You threw your cookies away but they still follow you; Here’s how to hide your browser’s fingerprint
If you are just walking down the street, you are in public view. A friend can see you and greet you. A peddler may try to sell you a watch. There’s nothing wrong with that, but if you notice someone following you in the shadows with a clipboard, taking note of everything you do, you might feel different. On the Internet, advertisers and data brokers play the role of this obscure clipboard-wielding spy. They want to know exactly where you are going, how you are acting and what you are buying. The browser’s fingerprints allow them to handle this tracking without any chance of you spotting them in the shadows. What is this mysterious art that threatens your privacy, and how can you avoid taking your fingerprints?
It is not a cookie
It is important to explain what cookies are up front, if only to help people learn about browser fingerprints. is not. Cookies have been around for almost as long as web browsers have been around. The purpose of a cookie is to allow a website to remember things about you without having to maintain a monstrous database of everyone who has visited it before. Each cookie is a simple text file that lives on your computer, not on the site. The site may put information in the cookie, such as your preferred address, things you purchased, or the page you were reading in an online novel. When you revisit this site, it may remove its own cookie (but no one else’s) and re-read this information.
However, modern websites are not just monolithic entities. They contain links and content from advertisers and other third party sites. These third parties may save their own cookies on your PC, containing all the data they have, including the site that hosts the ad. If an advertiser is present on several sites, its cookie data now allows it to link your presence on each of these sites that you visit. Suddenly the cookies don’t look so tasty.
Internet experts have proposed to limit this abuse by letting browsers add a Do Not Track header to page requests. This effort failed because sites were free to ignore the header. Security companies responded by designing Do Not Track technology that actively prevented tracking. Trackers have responded with new technologies such as supercookies, evercookies, Flash cookies, etc.
All of these tracking technologies involve placing something (a text file, a script, a file) on the victim’s computer. And all of them have been foiled in various ways.
The fingerprint is different. It doesn’t change anything on your computer; it just takes advantage of normal browser functions.
hello i know you
When you surf the web, you really feel like you have a direct and continuous connection with the site you are viewing. In truth, your experience is made up of many small interactions between your browser and the website’s server. The browser sends a request and the server sends a response. This request necessarily includes your IP address – without it the server wouldn’t know where to send the response. But over time, browsers have come to send more and more information.
Compatibility isn’t much of an issue these days, but if you go back far enough you’ll find a point where websites had to adjust their responses to the requesting browser, perhaps sending a different page to Netscape Navigator than Internet. Explorer. Requests to a server identify the browser making the request, down to the specific version and build number. It’s a pretty straightforward need, but it’s the start of a slippery slope.
To make a page design rich from a website, your browser must have access to the right fonts. The available fonts depend on the operating system. Your browser queries the operating system for a list of fonts and passes that list to the website. If a required font is missing, the site may choose to display a simplified page. Yes, we all have the same basic font set that comes with Windows, but installing other programs often adds new fonts and uninstalling doesn’t remove them. After a while, our font collections start to diverge.
Too much information
Modern browsers reveal a huge amount of information not only about themselves, but also about the operating system in which they reside. Sites can run simple scripts to learn even more: things like screen resolution used and plugins installed. Crazy text string called User Agent reveals a lot about your browser. Here is a Chrome user agent string: “Mozilla / 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome / 91.0.4472.124 Safari / 537.36”. And here’s one from Edge: “Mozilla / 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome / 91.0.4472.124 Safari / 537.36 Edg / 91.0.864.67”.
Websites can query and receive tons of other information about your system settings and configuration. This massive dump of available information can be reduced to a simple, unique value called a fingerprint. The chance of two PCs having the same fingerprint is low, and the consequences for a tracker that has encountered such duplication are also low. Yes, your fingerprint may change based on changes to your system, but that doesn’t happen often. When it does, it’s not that important to the tracker either. Trackers don’t care about losing you temporarily. As long as they can follow a lot of others, no problem! And they don’t need cookies.
Put your fingerprint under the microscope
For a quick look at the many obscure elements that make up your browser’s fingerprint, visit the Electronic Frontier Foundation website. Cover your tracks (formerly called Panopticlick). With your permission, this page collects the information used to generate a fingerprint, along with some useful statistics. I learned, for example, that my fingerprint is unique among more than 250,000 fingerprints tested by the site in the past 45 days.
From a longer-term perspective, security and privacy researchers at Friedrich-Alexander University in Erlangen-Nürnberg, Germany, conducted a browser fingerprint study since 2016. I have been participating since the beginning. Participation is simple; once a week you receive an email with a link to verify your fingerprint. You can view the statistics of your own participation at any time. For example, I know I had the same unique, traceable fingerprint for 263 days in 2017. You don’t need to register if you just want to view aggregate stats.
There are many other pages that can show you the components of your browser’s fingerprint, in varying degrees of detail. Open-source reports Unique friend site usefully encodes the components furthest from the standard, those that contribute the most to making your fingerprint different from others. Device Info lists an almost overwhelming collection of information revealed to any website through your browser.
Hide your fingerprint
After a lifetime of working with clay, potters may find that their fingerprints have simply erased. What can you do to erase your browser’s fingerprint and prevent it from revealing your identity?
Recommended by our editors
As with any other subject, the internet offers endless practical advice on hiding your fingerprint. Using a VPN is a frequent suggestion, as it hides your IP address. Sticking to your browser’s privacy mode, whether it’s called Incognito, InPrivate, or whatever, eliminates other things that go into the fingerprint. Make no mistake, using a VPN is smart, but these simple fixes aren’t enough to hide your fingerprint.
One easy option is to switch to a browser with built-in protection or take advantage of existing browser-based protection. The security-focused Brave browser, on the other hand, offers a feature called Shields that can protect your privacy in a number of ways. Shields protection includes blocking ads, cookies and scripts, but in a refined way that allows you to retain the benefits of these features. It can block fingerprints on multiple levels, too much. Standard blocking only randomizes the data returned by your browser enough to outsmart trackers. Strict blocking suppresses all fingerprint attempts, but can cause compatibility issues.
Firefox’s enhanced Tracking Protection already offers some fingerprint protection, although it does so simply by blocking access to known trackers. A Fingerprint protection mode is under development. Be aware that, like Brave, the description warns that this Firefox feature “may degrade your web experience”.
When you use the TOR browser, it routes all of your web traffic through the TOR network. TOR is short for The Onion Router, so called because your connection is hidden behind so many layers. Your traffic enters the network, bounces from server to server and leaves a server without a connection to you. This tangled road can thwart fingerprints, but TOR has been known to slow connections. You probably don’t want to use it as your preferred browser.
If you prefer to continue using your familiar browser, no problem! You can ask for help to hide your fingerprint. For example, Avast AntiTrack (formerly TrackOFF Basic) injects false information into the elements of your fingerprint, focusing on the elements that contribute the most to making your fingerprint unique. Your spoofed fingerprint might still be unique, but it keeps changing, so trackers aren’t useful. Iolo Privacy Guardian, which was once a licensed version of TrackOFF, is now an in-house product that evades fingerprints, clears cookies, configures privacy settings in Windows, etc. Other tools, such as the Electronic Frontier Foundation’s Privacy Badger, monitor sites that collect fingerprint data and block their access.
White Glove Web Browsing
Now you know how the browser fingerprint works: if you surf the web willy-nilly, you leave fingerprints everywhere. Advertisers and others can track you based on your browser’s fingerprint. To continue to enjoy the Internet without leaving any traces, you have two main choices. You can choose a browser designed to evade fingerprints, or you can add a dedicated app for this purpose. Whichever you choose, your privacy is in your hands.