Skip to main content

Your digital fingerprint is tracked everywhere online. Brave wants to change that

Westend61/Getty Images

We have more tools to secure our identity online than ever before. You can ban cookies — the little pieces of information websites deposit in our browsers to identify us — block invasive trackers from tailing our machines, switch to incognito mode, opt out of cross-app tracking with Apple’s latest iOS update, or even go as far as to surf the web only through highly encrypted virtual private networks.

But there’s a tracking method that can still slip past these defenses and it’s growing in popularity: Fingerprinting.

The anatomy of a fingerprint

What makes fingerprinting so elusive and difficult to defend against is the fact that the data it exploits is essential to the web’s foundational functions.

Apps and websites look to collect all sorts of information from us (GPS coordinates, our personal details, etc.) that we pay attention to and usually have the option to keep to ourselves. But a cursory review of just about any tech company’s privacy policy will tell you that they also gather a range of other miscellaneous data that you don’t pay attention to and that you can’t easily stop them from tracking — such as what software your device runs on and to which network operator you subscribe.

“Fingerprinting is a threat to user privacy because it enables a nontransparent way for companies to track and identify users and devices.”

There’s a legitimate reason behind why companies need this data and why they can get it without even asking for your explicit permission. You see, all of us web users access the internet from a wide variety of different means, and in order to ensure that a website or app loads as intended for every user, no matter what browser or app or phone or computer they’re using, these sites need to know certain details about your method of access. But this seemingly innocuous data collection is also what powers fingerprinting.

Trackers stitch together your device’s properties like its display size, its operating system, your language preferences, and more to form your unique fingerprint. They match this pattern across sites and apps to identify you and target you with relevant ads.

Once a website captures your fingerprint, it’s possible for it to track you for up to 100 days — no matter how many safeguards you’ve put up on your browser.

Since all this takes place quietly in the background as you surf the internet, you can’t trace fingerprinting, nor is it possible for you to delete your fingerprints — like how you can in the case of third-party cookies. As your device’s fingerprint will always remain the same, this tracking method also can’t be limited through typical boundaries such as switching to a private window or clearing your browser’s cache.

“Fingerprinting is a threat to user privacy because it enables a nontransparent way for companies to track and identify users and devices,” says Patrick Jackson, the chief technology officer of Disconnect, a privacy app for iOS and Mac.

Finding a fix

There’s currently no great way to stop fingerprinting, but internet companies have started addressing the threat and looking for potential ways to deal with it. The Chromium-based browser Brave takes the most compelling shot at thwarting malicious fingerprinting that we’ve seen so far.

Brave’s solution is simple: Whenever a website requests the kind of data that could potentially enable fingerprinting, the browser obliges — but it also mixes in just enough noise or random information that it doesn’t end up crippling your web experience. This allows you to have a unique fingerprint for every session and every webpage. Therefore, trackers can no longer capture one single fingerprint of yours and match it across websites to follow you because your device will signal a different fingerprint every time.

Image used with permission by copyright holder

In our tests, Brave was the only mainstream browser that passed the Electronic Frontier Foundation’s Cover Your Tracks test, which determines how effectively your browser can protect against practices like fingerprinting.

Other browsers including Safari, Google Chrome, and Mozilla Firefox have had limited success with their existing anti-fingerprinting mechanisms. Unlike Brave, which takes a more dynamic approach to tackle fingerprinting, these apps have a one-size-fits-all implementation that attempts to limit how much information your device’s data websites can access and relies on a list of known fingerprinting domains to block them.

Hitting a moving target

The reason these outdated efforts are no longer effective is that fingerprinting is a broad, evolving concept. It’s a practice that has gotten increasingly more complex with the internet’s advancements and that becomes more sophisticated every year.

Some trackers, for instance, force your browser to draw on an invisible canvas on a web page. When your computer does that, it releases information like its screen’s resolution. Similarly, trackers can determine your fingerprint by how your device processes acoustic signals when it plays an audio file online.

