Think private browsing keeps you anonymous online? Learn how browser fingerprinting works, why websites can still track you in Incognito Mode, and the best ways to protect your privacy
How Browser Fingerprinting Tracks You Even When You Use Private Browsing Mode
Many people assume that just because they’re using a private browsing window, they’re immediately protected from being tracked online. Incognito Mode in Chrome or Private Browsing in Safari or InPrivate Browising in Microsoft Edge. Many people assume that they are being completely protected against being tracked online when they are using any of these private browsing modes.
There are some privacy advantages to using private browsing – for example, your browser will NOT record anything locally (i.e., browser history, cookies, etc.) during your session. However, you still have a presence on the Internet because of your use of private browsing.
Today there are multiple ways of tracking user activities; one of the most powerful ways to do so is via what is known as browser fingerprinting. Browser fingerprinting basically collects multiple small pieces of harmless information about your device to, unlike traditional tracking methods such as cookies, to identify you. All of the information collected about your device when combined will create a unique ID or fingerprint. This fingerprint can then be used by advertising companies, web analytics companies, and fraud detection companies to identify who you are when you return to their site, even if you are using “Incognito Mode”.
With the ever-changing privacy laws along with more restrictive policies pertaining to third party Cookies by browser vendors, there has been a significant amount of attention being paid to the topic of browser fingerprinting by individuals within the privacy advocacy, cybersecurity, and governmental regulatory communities.
In this Guide I will provide you with information about how browser fingerprinting works, how private browsing modes do not prevent your browser from being fingerprinted, what benefits there are to using fingerprinters as well as the risks, and several practical tips and techniques you can use to protect your online privacy from being compromised.
What is Browser Fingerprinting?
Browser Fingerprinting involves a way of tracking that relies on device and browser characteristics to generate unique user identification profiles.
While traditional tracking methods use an identifier like a cookie stored on your system to track you, fingerprinting uses information that your browser reveals simply by its existence and use on a web site.
Your web browser and computer provide a large amount of details regarding your system and therefore gives away a large portion of your identity. This is a list of some of the most important pieces of information that a website can find out about you through your web browser:
– Browser type and version
– Operating system
– Display resolution
– Time zone
– Installed fonts
– Language setting
– Type of device being used
– Browser extensions
– Graphic capabilities of your system
– Audio capabilities of your system
– Hardware specifications
If you list out these elements individually, they may seem not to have any importance in identifying a single individual, but, if you put all these pieces together, the combination creates an extremely unique profile .
Imagine browser fingerprinting as our fingerprints. A single characteristic does not identify an individual; however, several distinctive traits combined do.
This makes browser fingerprinting a highly desirable technology for organisations that want to recognise returning customers without having to rely solely on traditional cookie based methods of doing so.
1. The Website That You Visited Collects Information About Your Browser:
Your browser will send the information as soon as you land on a website. This information is sent to the website to allow the correct display.
Browser Version,
Operating System,
Language Preference,
Display Size or Screen Size,
Features Available,
Websites can get a lot of this info using common web tools like JavaScript.
Step 2: Measuring Additional Characteristics of the Device
In modern fingerprinting systems, the gathering of information goes beyond just that of the browser.
Canvas Fingerprinting: Websites can tell your browser to create graphics you can’t see. Different devices and graphics cards draw these graphics a little bit differently. The way that your device draws these things becomes a part of your fingerprint.
WebGL Fingerprinting: With WebGL, websites can use your device’s graphics card to show graphics. The way that your device renders things can be used to identify it, because the small differences in rendering between devices are unique to that device.
Audio Fingerprinting: Browsers will all render audio differently based on how their hardware and software are set up. These differences in rendering audio can be used to create another piece of a fingerprint.
Font Detection:
the set of fonts you have installed is different from one device to another.
The way you have all the fonts on your machine can make it easy to tell who you are.
Step 3: A Fingerprint is Created
Combining all the information that was gathered creates a unique fingerprint.
The fingerprint can be relatively persistent as you use your machine over time.
Some examples would be:
Using the same laptop
Using the same browser
Using the same operating system
Using the same display settings
When you come back to your website, the same fingerprint will allow you to be recognized as a returning visitor.
