides enough specific attributes about your device and its settings that you can be reliably identified out of a crowd of internet users.
Similarly, browser fingerprinting provides enough specific attributes about your device and its settings that you can be reliably identified out of a crowd, even the extremely large crowd of millions of internet users and billions of devices. In fact, device fingerprinting can identify users with 90 to 99% accuracy.
Not convinced you could actually be identified? Try it for yourself: Visit AmIUnique, a research project that helps developers identify techniques to fight back against fingerprinting. You’ll see how easily identifiable you are based on your fingerprint. AmIUnique shows me, for example, that my fingerprint is unique among the more than two million fingerprints in their dataset. I can also see the 75+ attributes they use to identify me in a matter of seconds.
Wait… Is online fingerprinting the same as tracking cookies?
Cookies and fingerprinting are completely different. While digital fingerprinting is a new concept to many, you might be more familiar with tracking cookies, which are also able to follow you around the web.
One difference between fingerprinting and cookies is that the latter are regulated (at least in the European Union), meaning that websites are required to notify you and gain your permission to use them. (These notifications are those annoying pop-ups you see on most websites. ) That is not the case for digital fingerprinting, which happens silently and without your knowledge or consent. And unfortunately, browser fingerprinting scripts are indistinguishable from all the other scripts required to make a website function.
And while you can delete your cookies, there’s no way to delete your browser fingerprint. Your fingerprint allows you to be identified as the same user when you revisit sites or visit other sites around the web that employ fingerprinting. Put together, information from your browsing activity provides a clear picture of your online history, preferences, hobbies, and even life circumstances — it identifies you even when you’re not logged in to a site or if you’re using incognito or private browsing mode.
How does browser fingerprinting work?
Browser fingerprinting works because websites use scripts that run in the background of your browser. Today’s web browsers have built-in software functions called APIs, which can be used by website scripts to collect information. Generally, scripts are designed for legitimate purposes like rendering videos or photos. If we were to block them, then most websites wouldn’t run properly — they’d “break. ”
That means there’s no way for someone to know when websites are collecting their personal information, because fingerprinting scripts look just like any other script running on a website. These scripts collect the attributes — device specifications, OS, browser settings and plug-ins, user agents, audio and video capabilities, timezone, and more — that can be compiled into a “hash” or digital fingerprint.
Many website owners and ad networks share browser fingerprinting functionality to perform cross-site tracking. That means they use your online fingerprint to track you across the web, and collect intimate details about you: your search history, shopping and news preferences, and more.
Your digital fingerprint, or hash, follows you around the web.
With the help of the following advanced techniques, fingerprinting online allows websites to identify individuals with an extremely high degree of accuracy.
Canvas fingerprinting: Canvas fingerprinting uses the HTML5 canvas element to force your browser to draw an image or some text. This occurs invisibly in the background, so you won’t see it happening. But the precise way your browser renders the image/text provides detailed information about your font style, graphics card, drivers, web browser, and OS. Canvas fingerprinting is one of the most widely used digital fingerprinting techniques.
WebGL fingerprinting and rendering fingerprinting: Like canvas fingerprinting, these two techniques force your browser to render images off-screen and then use these images to infer information about your device’s hardware and graphics system.
Device fingerprinting: While device fingerprinting is often used synonymously with browser fingerprinting, it also refers to a particular technique that uncovers a list of all the media devices (and their IDs) on your PC. That includes internal media components such as your audio and video card, as well as any connected devices like headphones.
Audio fingerprinting: Rather than forcing your browser to render an image, audio fingerprinting tests the way your device plays sound. The resulting sound waves provide information on your device’s audio stack, including specifications about its drivers, sound hardware, and software.
Once you’ve been tracked, a profile can be compiled that includes intimate details about your life. That profile can be sold to data brokers, who are already hard at work compiling as much information as possible about everyone. Data brokers combine offline information (from public records, offline loyalty cards, and other sources) with online information, and the precise details from your device fingerprint are just what they need to complete their files. Data brokers then market this information, often selling it to advertisers who use it to target you more effectively.
Strong anti-tracking software disguises your browser fingerprint and helps prevent advertisers from knowing who you are. Avast AntiTrack blocks trackers on every site you visit, and our advanced anti-fingerprinting technology keeps your identity safe against even the most advanced tracking techniques.
Why is browser fingerprinting used?
