May 20, 2021
1551
0The Whole Truth About Collecting Browser Fingerprints
You’ve probably heard that websites and services track visitors using a browser fingerprint. Users are assigned a unique identifier (fingerprint). It contains a lot of information about the user’s browser settings and capabilities, which is used to identify the user. In addition, the browser fingerprint allows sites to track behavioral patterns in order to identify users even more accurately later.
The uniqueness is about the same as that of real fingerprints. Only the latter are collected by the police to search for suspects in the commission of crimes. But browser fingerprint technology is not used to track criminals at all.
So is it legal to collect browser fingerprints? Let’s figure it out together.
The Internet is watching us all the time. Here’s a way to avoid it.
Is it legal to collect browser fingerprints?
Analyzing this topic in detail, we could not find a law that would regulate the collection of browser fingerprints in the United States. However, the EU has such a law (in particular, the GDPR and ePrivacy Directive), which regulate the use of browser fingerprints. This action is legal, but only if the organization can prove the need to perform such data collection.
Please, note that the user’s consent is required to collect the information. However, like any rule, this one also has exceptions:
- When a fingerprint is needed to transmit a message.
- When fingerprints are needed to configure the device interface.
Perhaps similar laws exist in other countries. The main thing is that under such laws, the user agrees to collection of their browser fingerprint.
However, there is a problem. Most often, the user is shown only the banner “I agree to the terms of use.” Of course, there is a link on the banner that the user can click on to learn more about the terms and conditions. But let’s be honest, who reads them?
Therefore, most often the user agrees to the collection of such data and simply clicks on the “agree” button.
Gain your anonymity online.
Test your browser’s fingerprint
Now let’s talk about your browser and what information it collects.
For the browser test, we’ve used Device Info. It shows what a third-party observer can get from your browser.
*Note: On the left, you can see only a small part of the data that the browser collects. In addition, the city and region are not displayed on the screen due to our use of the VPN service.
We’ve compared various services for hiding IPs. Find the best for you.
If you don’t like the site we’ve used, you can use others, such as Panopticlick and AmIUnique.
On the Panopticlick website, you can find out the entropy value of your browser. Entropy is the uniqueness of your browser’s fingerprint. The entropy is measured in bits.
Do you want to disappear from the internet? Here is the best way to do this.
How accurate are the browser tests?
In general, such sites for checking browsers work perfectly, and you can trust them if the overall picture of the data is important.
If we are talking about evaluating uniqueness, then everything is not so good here, and here is why:
- Testing sites do not take into account random fingerprints, which can be obtained, for example, with the help of Brave Nightly.
- The Panopticlick and AmIUnique sites are huge data archives that contain information about old and outdated browsers whose users have been verified. So if you pass the test with a new browser, you will most likely get a high rating for the uniqueness of your fingerprint, despite the fact that hundreds of other users are running the same browser of the same version as you.
The sites do not take into account the screen resolution or changes in the size of the browser window. For example, the font may be too large or small, or the color may make the text difficult to read. Whatever the reason, the tests don’t take it into account.
In any case, fingerprint uniqueness tests are an important thing. After all, in addition to knowing the level of entropy, you can find out how much data you give to your browser for storage.
Hide from various internet attacks and protect your online activities.
How to protect yourself from browser fingerprint collection?
First, you need to know that you will not be able to completely block the collection of the browser’s fingerprint – this technology is basic.
Therefore, you need to use another method — reducing the amount of information that various Internet resources collect. We’ve decided to help you by preparing a list of tools you can use.
Firefox
Firefox is a good browser for data protection. More recently, developers have added a feature to protect data from third-party fingerprint collection.
However, any user can add a degree of protection. For this, you can use the browser settings. Just type in the “about:config” line. Then, follow these steps:
Find webgl.disabled — select “true.”
Find geo.enabled — select “false.”
Find privacy.resistFingerprinting — select “true.”
Finding privacy.firstparty.isolate — change to “true.”
Find media.peerconnection.enabled and enable it.
Brave
Brave is a secure browser that provides additional protection for user data. For example, the browser can block various trackers and scripts that can infect your computer with viruses.
Brave has an option to block browser fingerprint collection.
Compared to Opera, Brave’s entropy score is 16.31 instead of 17.89. The difference is not huge, but it is still there.
You can find more ways to protect Brave here.
Browser extensions
To increase the uniqueness of the print, you can use various browser extensions. But this is your choice, as there are also some nuances here.
But if you still decide to use extensions, then here is a list of the most proven ones:
Chameleon: modification of user-agent values.
Trace: protection against different types of fingerprint collection.
User Agent Switcher: works the same way as Chameleon.
Canvasblocker: protection against collecting digital prints from canvas.
Tor browser without Tor Network
Tor browser initially offers several features that complement the system of personal data protection.
- HTTPS is everywhere and everywhere.
- NoScript tool to block active web content.
- Blocking WebGL.
- Blocking canvas image extraction.
- Changing the OS version.
- Blocking information about the time zone and language settings.
However, with Tor it is only the browser, not the network, that impresses. A few of the issues with the network:
- Slow operation. The ratio of servers to users is very different.
- Many sites block Tor traffic — for example, Netflix.
- There are leaks of personal information. There are many examples of such incidents on the Internet.
- The US government financially supports Tor.
Therefore, it is best to use the Tor browser separately. It is quite difficult to do this, but it is possible. First, you need to create two files that will disable the Tor network.
This is best done in Notepad++. Open it and add the following lines to the first tab:
- pref(‘general.config.filename’, ‘firefox.cfg’);
- pref(‘general.config.obscure_value’, 0);
Then go to Edit-EOL Conversion, select Unix (LF) and save the file as autoconfig.js to the Tor Browser/defaults/pref directory.
Then open a new tab and copy these lines:
- lockPref(‘network.proxy.type’, 0);
- lockPref(‘network.proxy.socks_remote_dns’, false);
- lockPref(‘extensions.torlauncher.start_tor’, false);
Now everything is ready. After launching, the browser will show an error, but you can ignore it.
And yes, disabling the network will not affect the browser fingerprint in any way. Panopticlick shows an entropy level of 10.3 bits, which is much less than with the Brave browser (it was 16.31 bits).
The files mentioned above can be downloaded from here.