Step 4: The Website Knows you as a Returning visitor
From your previous visit, your browser will send almost all of the same technical data that it did on your first visit.
The website checks the newly captured fingerprint and all previously captured fingerprints. If there are enough similar characteristics, then the system decides there is a high probability that this visitor is the same individual as previous visitors. This continues to work even after deleting cookies.
Private Browsing Mode Does Not Prevent Fingerprinting
Many users have misconceptions about what private browsing mode is. Most private browsing on most browsers is designed to prevent browsing information from being stored locally on the device. However, private browsing does not typically hide most of the technical characteristics that fingerprinting systems use to create a fingerprint.
The Primary Things That Private Browsing Does Are:
Deletes Session Cookies After Closing
Blocks Storing History Locally
Temporary browsing data can be deleted. It helps lower the number of local trails on your machine. This becomes helpful in cases where you share a computer or do not wish to keep a record of your activities locally.
What Private Browsing Fails to Do
Normally, private browsing does not:
Conceal your Internet Protocol (IP) address,
Alter your machine’s resolution (screen),
Change the way your Device’s fonts are installed,
Alter how your devices hardware functions (e.g. GPU, CPU, RAM, etc. ),
Prevent collection of your browser’s fingerprint characteristics.
Usually websites can identify the returning device even without cookies.
Fingerprinting Depends on Everything about Your Computer
The main reason why fingerprinting still works after you use private browsing is because your device did not really change.
1. Graphics hardware
2. Operating system
3. Browser settings
4. Display configuration
Installed fonts keep showing bits of personal info. Using private mode wipes saved data, yet it doesn’t really alter how your device
Benefits of using browser fingerprinting
There’s a good side to browser fingerprinting, too, despite the privacy issues it creates.
Fraud Protection
Many banks and financial institutions use browser fingerprinting as a way to help detect fraudulent activities. When a fingerprint shows itself for the first time on an account, there is an extra step to take to verify the person.
Account Protection
Browser fingerprinting can be used by organizations to help detect attempts to log in to an account that have not been authorised. A fingerprint method can be added to an account as a backup method of access in addition to passwords.
Bot Detection
Website owners use fingerprinting to distinguish a human user from a bot. This reduces the amount of spam and abuse and fraudulent activity.
Cyber Monitoring
Organizations may monitor browser fingerprint changes in order to find anomalous (unusual) way of behaving. This eventually makes them to have better threat detection capability.
USER EXPERIENCE IMPROVEMENTS
A number of websites are utilizing device identification as a means of customizing content and speeding up their website performance. This can be very different than marketing because many sites track your activity for marketing purposes.
Some of the difficulties and privacy risks associated with the use include:
INVISIBLE TRACKING
In contrast to cookies where most users are aware when they are being tracked by a website through cookies, browser fingerprinting is often done without the user’s knowledge. The majority of people are not aware that they are being tracked through this method.
Inconvenience in Stopping
An individual can easily choose to delete cookies from their browser but because a fingerprint relies on the unique device attributes it is much more difficult to remove a fingerprint from a browser than it is to delete a cookie. It likewise enables organizations to follow users over multiple websites through unique device fingerprints.
1. Advertising networks can use fingerprinting technology to follow users across many websites
2. This can provide extremely detailed behavioural profiles.
3. Users have little or no way to know what information has been collected about them and how it will be used.
4. Fingerprinting is legally ambiguous in certain locations.
5. Regulators are still trying to decide if fingerprints should be treated the same as cookies or other personal identifiers.
6. One example of the way that fingerprinting technology is being used today is seen in the area of online advertising.Specifically, as more and more advertising companies find it difficult to rely on cookies due to their growing Regulation and Blockage, the advertising industry is exploring the use of fingerprinting as a means to replace cookies as the primary means of identifying users.
Fingerprinting can help to identify repeat visitors even in the case where you cannot find them through more conventional forms of tracking.
Key Insight
Deleting cookies is not the only way to remove tracking from the Internet.
Financial Institutions
Banking institutions use browser fingerprinting and risk management tools to determine if the individual’s identity has changed. If an individual attempts to log into their account using a fingerprint which does not match any other fingerprint of people who have previously logged into that person’s account, the bank may place a hold on the individual’s account.