Browser fingerprinting is mainly used for web tracking. It’s a more secretive way to track people than simply using tracking cookies, which require consent. But what do companies do with the information they collect? The large majority use this data to advertise to you and personalize your experience online. While being served personalized ads may not seem like a serious issue, the amount of information collected through digital fingerprinting and other tracking methods has the potential to be used quite nefariously.
Just imagine how much sensitive data is included in your online search history. If you search for chest pain, that information becomes part of your search history, which is included in the information that data brokers buy and sell. That means when a data broker later sells your search history to a health insurance company, the insurance company could infer that you’re at risk of heart disease and increase your rates.
If a health insurance company has access to your search history, they might think you’re at risk of heart disease and increase your rates.
Dynamic pricing is another example of how browser fingerprinting is used. Most people are aware that travel and ecommerce sites can and do adjust prices based on various factors. If browser fingerprinting pinpoints your location in an affluent area, you can expect prices to rise on almost everything you see online: airline tickets, clothes and other products, apps with subscription services, and more.
Browser fingerprinting can reveal lots of information about your finances and buying habits.
Those are just a few examples. As device fingerprinting becomes more prevalent and more accurate, companies will have increasing amounts of information about you — and more ways to wield this information to their advantage. It’s concerning, to say the least.
To protect yourself against online fingerprinting, consider using a privacy-focused browser like Avast Secure Browser. Our browser masks your digital identity and confuses website scripts so that they can’t collect accurate information to build your digital fingerprint. Download it today to get free protection against insidious online tracking.
But it’s not all doom and gloom: there are a few legitimate uses of browser fingerprinting. It can be used to identify the characteristics of botnets to help prevent DDoS attacks. Fingerprinting can also help to identify fraud and other suspicious activity. Banks use browser fingerprinting to detect potential identity theft and banking fraud.
Is browser fingerprinting legal?
Yes, browser fingerprinting is legal in most areas (as of this writing). In the European Union, the General Data Protection Regulation (GDPR) requires companies to get consent from users before tracking them with cookies. An additional law, the ePrivacy Regulation, is supposed to address browser fingerprinting — but it still hasn’t come into effect.
The US doesn’t have national laws on data protection. The California Consumer Privacy Act (CCPA) and Vermont’s Data Broker Law attempt to regulate some forms of online tracking and data collection, but they don’t address online fingerprinting.
In fact, some people think that device fingerprinting was actually developed to circumvent regulations like GDPR and CCPA, which focus on protecting personally identifiable information by regulating tracking cookies.
How to prevent browser fingerprinting
Without sophisticated tools, browser fingerprinting is extremely difficult to avoid. The normal privacy tricks — like using private browsing or Incognito mode, cleaning your cookies or search history, or using an ad blocker or a VPN — can’t prevent browser fingerprinting. In fact, it’s such an insidious and pervasive tracking technique that even if you use all of the privacy tactics we just mentioned, your unique fingerprint is still identifiable.
But don’t despair — there are ways to fight back against online fingerprinting. While it’s impossible to shut off the website scripts that collect your personal data, because websites wouldn’t work without them, you can confuse the scripts by using two techniques: generalization and randomization.
Generalization refers to manipulating browser API results to make you seem generic. In other words, it masks your unique attributes and helps you blend in with the crowd.
Randomization changes your attributes periodically so that your fingerprint is constantly changing and you can’t be reliably identified.
But how can the average person use generalization and randomization to hide? You’ll need to rely on a tool or service to do it for you. Avast AntiTrack uses advanced anti-fingerprinting technology to insert fake data when scripts attempt to collect your digital attributes. That lets the scripts continue to run (to avoid breaking website functionality), while hiding your true personal information so that it can’t be collected.
Avast AntiTrack also warns you of tracking attempts so you can see exactly which sites are trying to track you. And it’ll periodically clear your browsing history and cookies to ensure maximum privacy. Download it today to keep advertisers, data brokers, and other privacy invaders off your back.
Another option is to use a browser that offers built-in anti-fingerprinting protection. As more advertisers use online fingerprinting, some browsers are starting to fight back with various anti-fingerprinting measures. Tor Browser generalizes users, while Brave Browser uses randomization and Firefox simply tries to block specific fingerprinting scripts.
Avast Secure Browser offers the most comprehensive protection by employing both generalization and randomization (depending on the site). Specifically designed to prevent all known forms of browser fingerprinting, Avast Secure Browser offers advanced privacy without breaking websites, to make sure you get an optimal browsing experience without sacrificing your privacy.
