Browser fingerprinting: Online anonymity elusive, Australian researcher finds

Is your screen size identifying you online? No. But together with a bunch of other settings it does.

After clicking the ‘Fingerprint me’ banner on Browserprint.info, the results appear unexceptional. Just a lengthy table of my web browser’s settings. I wouldn’t care if a company or the government or anyone knew the size of my screen. Or what supported fonts I have, or the contrast of my monitor, or that I have cookies enabled, or what time zone I’m in. These things (and the 30 or so other settings the test has discovered) are hardly uncommon.

But together they are. My own set is unique among the more than 3500 tested so far. It’s this uniqueness that allows companies to track you across the internet; matching your Facebook profile and email address with the sites you visit, the shows you watch and the things you buy. Your browser is leaving ‘fingerprints’ all over the internet.

“A lot of people, like me in particular, don’t like being tracked,” says Browserprint founder Lachlan Kang, a computer science PhD candidate at the University of Adelaide. “They don’t like websites they’re visiting to affect their online experience.”

The identifying information your browser is leaving behind can be bought and sold to target ads and build a profile of your habits. A 2013 study found that 145 of the 10,000 most popular websites were running hidden scripts to extract a device fingerprint from users' browsers. A 2014 study found that more than 5 per cent of the top 100,000 were employing canvas fingerprinting – a method which exploits HTML5 canvas elements.

“There are companies that make their money by tracking you,” Kang says. “You may out of curiosity visit a communist website and then Facebook starts suggesting communist pages for you to like. There’s also the possibility that in the future they’ll sell this information to more people than just advertisers.”

Kang’s Browserprint.info site, which has received development funding from the Australian Research Council Centre of Excellence for Mathematical and Statistical Frontiers, aims to collect the browser fingerprints of a large number of anonymised visitors. He will use the data set to identify the most powerful fingerprint techniques and build better defences against them.

There are existing methods that users can avoid being fingerprinted online, but they don’t always work or are impractical, says Kang.

“Tor Bundle Browser is the simplest way,” says Kang, whose interest in fingerprinting began with previous work to identify Tor users. “They aim to give everybody who uses it the same fingerprint; they haven’t quite achieved that. There are a few tests they’re unable to defend against but it works fairly well.”

Other options are disabling JavaScript, a key element in identifying users through their browsers, “but that will also break a huge amount of the Internet” Kang notes, or using an extension that ‘spoofs’ an element of the fingerprint but “they tend to be buggy and they do things wrong”, says Kang.

He hopes the project will raise awareness of fingerprinting and eventually lead to tools and extensions that help people defend themselves against it.

“Even among technically minded people fingerprinting isn’t that well known,” Kang says. “I just really enjoy having privacy. A lot of people they like attention but I don’t like attention, I just want to be anonymous and have my privacy. I can’t stand the idea of being tracked.”

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Torbrowser securitytrackingUniversity of Adelaidetracking protectioncanvasTor browserprivacytracking softwarehtml5cookiesbrowser

More about FacebookUniversity of Adelaide

Show Comments