Browser fingerprinting is the third avenue of user tracking after cookies and supercookies. Fingerprinting is initiated by websites that analyze the requests sent by HTTP clients to uniquely identify a specific machine by collecting a digital fingerprint. Data acquired in this manner can be used to continually track users even after cookie deletion.
In our brief article, we will outline the basics of browser fingerprinting, how it’s used to track internet users and what can be done to reduce the likelihood of being recognized through the details sent.
Browser fingerprinting is becoming increasingly ubiquitous. Numerous websites, including top ranked websites, are utilizing fingerprinting to identify new and returning users. Search engines like Google and Bing are no exception and have been employing various measures to identify specific users.
Audio fingerprinting tests how your device plays sound. Sound waves provide information about your device’s audio stack, such as sound hardware, software, and drivers.
Advanced browser fingerprinting versions can provide even more data on the machine, mostly through accessing HTML5 Canvas and requesting some measure of graphics processing. Employing HTML5 Canvas can reveal the operating system, browser, and GPU of a machine. HTML5 Canvas generally requests the browser to render a specific image. Due to slight differences in how GPUs render images, device-specific details might be acquired.
Extreme measures include analyzing clock skew. Clock skew is when the electrical signals from one source (mostly from the clock generator) arrive at different components unevenly. These differences are affected by hardware temperature variations. Thus, with enough data and numerical analysis, clock skew differences can be measured to determine hardware specifications and many other aspects of a machine.
Temperature changes might be used to gather data on devices utilized by a machine. Source: Hot or Not: Fingerprinting hosts through clock skew
Browser uniqueness is the determining factor in whether a user can be recognized. To put it simply, browser uniqueness compares one device to many other computer fingerprints to find possible duplicates. If very few copies exist in the data set, the device is considered to be unique.
As a large amount of data about a particular device and browser can be collected, a user might be identified by the website as unique even without having access to cookie data. A study by The Electronic Frontier Foundation (EFF) found that only 1 in 286 777 browsers will share its fingerprint. Such a high level of browser uniqueness means that the same user can be easily recognized purely through fingerprinting.
Source: How Unique Is Your Browser?
Note that the global uniqueness of fingerprints might be even worse as the study participants were likely to be more tech-savvy and privacy-conscious than the average internet user. However, accurately predicting the global uniqueness of a fingerprint seems to be nearly impossible. A mathematical limitation is apparent due to the difference between an experimental sample and the global set of fingerprints.
Browser uniqueness can be tested by using a project developed by EFF: Panopticlick. The Panopticlick browser fingerprinting test will reveal all data collected about your device, and provide possible options to defend against it.
If getting tracked by large companies isn’t your cup of tea, then lowering browser uniqueness is the most effective option for fingerprint protection:
Use a commonly used browser. Running odd browsers (e.g., Comodo IceDragon) will greatly increase the likelihood of having a unique fingerprint.
Avoid custom user agents. Unique user agents are a surefire way to stand out from the crowd, so it’s always better to use common user agents.
Reduce the amount of plugins used. Uniqueness is severely impacted by the amount of plugins installed in a browser.
Narrow down the preferred language list. Requesting pages for different languages greatly increases browser fingerprintability. For example, TorButton requests only EN versions of websites by default.
Use TorButton. TorButton implements most of the security features used in Tor Browser to a Firefox browser.
Ironically, anti-fingerprinting solutions and plugins that are supposed to enhance privacy and reduce uniqueness can often have the opposite effect. Installed plugins (and their versions) can be detected, which means that they often add to rather than subtract from browser uniqueness.
We recommend experimenting with these options, utilizing the Panopticlick test, and browsing around the internet to find the most suitable combination. Using all the options listed above at once will likely break a lot of websites without providing clarity on what exactly happened.
Want to read about the other side of the coin – how future web scraping tools will need to build workarounds for fingerprinting? Read our blog post on fingerprinting and its impact on web scraping!
Does Oxylabs provide an automatic solution to improve browser uniqueness while scraping?
Yes, Web Unblocker is equipped with dynamic fingerprinting technology, meaning our system will select the right parameters, such as headers and cookies, for you.
About the author
PR Team Lead
Adomas Sulcas is a PR Team Lead at Oxylabs. Having grown up in a tech-minded household, he quickly developed an interest in everything IT and Internet related. When he is not nerding out online or immersed in reading, you will find him on an adventure or coming up with wicked business ideas.
All information on Oxylabs Blog is provided on an "as is" basis and for informational purposes only. We make no representation and disclaim all liability with respect to your use of any information contained on Oxylabs Blog or any third-party websites that may be linked therein. Before engaging in scraping activities of any kind you should consult your legal advisors and carefully read the particular website's terms of service or receive a scraping license.
Get the latest news from data gathering world
Scale up your business with Oxylabs®
GET IN TOUCH
Certified data centers and upstream providers
Connect with us
Advanced proxy solutions