Stop browser fingerprinting the easy way
These days, it’s safe to assume that you’re being tracked every time you log on. But you don’t have to put up with it! Built by the same cybersecurity engineers who painstakingly protect hundreds of millions of users worldwide, Avast Secure Browser is one of the most sophisticated anti-fingerprinting solutions out there.
From canvas fingerprinting, to audio fingerprinting, and everything in between, Avast Secure Browser stops trackers from accessing your personal information. Our browser also offers Adblock, Anti-Phishing, Stealth Mode, a password manager, and loads of additional privacy features. And, because we believe that anyone who uses the internet should be able to do so without being tracked or mined, we’ve made it completely free. Download it today to get essential digital privacy.

Browser Fingerprinting: What Is It and What Should You Do …

Have you ever heard of browser fingerprinting? It’s okay if you haven’t, since almost nobody else has ever heard of it, either.
Browser fingerprinting is an incredibly accurate method of identifying unique browsers and tracking online activity.
Luckily, there are a few things you can do to wipe all of your fingerprints from the internet. But first, let’s start by exploring what, exactly, browser fingerprinting is.
Browser Fingerprinting: What Is It?
Browser fingerprinting is defined on Wikipedia as follows:
“A device fingerprint, machine fingerprint, or browser fingerprint is information collected about a remote computing device for the purpose of identification. Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off. ”
That means that, when you connect to the internet on your laptop or smartphone, your device will hand over a bunch of specific data to the receiving server about the websites you visit.
Browser fingerprinting is a powerful method that websites use to collect information about your browser type and version, as well as your operating system, active plugins, timezone, language, screen resolution, and various other active settings.
These data points might seem generic at first and don’t necessarily look tailored to identify one specific person. However, there’s a significantly small chance for another user to have 100% matching browser information. Panopticlick found that only 1 in 286, 777 other browsers will share the same fingerprint as another user.
Websites use the information provided by browsers to identify unique users and track their online behavior. This process is therefore called “browser fingerprinting. ”
The uniqueness of browser information is closely related to the investigation method of the police and forensic teams, who identify suspects and criminals based on fingerprints at the crime scene.
The Integrated Automated Fingerprint Identification System (IAFIS) is a massive database that stores fingerprints of 70 million subjects of criminal cases, as well as 31 million prints from civil cases. That means that a large chunk of these fingerprints were collected for analysis purposes.
Browser fingerprinting works like that as well. Websites bulk-collect a large set of data of visitors in order to later use it to match against browser fingerprints of known users.
All of this information does not necessarily reveal exactly who you are, your name, and/or your home address, but it’s incredibly valuable for advertising purposes, as companies can use it to target certain groups. These groups have been formed by matching people based on browser fingerprinting.
Now, you might be wondering: why is this being done, and why is your data so incredibly valuable to these companies?
The international advertising industry and marketing machines love your data. They’ll do anything to get their hands on your data in order to track your online activities.
Tracking methods and data collection are extremely valuable because it allows advertising businesses to create a profile based on your data. The more data these businesses have, the more accurately they can target you with advertisements, which (indirectly) means higher revenue for the company.
Fortunately, it’s not all bad. Browser fingerprinting is also used to identify the characteristics of botnets because the connections of botnets are established by a different device every time.
Such analysis could lead to the identification of fraudsters and other suspicious activities that require investigation.
Also, banks use this method to identify potential fraud cases.
If an account is showing questionable online behavior, for example, a bank’s security system would be able to identify that the account is being accessed from multiple, different locations during a short period of time by analyzing unique fingerprinting.
By doing so, a hacker who logged into the account using a device that had never accessed the account before can potentially be identified.
All of these signs suggest potential fraud and usually trigger further investigation or the preventative freezing of an account.
Methods Used for (Fingerprint) Tracking
Websites use several different methods to track users on the internet. By doing so, they can collect information and fingerprint your browser – and you wouldn’t even know or see that websites are doing this!
Now, the question is: how do they do it?
The technology allows websites to interact with your browser and retrieve information. In the following sections, I’ll provide you with information about how websites interact with your browser and how they obtain information.
Cookies & Tracking
A common way for websites to obtain your data is by using cookies. Cookies are small packets of text files that are stored on your computer, which contain certain data that may give websites information to improve the user experience.