Benoit Baudry, a software technology professor at the KTH Royal Institute of Technology, Stockholm, believes it’s hard to mitigate fingerprinting “since its boundaries are fuzzy and keep changing.”

“A cookie has one single, specific purpose: To identify a user,” Baudry adds. “Meanwhile, browser fingerprinting ‘repurposes’ technology that is meant for something else. This is why it is much more difficult to grasp than cookies: there is not one specific script, object, or packet to intercept.”

In addition to capitalizing on essential web data, the other aspect that prevents browser makers from outright banning fingerprinting is because it’s also employed for positive purposes like fraud detection. When websites detect a user is attempting to sign in from a new fingerprint (which essentially means a new machine), they request additional data for authentication to make sure the source isn’t malicious.

However, experts like Zubair Shafiq, an associate computer science professor at the University of California, Davis, argue fingerprinting is “overkill for fraud detection use cases.”.

Several companies are, at the moment, working toward this exact goal — including Google, which is actively researching ways to curb fingerprinting.

Fingerprinting has largely flown under the radar so far since advertisers and tracking firms have had reliable and direct channels to profile users. Now, as the web’s biggest gatekeepers, including Google and Apple, crack down on traditional tracking frameworks like cookies, fingerprinting has been pushed into the spotlight and, if its adoption goes widespread, it might end up being the most significant threat to our privacy ever. And that’s where it seems to be headed.

The presence of fingerprinting trackers has doubled in websites since 2014 and Disconnect’s Jackson also mentions that in anticipation of cookie and Apple’s cross-app tracking ban, companies are “collecting vast amounts of device data to either compute (and collect) a fingerprint on the device or doing the computation on their servers with the raw data.”

Pierre Laperdrix, a researcher at the French National Centre for Scientific Research who’s been studying fingerprinting for over a decade, believes it will always remain a whack-a-mole game for internet companies. All they can do is stay a step ahead of trackers.

“In my opinion,” Laperdrix said, “I don’t think we can completely put an end to fingerprinting without a reengineering of the way browsers and servers work.”

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
What is an RSS feed? Here’s why you should still use one
A person using a HP ENVY x360 2-in-1 15.6-inch Touch-Screen Laptop sitting on a bed.

With so much new content on the web added daily, it can be tough to keep up with what's happening online. People try several different ways, including visiting specific websites every day, doing Google searches, or relying on social media to keep them informed. One solution that sometimes gets overlooked is an old-school one: The RSS feed.

What is an RSS feed? It's a technology that has influenced many modern internet tools you're familiar with, and its streamlined, algorithm-free format could make it your next great tool for reading what you want online.
What is RSS?

Read more
Best laptop deals: Save on HP, Lenovo, Dell and Apple
Asus ROG Zephyrus M16 playing Cyberpunk 2077.

Buying a new laptop can be very daunting, especially with how saturated the market is with dozens of options from nearly a dozen brands and various configurations of each of those laptops. Even worse is trying to navigate the maze of available laptop deals across various retailers, and for those who don't want to do all that legwork, you're in luck! We've used our experience to collect the best deals in various categories to ensure you get the best bang for your buck. All you need to do is have a general sense of what specs or brand you want, and we'll likely have a deal for it listed below.

Best Laptop Deals

Read more
M2 MacBook Air vs. M1 MacBook Air: things have changed
A man holds the new Macbook Air (2022) in his hands.

The Apple MacBook Air M1 has been among our favorite MacBooks for some time now, and it's even held a place on our list of the best laptops overall. The new MacBook Air M2 is a significant redesign, bringing with it a new chassis and Apple's latest M2 processor.

Sometimes, it's easy to recommend the new model over the old one, especially when the new model brings significant improvements. The M2 MacBook Air qualifies, as it feels a lot more like a completely new model than a simple replacement of the old one. While Apple continues to sell the original M1 MacBook Air at a lower price, the M2 MacBook Air can often be had for only a little more money. That makes the choice between them a lot easier.
Specs
 

Read more