How does browser fingerprinting work?

Anton P. | March 22, 2021

Browser fingerprinting is a web-tracking method that remembers and identifies users according to their devices. It is one of the data-harvesting techniques that are relatively invisible to consumers. Take cookies, for example. Websites inform you of their existence, and you have the opportunity to reject or block them. However, browser fingerprinting is a more behind-the-scenes approach. It will identify your device and browser as yours with high accuracy, and there might not be an opt-out alternative. Thus, while browser fingerprinting can be useful, it is a controversial practice. Although widely used, users might have little to no information of how it potentially invades their privacy.

What is browser fingerprinting?

Browser fingerprinting relies on users’ browser and device settings. Thus, this technique reads the information regarding your screen resolution, operating system, language settings, location, and supported fonts. It captures various details, such as your device model or plug-ins you have installed on your browser. Canvas fingerprinting is also one of the fingerprinting techniques, relying on an HTML5 canvas element to track you.

At first glance, these pieces of information might not seem as highly unique. Nevertheless, researchers have evaluated that it can identify and recognize users 99% of the time. After all, it is unlikely that people will have the exact set of device and browser settings.

The browser fingerprinting delivers a profile associated with you, and it becomes central in tracking you across the web. Like cookies, it detects certain patterns in your browsing routine, such as the websites you prefer. Then, it contributes this information to another cause: personalized ad delivery. The inner-dealings of browser fingerprinting mirror the procedures seen in tracking cookies. However, its covert operation style makes it far more difficult to bypass.

Where did it start?

Initially, researchers explored browser fingerprinting and its capabilities in terms of elevating security. Even now, there are reasonable applications of this method, mostly related to fraud detection. Additionally, fingerprinting participates in the prevention of software piracy and identity theft.

However, it gained momentum as a web-tracking practice in 2014 after the forthcoming study The Web never forgets. The early implementation of this tracking mostly related to the AddThis experiment. Upfront, the company stated that the test measured the potential of browser fingerprinting as an alternative to cookies. Now, fingerprinting is a practice used by dozens of companies, especially due to the preparation for the cookie phase-out in Chrome.

Potential dangers of browser fingerprinting

Due to the gradual decline of cookies and their effectiveness, companies consider browser fingerprinting a viable alternative. It essentially builds your digital fingerprint, with all the different ridges and loops reflecting your online habits. Once the practice identifies your unique device settings, it associates all your actions with that data.

Of course, browser fingerprinting won’t necessarily link one’s activity on a personal level (like associating digital movements with your name). However, it will capture your habits, such as visited websites, searches initiated, social media platforms used, etc. Data brokers equip this practice to generate digital profiles that work as guidelines for which content you would like to consume. For instance, the captured browsing details can reveal a lot about you, including gender, age, general interests, political views, sexual orientation, location, and so on. Thus, browser fingerprinting undeniably sparks privacy concerns due to its seamless integration. People are no longer comfortable having their data exchanged and shared with unknown entities. Since fingerprinting facilitates this need, it is understandable that people might want to escape it.

What can you do?

Stopping browser fingerprinting in its tracks is not an easy task. This practice is more invasive, and you might not even be aware that companies use it. Additionally, it is resistant to the typical browser-hygiene techniques you might apply. For instance, clearing browser cache or cookies won’t affect fingerprinting as no data ends up stored on your device. Luckily, there are options for defending against this web-tracking:

  • You can try to make your browser and device less unique. It means keeping your setup to a minimum: the more add-ons you install, the easier it is to identify you.
  • Less well-known browsers can simplify browser fingerprinting. Thus, by using the most popular browsers, your setup becomes more common.
  • Since browser fingerprinting relies on JavaScript, you can block these scripts via special add-ons. While it is a useful fix, it can cause trouble. Many websites might stop working or partially lose their functionality due to the blocking of JavaScript code.
  • You can also use browsers with capabilities to block fingerprinting. Tor is a great example, although its daily use is rather inconvenient and slow. Luckily, there are other browsers supplying protection against browser fingerprinting. Apple Safari is one of them, showing only a simplified version of the system configuration to trackers and deleting unique identifiers from web requests. Firefox is also notable. It blocks trackers from known fingerprinting companies and prevents entities from retrieving data via network requests. Thus, such browsers potentially have one of the best setups to stop fingerprinting from happening.

Sadly, browser fingerprinting is only one of the many ways entities implement web-tracking. If you wish to stay private and anonymous, you will need a privacy-focused setup. To cover your tracks, you can use privacy-focused browsers that come with built-in protection against cookies or fingerprinting. Additionally, take the time to consider how different services or apps deal with your data.

A VPN is a big part of any privacy-first setup that you manage to build. While it won’t cease all tracking, it is definitely worthwhile. A VPN conceals your IP address and, in turn, reduces the IP-based tracking. Additionally, it will encrypt information about your digital movements, making your experience far more private and anonymous. Thus, in combination with other practices, a VPN is one of the best ways to escape the nerve-wracking surveillance we face daily.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.