Websites remember and track individual computers and devices by loading the cookies (small data packets) onto your computer.
Every time you visit a website, your browser will download cookies. When you visit the same website at a later time, the website will assess the packets of data and provide you with a personally customized user experience.
Think about the font size or screen resolution you view on a website. If a website knows you’re always using an iPhone 8, it will provide you with the best settings for your iPhone. Also, this way, the website knows whether you’re a unique visitor or a returning visitor. Cookies also store data on browsing activity, habits, interests, and much more.
Furthermore, websites employ Javascript, which will interact with visitors in order to carry out certain tasks, such as playing a video. These interactions also trigger a response, and as such, they receive information about you.
Canvas Fingerprinting
The newest method to obtain browser information is called “Canvas Fingerprinting. ” Simply put, websites are written in HTML5 code, and inside that code, there is a little piece of code that takes your browser’s fingerprint.
So, how are websites doing that, exactly? Let me explain.
This new tracking method that websites employ to obtain your browser fingerprint is enabled by new coding features in HTML5.
HTML5 is the coding language used to build websites. It’s the core fundamentals of every website. Within the HTML5 coding language, there’s an element which is called “canvas. ”
Originally, the HTML element was used to draw graphics on a web page.
Wikipedia provides the following explanation on how exploiting the HTML5 canvas element generates browser fingerprinting:
“When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors. Next, the script calls Canvas API’s ToDataURL method to get the canvas pixel data in dataURL format, which is basically a Base64 encoded representation of the binary pixel data. Finally, the script takes the hash of the text-encoded pixel data, which serves as the fingerprint. ”
In plain English, what this means is that the HTML5 canvas element generates certain data, such as the font size and active background color settings of the visitor’s browser, on a website. This information serves as the unique fingerprint of every visitor.
In contrast to how cookies work, canvas fingerprinting doesn’t load anything onto your computer, so you won’t be able to delete any data, since it’s not stored on your computer or device, but elsewhere.
Browser Fingerprinting vs. Your IP Address
I believe that many online privacy-minded people, like myself, are aware of the fact that covering up your IP address is an important method to use to hide your online identity.
The IP address protocol is designed to send a request to a receiving web server every time a user interacts with a website or service because the receiving server needs an IP address to send a response to.
That means that your IP address is a unique string of numbers that points directly to your device. Tech-savvy website owners are even able to track what other websites you visit, the account you’re logged into, and sometimes even your geo-location.
Of course, this would require a bit more effort, but it’s kind of scary that it’s possible.
Test Your Browser’s Fingerprinting
There are various tools available that make it possible to test your browser identity. You can use “Am I Unique, ” “PANOPTICLICK” or “Unique Machine” to test the identity of your device.
Note: at the time of this writing, Unique Machine’s test tool is still being developed but should be released soon.
Any of these tools will review your browser’s fingerprint and assess how unique your data actually is.
Am I Unique uses a comprehensive list of 19 attributes (data points). The most significant attributes include whether cookies are enabled, what platform you’re using, what type of browser (as well as its version) and computer you’re using, and whether tracking cookies are blocked.
On Am I Unique’s website, simply click “View my browser fingerprint” to run the test.
When you click “View more details, ” you can see all of the specific information that your browser is providing to the server. My browser is unique among all the test samples they’ve gathered so far (almost 700, 000)!
You can also run a test with Panopticlick. It’s a research project of the Electronic Frontier Foundation (EFF).
On Panopticlick’s website, click “TEST ME” to run the test to see how safe your browser is against tracking.
Panopticlick also runs various tests to assess your browser identity. I’ve published my test results below.
Panopticlick tests whether your browser:
Blocks tracking ads
Blocks invisible trackers
Blocks “Whitelisted” trackers
Unblocks sites that promise to honor “Do Not Track”
Is, overall, protected against browser fingerprinting
As shown in the analysis, the results are mixed. I have “some protection” against web tracking, but it’s clearly not good enough. My browser is blocking certain items partially while not blocking other things at all.
This tracker concludes that my browser fingerprint is unique. Panopticlick recommends installing their Privacy Badger – more about that later in the “How to Defend Yourself Against Browser Fingerprinting” section.
How to Defend Yourself Against Browser Fingerprinting
It’s probably not possible to protect yourself completely against fingerprinting. Perhaps new software or other ways to sufficiently combat browser fingerprinting will be developed in the near future.