Key Insight
When used properly, fingerprinting can provide additional security to client accounts.
e-Commerce Platforms
eCommerce companies use device fingerprinting to identify fraudulent activities, account abuse and unusual purchasing behaviors.
Key Insight
Fingerprinting is not just for advertising and can be used for security purposes.
Streaming Services
A few subscription services employ device fingerprinting techniques as a method to restrict how many people can share an account.
Key Takeaway:
The process of fingerprinting is now widely utilised in multiple businesses.
Best ways to reduce the Fingerprinting of Browsers
Use a Privacy-Focused browser
Some browsers have anti-fingerprinting features added to them in an effort to minimize the uniqueness of Fingerprints.
The aim of these features is to make users look similar, not unique.
Keep the Browser settings Consistent
Over-customisation/overpersonalization of your Browser makes your Fingerprint too unique.
Standard settings provide more anonymity than Customised Settings.
Minimise the amount of Extensions you use
Every Extension you have on your Browser is adding another characteristic to your Fingerprint, which makes it more unique.
Only add the Extensions you really need.
Block unnecessary Scripts
Many of the Fingerprinting Techniques used today rely on JavaScript.
Script Blocking tools can lessen the amount of opportunities for Companies to Track you, however they can also cause Websites to not function properly.
Use a search engine focused on privacy
With privacy-oriented tools, you will not be tracked as much nor have as much data collected about you.
If You Wish to Remain Anonymous, Use a Virtual Private Network (VPN)
A virtual private network (VPN) can hide your IP address from all the websites you visit. Detecting users through fingerprints would not work if the device doesn’t have this particular type of identifier.
Keep Your Software Updated
Web browsers often include more privacy improvements along with fingerprinting protections when they are updated.
Take a Look at What Your Privacy Settings Are Set At
More modern web browsers are offering more advanced controls for preventing tracking. You should spend some time looking at what settings you have and changing those settings where you think it’s necessary.
Browser Fingerprinting is Evolving and Changing
The number of third-party cookies being used are slowly decreasing.
Large browsers are eliminating third-party cookies, while some organisations use fingerprint technology.
Anti-Fingerprint Protection Improvements.
Developers have created defences that make browser attributes appear less unique
Web Standards That Focus On Privacy
Many future web standards are going to prohibit access to a lot of device information that has historically been used to create a fingerprint.
Oversight By Governments.
A lot more governments and privacy agencies/organizations are paying attention to how businesses are using fingerprinting now.
We will begin seeing more requirements for organizations to be transparent about their use of fingerprinting.
Tracking Systems Increasingly Powered By Artificial Intelligence (AI)
The use of advanced analytics and machine learning will both improve the accuracy of how they are fingerprinting you and create more privacy challenges for all users.
Questions That Are Frequently Asked
Legality of Browser Fingerprinting.
The legality of browser fingerprinting depends on local privacy laws and also the way in which you collect and use that data. Regulations in the world are still being developed.
Does private browsing prevent browser fingerprinting?
No, private browsing just blocks saving of any browsing data locally on your device; there are still several other properties/characteristics of your device that can be used to fingerprint.
Do browser fingerprints and cookies mean the same thing?
No, cookies assign an identifier to a device, and browser fingerprinting is based on the properties/characteristics of the browser and/or the device.
Can You Say NO to Browser Fingerprinting?
Complete prevention can be tough. Still, using privacy-focused browsers, adding anti-fingerprinting tools, blocking scripts, and setting
.
Conclusion
Browser fingerprinting is probably the most advanced method of identifying and tracking people at present on the Internet. And, unlike a cookie, it relies on multiple elements that are naturally exposed by your device and browser during the time you interact online.
That’s the reason why you’re not going to be truly anonymous just because you are using private browsing, or incognito mode or whatever. Although using private browsing mode wipes out your activity from your local machine, it does nothing to help disguise those technical characteristics that indicate who you are.
A grasp of browser fingerprinting is crucial for those who are sensitive to issues around online privacy. There are legitimate uses of this technology in fighting fraud, cybersecurity, as well as protecting accounts. While fingerprinting poses serious concerns around transparency, consent, and digital surveillance, too.
When regulators, browsers, and technology companies continue to work towards maintaining user privacy and user security, an educated user on fingerprinting will be able to make better decisions about protecting their personal information on the internet.
