For the privacy-minded among us, you’ve probably heard the term “browser fingerprint.” If not, allow me to quote Panopticlick:
‘Browser fingerprinting’ is a method of tracking web browsers by the configuration and settings information they make visible to websites, rather than traditional tracking methods such as IP addresses and unique cookies.
So, call me paranoid if you must, but I’ve recently become more concerned about my browser fingerprint. It’s definitely not a myth, because I’ve noticed how different trackers “follow” me across various websites.
For example: a few times, I had done some Valentine’s Day shopping on Victoria’s Secret, Pajamagram, and some other women’s catalogs. Later on, at practically any website I visited, there were banner ads for Victoria’s Secret and Pajamagram! (Surely many other people have experienced this or something similar.)
Oddly enough, I tried to test this out a moment ago, and of course – didn’t see the ads at all. These are some of the more innocent ones, but I’ve noticed some much more intrusive advertising techniques as well.
Anyhow, the above-mentioned Panopticlick, by the Electronic Frontier Foundation (EFF), is merely one of many browser fingerprint tests, but it’s probably one of the better known ones:
Using it is simple; just click the “test me” button there. The site will then let you know if you’re blocking tracking ads, blocking invisible trackers, and also unblocking third parties who promise to honor “Do Not Track.” Finally, it will also inform you if your browser has a unique fingerprint (which the one I’m currently using almost always does).
This is all well and good, but what you might want to know is why you have a unique fingerprint!
According to the more detailed results, my browser (or at least the one I’m using at the moment) is unique among the 139, 260 tested so far:
It’s probably hard to read some of the details there, but some of the aspects of the fingerprint are my screen size and color depth, hash of canvas fingerprint, Browser Plugin Details, time zone, language, system fonts, and platform (operating system version).
If you read the fine print there, it gives credit to some of the developers who coded the various tests: “fingerprintjs2 for various fingerprinting tests, Aloodo for portions of the tracker test, browserspy.dk for the font detection code, and to breadcrumbs [link was dead] for supercookie help.”
You can do a similar test at Hidester: Browser fingerprint test with this tool. Interestingly, the hashes of the fingerprint tests on each site are different. This may be because they use slightly different tools to do the testing, but I’m not certain.
That being said, I’m curious as to what it would say if I tried it while using Whonix, Puppy Linux, or Tails…or if I accessed it via Tor or some other anonymity network. That would likely change the results!
Poster Iserni on StackExchange: How to fight browser fingerprinting? made an interesting point in this regard:
- the untrue information you would need [to] send along changes and yours doesn’t, making you unique – and suspicious;
- the detection techniques change, and you aren’t aware of it, so [you] become unique again;
Assuming that you can use TOR or a VPN or an openshell anywhere to tunnel away your IP address, the ‘safest’ practice in my opinion would be to fire up a virtual machine, install a stock Windows Seven on it, and use that for any privacy-sensitive operation. Do not install anything unusual on the machine, and it will truthfully report to be a stock Windows Seven machine, one between a horde of similar machines.
So, if you are really concerned about leaving behind a fingerprint, I would follow the advice above. Of course, you may say I’m being rather paranoid about this, but I am rather concerned, since some of the things I write about are on the controversial side.
I’m not looking to become Edward Snowden here, but is it so strange to be concerned with privacy?
On second thought, just tell everyone: Yes!! I shop at Victoria’s Secret!!