However, there are quite a few tools and methods available to enhance your online privacy and minimize the possibility of identification.
Find the most effective methods to protect yourself below.
Use Private Browsing Methods
Browsers like Chrome, Edge, Safari, and Firefox allow users to browse in incognito mode.
Incognito mode makes your browsing private by setting your “profile” to certain standard data points. These data points are part of your fingerprint, so, since many people use the same “profile” settings, the fingerprints look similar.
This will greatly reduce your chances of having a unique fingerprint.
Use Plugins
You can also opt to install plugins that disable trackers, which are employed by certain websites, from running on your browser.
Plugins like AdBlock Plus, Privacy Badger, Disconnect, and NoScript are designed to block scripts that potentially enable spying ads and invisible trackers from running in your browser.
For some websites, this means that the user experience might be somewhat less satisfactory. But it’s also possible to disable the plugins from running on websites that you trust by whitelisting them.
Panopticlick recommends using their Privacy Badger, which is a browser extension that blocks advertisers and other third-party tracking software from tracking your online activities.
NoScript requires more time to set up and use effectively because the plugin blocks JavaScript on every website by default. That means that you’ll have to enable JavaScript manually on every trusted website.
Disable JavaScript and Flash
One of the more effective methods you can use to protect yourself against browser fingerprinting is to disable JavaScript and Flash.
When JavaScript is disabled, websites won’t be able to detect the list of active plugins and fonts you use, and they also won’t be able to install certain cookies on your browser.
The disadvantage of disabling JavaScript is that websites won’t always function properly, because it’s also used to make websites run smoothly on your device. This will impact your browsing experience.
On the other hand, Flash can be disabled without a negative impact on the user experience. Generally, Flash only impacts the browsing experience when you visit very old websites.
Install Anti-Malware Software
Anti-malware software is always helpful, regardless of whether you’re looking for online privacy protection or you just desire overall protection for your device and personal files/data.
Malwarebytes and HitmanPro are both outstanding anti-malware software tools that run seamlessly alongside your antivirus software and serve as a second layer of protection.
In most instances, anti-malware blocks ads, harmful or annoying toolbars, and spyware software that might be running in the background on your system.
These software tools and scripts are directly linked to your browser’s fingerprint. So, it’s better to have a clean browser and delete these threats with an anti-malware tool.
When you install an anti-malware tool, be smart and go to the settings in order to enable automatic weekly or (at least) monthly full-system scans.
Use the Tor Browser
If you’re extremely serious about secure browsing and preventing browser fingerprinting, you should consider installing the Tor (The Onion Router) Browser.
The best way forward would be to run the Tor Browser in combination with a proper VPN. Due to the fact that Tor uses certain default settings, which are identical for every user, it’s harder to identify unique browser fingerprints.
Additionally, the Tor Browser aggressively blocks JavaScript code on websites.
The major downside of using the Tor Browser is the slow browsing speed, and the fact that it only protects the internet traffic sent through the Tor Browser and not others, like Firefox or Chrome.
Use a VPN
One of the most popular methods to hide an IP address is to install a Virtual Private Network (VPN).
As shown in the image below, a VPN is like a middle man. Instead of connecting directly to a web server, you connect to the VPN’s server first, and the VPN will connect you to a website. By doing so, your IP address will be unknown to the webserver.
Using a VPN is a very effective method to hide your IP address because the webserver can only see the IP of the VPN (which is probably used by many other users).
But, your IP address is only one aspect of your online identity.
Regardless of what IP the webserver can see, your browser settings, version, and so forth, which generate unique browser fingerprinting data, can’t be blocked out by a VPN.
That means that the data of your browser still allows the webserver to identify you as a unique visitor regardless of whether you’re using a VPN since your IP address is only one aspect of your browser fingerprinting profile.
A VPN is great at hiding your real IP address, but it’s not the most effective method to protect you against browser fingerprinting, as many other attributes are part of your fingerprint as well. Used in conjunction with other methods, though, a VPN can be a great asset.
Read my post about VPNs for more information.
My Final Thoughts
Browser fingerprinting is a serious threat to online privacy, and it goes a lot further than simply checking an IP address.
Browser fingerprinting uses an extensive list of data points that, altogether, create your browser fingerprint. Your browser fingerprint is likely to be extremely unique.
