Browser fingerprinting tracking by websites and their advertisers

Illustrating browser fingerprinting

What is browser fingerprinting tracking?

Browser fingerprinting, the tracking of website users online, is slowly replacing cookie tracking. It is also known as device fingerprinting or online fingerprinting.

Fingerprinting a device is similar to the snapshot that an installation of Windows takes of a system’s components in order to identify it and activate product activation.

Almost all websites use cookies that track their users’ use of a website as they go from page to page. That kind of information is very useful to the website users themselves because they can see which pages have they have visited and it allows them to backtrack. For example, without cookies, the users would have to keep visiting the same page from the site menu if clicking on internal links took them away from it.

If a website uses advertising, the advertisers also use cookies to provide them with information for payment and user-tracking purposes. If the user has not deleted the cookies from previous  visits to a particular website, manually or by using a cookie cleaner, such as CCleaner, the advertiser can identify the user as a new or as a previous visitor.

Google Analytics website-monitoring runs on most commercial websites

Google Analytics runs on most commercial websites, providing Google and the website owners with  plenty of very useful information called metrics about how the websites are being used. Unfortunately by tracking users, cookies also provide valuable information to Google, Apple, Amazon, apps, etc., about how a particular website’s users use the web. Which is why websites in the UK and EU have to provide a declaration of how they and their advertisers use cookies that requires the acceptance or rejection by the users. For example, this website, pcbuyerbeware.co.uk, provides a cookie-consent notice that comes up on the first page that all users must see. If the declaration is accepted, this site uses cookies as set out in its declaration. If declined by the user, cookies are not used.

Cookies that track all of the user’s activities are on the way out

Cookies that track all of a user’s online activity are on the way out due to serious legal and privacy issues. Web browsers that include Apple’s Safari and Firefox, have restricted their scope and even Google’s own browser, Chrome, seems  to be acknowledging that the use of cookies can engage in an unacceptable invasion of users’ privacy. Which usually means that the search is on, or the decision to make use of alternatives that are even more sneakily an invasion of privacy, has or is taking place.

Enter browser fingerprinting tracking…

Browser fingerprinting tracking is identifying a smartphone or computer by gathering information about its browser settings, such as the time-zone,  default language,  the browser add-ons  and even the device’s screen size. It is a sneaky and hidden way of identifying a particular user online in order to use the information for delivering customised advertising or for making money by selling that kind of information. What makes it a better way of identification than using cookies is the fact that, by the first quarter of 2022, there were no counter measures in use to prevent it of the same kind as cookie cleaners and consequently no consent by the users was required.

Creation of a unique fingerprint based on browser use

Websites use scripts that instruct a web browser what to do. Those scripts can identify critical information about the devices and browsers that , when combined, form the unique online “fingerprint”of the users of those devices.

By combining all of the gathered information into a unique data fingerprint that is placed at a central source, such as the FingerprintJS library, advertisers can access it and recognize  you as you move from one website to another. Research has found that around 80 to 90 percent of browser fingerprints are unique enough to be used as a reliable ID. That browser ID can be focused even more on a particular web user by information-gathering businesses – such as Google, Facebook, Twitter, etc., – by combining it with the actual personal data that they hold on you. Moreover, in the EU and UK, browser fingerprinting is regulated by the same General Data Protection Regulation (GDPR) and marketing rules as cookies. Thereby allowing websites to use a far more accurate means of identifying their users without obtaining specific consent.

It is possible to fingerprint a GPU (the processor that a graphics card uses)

Browser fingerprinting tracking is already widespread and is getting more widespread as time goes on. Research from 2020 found that around 25% of of the world’s top 10,000 websites were running fingerprinting scripts. What is more,  in 2021, researchers established that it is possible to fingerprint a GPU (the processor that a graphics card uses) that identifies the computer using it.. They also established that browser tracking is possible across different browsers (Firefox, Opera, Chrome, Edge, etc.) in use at the same time on the same computer. In other words, it won’t be long until your system is identified without your permission, as soon as you engage with the web.  Therefore, legislation will have to come about internationally so that permission by the users, as with cookies, is a requirement.

Banks can use browser fingerprinting to detect fraudulent access to bank accounts

If a bank is using browser fingerprinting to identify its customers when they log on, when a criminal attempts to log on from an unidentified device – one that has not been fingerprinted –  the bank can then require further identification.

Why cookies are unreliable identifiers of web users

Cookies cannot be used as a reliable method of identifying customers if they use cookie cleaners, such as CCleaner, to clear all cookies regularly. Moreover, many users set their browser settings to clear cookies when the browser is closed. I clean my computer’s cookies all the time, especially after I access a bank account. Consequently, when I log on to my gmail account, Google sends me an email message that the device that I am using was not recognised – That, if it was not me accessing my account, to change my password. That has to be because I have removed Google’s cookies. (Update: Since I wrote this article, I am no longer receiving these messages, therefore Google must be using browser fingerprinting now instead of cookies.]

How can you stop browser fingerprinting tracking?

Since browser fingerprinting involves capturing the browser in use and its settings and metrics such as screen-size, it is difficult to detect and stop. Of course, there are browser plugins that claim to reduce or put a stop to fingerprinting, but whether or not their claims are valid is questionable.  You can actually find cookies manually and delete them, but act of fingerprinting is invisible  As a result the most effective measure against fingerprinting is to choose a web browser that restricts or eliminates tracking and increases privacy.

The Tor browser and other browsers that claim to employ anti-fingerprinting methods

The famous Tor browser uses the best method, which is to standardise the browser so that everyone appears to have the same fingerprint. You are warned not to maximise the size of the window it uses because screen-size is one of the many metrics that fingerprinting employs. Unfortunately, Tor runs from its executable file so that it leaves no tracks in the Windows Registry. Tor’s installation icon is placed on the desktop. To run Tor, you click on that icon. If you delete that icon, there is no other way of running it. For that reason, some websites won’t run and many companies don’t allow its use on their networks because they can’t use long-life cookies or browser fingerprinting.

Apparently, some browsers, such as Firefox and Brave, use their own anti-fingerprinting methods.  Avast, the anti-virus and online security company, also provides a browser that it claims stops browser fingerprinting. However, you have to take any such claims on trust, because there is no way that you can verify them for yourself.

Visit AmIUnique, a research project that tests if you can be identified by fingerprinting

“Not convinced you could actually be identified? Try it for yourself: Visit AmIUnique, a research project that helps developers identify techniques to fight back against fingerprinting. You’ll see how easily identifiable you are based on your fingerprint. AmIUnique shows me, for example, that my fingerprint is unique among the more than two million fingerprints in their dataset. I can also see the 75+ attributes they use to identify me in a matter of seconds.”

My browser fingerprint – https://amiunique.org/fp

About Eric 275 Articles
I am an experienced PC technician who has been the owner and sole writer of the PC Buyer Beware! website since 2004. I am learning all the time in this very dynamic, ever-changing field.