BROWSER FINGERPRINTS – THE ALARMING FUTURE OF ONLINE TRACKING

It may be disconcerting for us to think that most of the world’s intelligence agencies are monitoring your telephone and Internet communications, but for most of us it's only the marketers who are really interested in our everyday online activities. And with billion-dollar industries at stake, companies are increasingly turning to more sophisticated techniques to identify potential clients and deliver relevant advertising.





Historically, techniques for tracking people’s movements around the web have relied on HTTP cookies – small messages that ‘tag’ your browser so it can be uniquely identified. Some websites place multiple cookies when you visit, allowing them to track some of your activity over time. Unfortunately for snoopers, profilers and marketers, cookie-based tracking leaves the final decision about whether you are followed or not in your hands because you can delete their cookies and disappear. Browsers can be set to reject cookies or quickly extinguish them. And mobile phones, which are taking an increasing chunk of the Web usage, do not use cookies.


The holy grail for tracking is to find a unique ID that you cannot delete, something that identifies you uniquely based on who or what you are, not what you have; and that is where fingerprinting comes in.


Fingerprinting is a technique that allows a web site to look at the characteristics of a computer such as what plugins and software you have installed, the size of the screen, the time zone, fonts and other features of any particular machine. These form a unique signature just like random skin patterns on a finger. The Electronic Frontier Foundation has found that 94% of browsers that use Flash or Java – which enable key features in Internet browsing – had unique identities.


Read the press release by Electronic Frontier Foundation here


Fingerprinting may prove a more robust tracking technology than cookies because the user’s identity endures even if they erase their cookies. Making changes to your software and settings only makes you more identifiable, not less. If you are using a Proxy and a VPN, do these things matter? A Proxy just changes your location. It does not add or remove extensions from your browser or change its settings. Likewise, a VPN too will not change your screen resolution and pixel depth. None of them can stop the website from querying the fonts installed on your computer or hide their sequence to make it look like a different computer. If you are always using Incognito Mode? That just makes your fingerprint even more unique. “Hey, this is the person who always uses Incognito mode… but I can read the extensions he has on his browser… wait, I can also see his browser settings.”


The big, bad thing about fingerprinting is that it is really hard to block. Cookies can be deleted. Fingerprints identify you, uniquely you, and they cant be gotten rid of. Short of in-depth analysis of a given page, browser fingerprinting does not leave tracks, so it's hard to pinpoint sites that use it. And it also provides very accurate tracking.

While the good thing is that there are very few websites that use fingerprinting for targeted marketing, it still remains that Fingerprinting is very soon going to be replacing cookies as tracking devices in web browsers. Forewarned is forearmed, though – There do happen to be a few things you can do to anonymize your browser’s fingerprint.

There is no single, good way to protect yourself but there are things that you can do to make your fingerprint less distinct.

Turning off Flash, Java, WebGL and JavaScript will reduce your fingerprint massively but you may find the web unusable if you do. A reasonable compromise would be to disable Flash and Java and use a plugin like NoScript.

Privacy plugins like Ghostery should protect you from fingerprinting code served from known, third party domains used for advertising or tracking. The browser most resistant to fingerprinting is the Tor browser because of its bland User-Agent string and aggressive approach to blocking JavaScript. While Tor browser is not viable to use in day-to-day surfing, we can instead use TorButton, a plugin in Firefox and Chrome. It standardizes most browser characteristics and strings and can block JavaScript in the browser too.

Some links to privacy add and extensions for firefox and Google chrome respectively:


NoScript:

Firefox : https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=search

Google Chrome : https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm


Ghostery:

Firefox : https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=search

Google Chrome : https://chrome.google.com/webstore/detail/ghostery-%E2%80%93-privacy-ad-blo/mlomiejdfkolichcflejclcbmpeaniij


HTTPS Everywhere:

Firefox : https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/

Google Chrome : https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp



Until next post stay tuned !!!

6 views

People Do Crazy Stuff and We are one of them.

Thinkers and doers, from the field of Cybersecurity, Ethical Hacking, Python, Dark Net and Forensics, getting inspired from people from the same as well as different field of knowledge.

  • 800px-Telegram_2019_Logo.svg
  • Twitter
  • Instagram
  • Facebook

© 2020 by Bluefire Redteam LLP