Websites can use your unique fingerprint to gather and generate an in-depth personal file of websites that you’ve visited or target you with very personalized ads.
There are various methods you can employ to cover up your prints on the internet. Let’s quickly review the most effective methods.
Use incognito mode
Implement security plugins
Install anti-malware tools
As shown in the “Test Your Browser’s Fingerprinting” section, my browser ended up having a unique fingerprint. However, after I put the methods listed above into practice, my browser became significantly more protected against fingerprinting.
As you can see below, I managed to reduce the level of uniqueness from 1 in 286, 777 to 1 in 93. 25, which is a huge difference.
Browser Fingerprinting FAQs
Are Plugins Available to Disable Trackers? Yes, plugins like AdBlock Plus, Privacy Badger, Disconnect, and NoScript are designed to block scripts that potentially enables spying ads and invisible trackers from running in your A Browser Fingerprinting Test Available? Various online tools are available to test your browser identity. You can use “Am I Unique, ” “PANOPTICLICK” or “Unique Machine” to test the identity of your Any Browser Automatically Block Browser Fingerprinting? Firefox and Tor both employ browser fingerprinting techniques. Both browsers require websites to ask for user permission before collecting data.
Contents [hide]Browser Fingerprinting: What Is It? Methods Used for (Fingerprint) TrackingTest Your Browser’s FingerprintingHow to Defend Yourself Against Browser FingerprintingMy Final ThoughtsBrowser Fingerprinting FAQsAre Plugins Available to Disable Trackers? Is A Browser Fingerprinting Test Available? Do Any Browser Automatically Block Browser Fingerprinting?

What Is Browser Fingerprinting and How Can You Prevent It?

What is browser fingerprinting?
Browser fingerprinting (also called device fingerprinting or online fingerprinting) refers to tracking techniques that websites use to collect information about you. Modern website functions require the use of scripts — sets of instructions that tell your browser what to do. Working silently in the background, scripts can identify lots of information about your device and browser that, when stitched together, forms your unique online “fingerprint. ” This fingerprint can then be traced back to you across the internet and different browsing sessions.
What exactly can scripts find out? They can determine a lot about the device you’re using, such as its operating system, your browser, the software installed on your device, what timezone you’re in, which language you’re reading in, whether you use an ad blocker, your screen’s resolution and color depth, all the browser extensions you’ve installed, and even more granular technical specifications about your graphics card, drivers, and more.
Imagine you want to identify a person in a crowd: you can do so by listing their attributes and other defining features. For example, you could describe someone as a woman with long blond hair, a red shirt with a white collar, a grey skirt, black shoes, red lipstick, etc. With enough attributes, it’s easy to identify this woman, even in a crowd of other people.
Browser fingerprinting provides enough specific attributes about your device and its settings that you can be reliably identified out of a crowd of internet users.
Similarly, browser fingerprinting provides enough specific attributes about your device and its settings that you can be reliably identified out of a crowd, even the extremely large crowd of millions of internet users and billions of devices. In fact, device fingerprinting can identify users with 90 to 99% accuracy.
Not convinced you could actually be identified? Try it for yourself: Visit AmIUnique, a research project that helps developers identify techniques to fight back against fingerprinting. You’ll see how easily identifiable you are based on your fingerprint. AmIUnique shows me, for example, that my fingerprint is unique among the more than two million fingerprints in their dataset. I can also see the 75+ attributes they use to identify me in a matter of seconds.
Wait… Is online fingerprinting the same as tracking cookies?
Cookies and fingerprinting are completely different. While digital fingerprinting is a new concept to many, you might be more familiar with tracking cookies, which are also able to follow you around the web.
One difference between fingerprinting and cookies is that the latter are regulated (at least in the European Union), meaning that websites are required to notify you and gain your permission to use them. (These notifications are those annoying pop-ups you see on most websites. ) That is not the case for digital fingerprinting, which happens silently and without your knowledge or consent. And unfortunately, browser fingerprinting scripts are indistinguishable from all the other scripts required to make a website function.
And while you can delete your cookies, there’s no way to delete your browser fingerprint. Your fingerprint allows you to be identified as the same user when you revisit sites or visit other sites around the web that employ fingerprinting. Put together, information from your browsing activity provides a clear picture of your online history, preferences, hobbies, and even life circumstances — it identifies you even when you’re not logged in to a site or if you’re using incognito or private browsing mode.
