All You Need to Know About Browser Fingerprints
Join the DZone community and get the full member experience.Join For Free
Unlike the static websites of the past, today’s websites are honed to be able to identify your device through a set of parameters and using a range of sophisticated techniques. This allows the website owners to limit your activities on the website, collect information about your system, or feed you the information deemed appealing in your particular case.
A fingerprint or sometimes a footprint is a digital representation of a user’s device consisting of information about your operating system, settings, active browsers, installed plug-ins, etc. Such a fingerprint is generated as a unique code or image.
If you use proxies to increase your browsing anonymity, you need to match your proxy-related parameters with the current fingerprint attributes.
In this article, we will cover some of the most useful practices shedding some light on the type of fingerprints that your browser leaves on the web and ways to successfully increase your anonymity.
Types of Fingerprints
The way fingerprinting works is through collecting information on your system that increases its ‘entropy’ (i.e. uniqueness), so it becomes easily identifiable by the website. The fingerprints your browser and computer leave on a website reveal a surprising amount of information about the user. It includes a whole number of parameters ranging from the browser user agent, operating system version, and browsing history to screen resolution, WebGL renderer, device IDs, network IPs, WebRTC, and even battery info.
- Current IP.
- Browser headers (User-Agent, HTTP, ACCEPT, Do Not Track).
- Information about cookies and "super" cookies enabled or disabled in the browser.
- Installed browser plug-ins, their versions, and updates.
In addition to browser-based fingerprints, you should also be aware of the cross-browser fingerprinting. Modern fingerprint trackers will collect and analyze information from different browsers using the same hardware and easily identify the end-user.
Cross-Browser Fingerprinting allows tracking the following:
- Operating System.
- Number of cores in the processor.
- List of fonts and installed languages.
- Analysis of responses to operations performed by the browser involving the operating system and hardware components (2D and 3D rendering of shapes and pictures, creating shadows, etc.).
Such data is browser-independent.
In the section below, we describe all features of your system that leave fingerprints tracing back to your software and hardware settings.
User agents are obvious fingerprints of your system. The browser user-agent is intended to facilitate end-user interaction with web content, and it is part of the request header that contains more information, such as the accepted language and accepted text/html.
The user-agent format in HTTP consists of a list of product names and versions.
For example: Mozilla 5.0 and layout engine and version, e.g. Geko 1.0
Сookies are only relevant within the same domain. All cookies, including evercookies, can be easily cleared or blocked through a set of easy actions. From the perspective of fingerprinting, standard cookies can be easily deleted from the system once you set your browser into the ‘incognito’ mode.
There are two types of web storage: local storage and session storage. An item of local storage is visible across all tabs of all windows and persists even after the browser is closed. It behaves somewhat like a cookie with an expiration date very far in the future. An item of session storage, on the other hand, is only visible within the tab where it was created, and it disappears when the tab is closed.
When you visit a website a special fingerprinting script draws a sample text with font and size of choice and adds a background. This text may contain 2D objects and emojis. Then, the script reads the rendered image data back to compare pixel precision.
The same shape or text will be rendered in different ways on different computers, depending on the operating system, font libraries, graphic card, graphics card driver, and the browser.
WebGL works in a way similar to Canvas but renders interactive 3D objects in the browser without the use of plugins.
The website may gain info on your graphics card vendor and model. This indirectly leaks the operating system as Windows or Mac OS.
The WebRTC (or web real-time communication) nodes are used for collecting info on IP addresses for providing the best routes between two peers in the network. If leaked, this info can be easily used for fingerprinting.
If you use browserleaks.com to test your system, you will be able to see your network IP and below the webRTC detecting the ethernet address in your office, along with device IDs. Make sure to turn-off your webRTC to avoid IP leaks when using a proxy through a browser.
Below, we have listed common ways to overcome the problem of digital fingerprinting to ensure anonymous browsing.
VPNs and Proxy Servers
VPN or proxy is the easiest method to bypass regional restrictions. It changes your IP to the one available on the service.
However, proxies on their own, do not protect against multiple trackers and don’t affect the cookies already in your system. That’s why it’s important to complement your proxy usage with additional manipulations with your fingerprints.
To make your fingerprint less unique, you might want to tweak the following settings manually.
- Change the time zone of your device.
- Setting a different language for the device operating system.
- Set a different language for your browser.
- Change the resolution of the device screen.
- Change the viewing scale (zoom in/out) on a web page.
- Install or remove browser plug-ins.
Some may find these methods radical and somewhat inconvenient for surfing but, nevertheless, it helps significantly improve your browsing anonymity.
Tips and Recommendations
If you are using Firefox or Chrome, the following recommendations will be right for you to ensure anonymous surfing.
Consider installing the following plug-ins to increase your browser’s anonymity:
User Agent Switcher – swaps the user agent of the browser.
Ghostery – blocks analytics trackers, ads, and other beacons.
Besides the plugins, you should always disable WebRTC on your computer. It is important to prevent the IP leak of your local IP subnet. In most cases, disabling WebRTC will not affect the website behavior and will not block you.
To do that in Firefox, type about:config and search for media.peerconnection.enabled., and set it to false or search for some plugins to do the job.
In Chrome, this can be performed by typing chrome://flags and going over the list and disabling: Accelerated 2D canvas, Composited render layer borders, Tint GL-composited content, Enable draw occlusion, all options mentioning WebRTC.
There are also some specially assembled browsers for anonymous web surfing such as Pale Moon, an open-source browser based on Firefox, Selenium, or Puppeteer.
When working with automated browsers, you can choose to block some of the fingerprint utilities as some target sites will allow access without any fingerprint data. To do this, you disable Java, remove Flash, disable WebRTC, WebGL, and canvas.
You can also use Multiloginapp, a platform designed to swap different browser fingerprints. The program is designed to work with a large number of browser profiles. Each profile is placed in its own “container” eliminating the risk of leaking browsing history, cookies, and fingerprints between the profiles.
However, some target sites might block you when you remove some fingerprints features and can return null data.
You should also note that when you use some browser automation tools to emulate a desktop or mobile users, it is important to replace the headless browser user-agent. For example, using Puppeteer that utilizes Chromium, the user-agent includes the string “HeadlessChrome”, which is easy to detect.
Replacing the user-agent can be done by adding to your Puppeteer code “setUser-agent” as follows:
For replacing your user-agent data, check out this website: networkinghowtos.com/howto/common-user-agent-list
Testing Your System for Fingerprints
After all the manipulations, you should check all your current fingertips that your browser leaves. We recommend using the following list of websites for this procedure.
When using Multiloginapp, please check each of your profiles individually:
The modern Internet is collecting tons of info on each individual user. To avoid successful fingerprinting of your system, we recommend setting and verifying unique system configuration or using special tools described above. Once you do that, you will have much better chances for safe anonymous browsing with your new proxies.
Published at DZone with permission of Gleb Lepeshkin. See the original article here.
Opinions expressed by DZone contributors are their own.