How does browser fingerprinting work?
Browser fingerprinting works because websites use scripts that run in the background of your browser. Today’s web browsers have built-in software functions called APIs, which can be used by website scripts to collect information. Generally, scripts are designed for legitimate purposes like rendering videos or photos. If we were to block them, then most websites wouldn’t run properly — they’d “break. ”
That means there’s no way for someone to know when websites are collecting their personal information, because fingerprinting scripts look just like any other script running on a website. These scripts collect the attributes — device specifications, OS, browser settings and plug-ins, user agents, audio and video capabilities, timezone, and more — that can be compiled into a “hash” or digital fingerprint.
Many website owners and ad networks share browser fingerprinting functionality to perform cross-site tracking. That means they use your online fingerprint to track you across the web, and collect intimate details about you: your search history, shopping and news preferences, and more.
Your digital fingerprint, or hash, follows you around the web.
With the help of the following advanced techniques, fingerprinting online allows websites to identify individuals with an extremely high degree of accuracy.
Canvas fingerprinting: Canvas fingerprinting uses the HTML5 canvas element to force your browser to draw an image or some text. This occurs invisibly in the background, so you won’t see it happening. But the precise way your browser renders the image/text provides detailed information about your font style, graphics card, drivers, web browser, and OS. Canvas fingerprinting is one of the most widely used digital fingerprinting techniques.
WebGL fingerprinting and rendering fingerprinting: Like canvas fingerprinting, these two techniques force your browser to render images off-screen and then use these images to infer information about your device’s hardware and graphics system.
Device fingerprinting: While device fingerprinting is often used synonymously with browser fingerprinting, it also refers to a particular technique that uncovers a list of all the media devices (and their IDs) on your PC. That includes internal media components such as your audio and video card, as well as any connected devices like headphones.
Audio fingerprinting: Rather than forcing your browser to render an image, audio fingerprinting tests the way your device plays sound. The resulting sound waves provide information on your device’s audio stack, including specifications about its drivers, sound hardware, and software.
Once you’ve been tracked, a profile can be compiled that includes intimate details about your life. That profile can be sold to data brokers, who are already hard at work compiling as much information as possible about everyone. Data brokers combine offline information (from public records, offline loyalty cards, and other sources) with online information, and the precise details from your device fingerprint are just what they need to complete their files. Data brokers then market this information, often selling it to advertisers who use it to target you more effectively.
Strong anti-tracking software disguises your browser fingerprint and helps prevent advertisers from knowing who you are. Avast AntiTrack blocks trackers on every site you visit, and our advanced anti-fingerprinting technology keeps your identity safe against even the most advanced tracking techniques.
Why is browser fingerprinting used?
Browser fingerprinting is mainly used for web tracking. It’s a more secretive way to track people than simply using tracking cookies, which require consent. But what do companies do with the information they collect? The large majority use this data to advertise to you and personalize your experience online. While being served personalized ads may not seem like a serious issue, the amount of information collected through digital fingerprinting and other tracking methods has the potential to be used quite nefariously.
Just imagine how much sensitive data is included in your online search history. If you search for chest pain, that information becomes part of your search history, which is included in the information that data brokers buy and sell. That means when a data broker later sells your search history to a health insurance company, the insurance company could infer that you’re at risk of heart disease and increase your rates.
If a health insurance company has access to your search history, they might think you’re at risk of heart disease and increase your rates.
Dynamic pricing is another example of how browser fingerprinting is used. Most people are aware that travel and ecommerce sites can and do adjust prices based on various factors. If browser fingerprinting pinpoints your location in an affluent area, you can expect prices to rise on almost everything you see online: airline tickets, clothes and other products, apps with subscription services, and more.
Browser fingerprinting can reveal lots of information about your finances and buying habits.
Those are just a few examples. As device fingerprinting becomes more prevalent and more accurate, companies will have increasing amounts of information about you — and more ways to wield this information to their advantage. It’s concerning, to say the least.
To protect yourself against online fingerprinting, consider using a privacy-focused browser like Avast Secure Browser. Our browser masks your digital identity and confuses website scripts so that they can’t collect accurate information to build your digital fingerprint. Download it today to get free protection against insidious online tracking.
But it’s not all doom and gloom: there are a few legitimate uses of browser fingerprinting. It can be used to identify the characteristics of botnets to help prevent DDoS attacks. Fingerprinting can also help to identify fraud and other suspicious activity. Banks use browser fingerprinting to detect potential identity theft and banking fraud.
Is browser fingerprinting legal?
Yes, browser fingerprinting is legal in most areas (as of this writing). In the European Union, the General Data Protection Regulation (GDPR) requires companies to get consent from users before tracking them with cookies. An additional law, the ePrivacy Regulation, is supposed to address browser fingerprinting — but it still hasn’t come into effect.
The US doesn’t have national laws on data protection. The California Consumer Privacy Act (CCPA) and Vermont’s Data Broker Law attempt to regulate some forms of online tracking and data collection, but they don’t address online fingerprinting.
In fact, some people think that device fingerprinting was actually developed to circumvent regulations like GDPR and CCPA, which focus on protecting personally identifiable information by regulating tracking cookies.
How to prevent browser fingerprinting
Without sophisticated tools, browser fingerprinting is extremely difficult to avoid. The normal privacy tricks — like using private browsing or Incognito mode, cleaning your cookies or search history, or using an ad blocker or a VPN — can’t prevent browser fingerprinting. In fact, it’s such an insidious and pervasive tracking technique that even if you use all of the privacy tactics we just mentioned, your unique fingerprint is still identifiable.
But don’t despair — there are ways to fight back against online fingerprinting. While it’s impossible to shut off the website scripts that collect your personal data, because websites wouldn’t work without them, you can confuse the scripts by using two techniques: generalization and randomization.
Generalization refers to manipulating browser API results to make you seem generic. In other words, it masks your unique attributes and helps you blend in with the crowd.
Randomization changes your attributes periodically so that your fingerprint is constantly changing and you can’t be reliably identified.
But how can the average person use generalization and randomization to hide? You’ll need to rely on a tool or service to do it for you. Avast AntiTrack uses advanced anti-fingerprinting technology to insert fake data when scripts attempt to collect your digital attributes. That lets the scripts continue to run (to avoid breaking website functionality), while hiding your true personal information so that it can’t be collected.
Avast AntiTrack also warns you of tracking attempts so you can see exactly which sites are trying to track you. And it’ll periodically clear your browsing history and cookies to ensure maximum privacy. Download it today to keep advertisers, data brokers, and other privacy invaders off your back.
Another option is to use a browser that offers built-in anti-fingerprinting protection. As more advertisers use online fingerprinting, some browsers are starting to fight back with various anti-fingerprinting measures. Tor Browser generalizes users, while Brave Browser uses randomization and Firefox simply tries to block specific fingerprinting scripts.
Avast Secure Browser offers the most comprehensive protection by employing both generalization and randomization (depending on the site). Specifically designed to prevent all known forms of browser fingerprinting, Avast Secure Browser offers advanced privacy without breaking websites, to make sure you get an optimal browsing experience without sacrificing your privacy.
Stop browser fingerprinting the easy way
These days, it’s safe to assume that you’re being tracked every time you log on. But you don’t have to put up with it! Built by the same cybersecurity engineers who painstakingly protect hundreds of millions of users worldwide, Avast Secure Browser is one of the most sophisticated anti-fingerprinting solutions out there.
From canvas fingerprinting, to audio fingerprinting, and everything in between, Avast Secure Browser stops trackers from accessing your personal information. Our browser also offers Adblock, Anti-Phishing, Stealth Mode, a password manager, and loads of additional privacy features. And, because we believe that anyone who uses the internet should be able to do so without being tracked or mined, we’ve made it completely free. Download it today to get essential digital privacy.

Frequently Asked Questions about browser fingerprinting

WHAT IS fingerprint in browser?

Browser fingerprinting happens when websites use special scripts to collect enough information about you — such as your browser, timezone, default language, and more — that they can uniquely identify you out of the sea of other internet users.Oct 22, 2020

How do I check my browser fingerprint?

If you wish to check your browser fingerprint, go to the homepage and click “View my browser fingerprint.” Please note, the website will collect your browser fingerprint and put a cookie on your browser for four months to help with their purpose.Apr 26, 2021

How do you beat browser fingerprinting?

Because of this, the only real way to combat browser fingerprinting is masking your IP address. These are disabling Javascript in the browser (meaning no add-ons and extensions), and any plugins that help websites identify you. Some browsers specialize in letting you navigate internet add-on free.May 9, 2017