The internet has become a den of tracking. Almost every website you go to will be tracking something about you. Fingerprinting has become especially common, taking note of your hardware and using it against you to create a profile of your browsing habits. Here is how your hardware betrays you when you are browsing the internet.
Online tracking and you
Online tracking is a big moneymaker. Trackers will follow you around the internet, using your browsing habits to create an effective profile of your interests allowing for accurately targeted advertising. You are probably familiar with researching something online and then being bombarded with ads related to that research no matter where you go online.
It all comes down to advertising
Online tracking is so prevalent because it’s required for the implementation of the internet’s most popular advertising platforms. Namely Google Ads. The vast majority of websites run on advertising money so the use of Google Ads or similar advertising platforms is a requirement, at least for websites trying to maximise the amount of money they receive from ads.
The advent of ad and tracker blocking
Adblockers have been around for a while now, and are extremely popular. Nobody likes to feel like they’re constantly being advertised to. But it has created a vicious cycle. Adblockers have meant that ads have had to become more intrusive, sometimes even baked in, to try and get around adblockers. Leading to more people using adblockers, reducing ad revenue etc.
This has also led to even more invasive tracking techniques. As people start to become more aware of the ways their privacy is being stripped away, companies are feeling the pressure to start adding in “privacy” features. Things like only tracking anonymised metrics. This is where fingerprinting comes into play, and how your hardware is betraying you.
What is fingerprinting?
Whilst more traditional tracking will follow your online activity, fingerprinting is all about creating a profile on you by harvesting your device info. Fingerprinting trackers will note information such as:
- Operating System
- Keyboard layout
- Battery status
That is just the tip of the iceberg as to what fingerprinting can gather from you. Even what filter lists your adblocker uses can be used to identify you!
One example of how this fingerprinting could be used to track you for advertising is by checking peripherals. If the fingerprinter sees you have a VR headset attached to your PC then it can gather that you are a PC gamer and that you have access to a VR headset so it can target ads for hardware and games to you.
Fingerprinting, profiles, and being unique
In life, being unique is a good thing. But when it comes to thwarting fingerprinting you want the exact opposite. The more common your fingerprint is, the harder it is to create a profile on you.
A major goal of fingerprinting is to be able to create an advertising profile on a person despite ad and tracker blocking. And even if the user has enabled anonymised tracking. The more unique your fingerprint is, the easier it is for the advertising platform to create a profile with high certainty that it is you and advertise accordingly.
A recent example of this is when researchers found that GPUs can be used for very accurate tracking. A team of researchers found that by tracking metrics such as number and speed of execution units, the time needed to complete vertex renders, handle stall functions, and more. That they could increase the median tracking time to 67% compared to current methods. Meaning that trackers could theoretically even tell identical GPU models apart depending on how they perform in WebGL found in modern web browsers.
You would be surprised just how rare your hardware may be. For example, I use an ultrawide monitor with a resolution of 3440×1440. According to amiunique.org, only 0.62% of people have that screen width, and 4.1% for the screen height. Add into the fact I use a niche browser and have some very niche fonts (accounting for just under 0.01% of fingerprints). It can be exceedingly easy to create a profile with high accuracy of it being me without giving that info over to the likes of Google in the first place.
This is why being unique is a bad thing when it comes to fingerprinting. The more common your setup is, the harder it is for a platform to accurately make an advertising profile about you.
How prevalent is fingerprinting?
Fingerprinting does sound quite shady, so maybe it only takes place on dodgy websites that you really shouldn’t be on anyway? You couldn’t be more wrong.
A paper from 2020 shows that Fingerprinting is being used in 25% of the top 10,000 websites (measured by Alexa rankings). Of the top 1000 websites, 30.6% used fingerprinting. If you would like to read more about this paper, take a look at this previous blog post.
As you can see fingerprinting is prevalent in the top websites that we all visit. And they are collecting this information at the expense of your privacy.
Is all fingerprinting bad?
Fingerprinting isn’t inherently bad, but the reasons it is being used for certainly are. But some services implement fingerprinting as a way to fight back against things like botnets and fraud. For example, in a botnet, every device will be unique, so a good fingerprinting mechanism can identify when a possible botnet is involved.
Similarly, banks can use fingerprinting to detect things like fraud. They can do this by checking the fingerprints of devices trying to access an account. Like multiple different devices trying from different locations in quick succession. If the bank detects this, it can freeze the account and limit the damage.
For the handful of reasonable uses of fingerprinting, it is of course mostly being used to make money at the expense of users. And, whilst the legitimate uses of fingerprinting are a useful tool in a security toolbelt, they are still somewhat invasive to the end-user.
How to protect yourself from fingerprinting
Protecting against tracking and fingerprinting is difficult. Especially when even the tools you use to protect yourself are another metric for tracking. But there are a few things you can do.
Check out fingerprinting tests
A good first step to protecting yourself from fingerprinting is to look at Am I Unique and Cover Your Tracks. The former in particular gives a detailed breakdown of your fingerprint and checks how unique it is against their database. This is useful for seeing where your setup is “letting you down”. It can even tell you what filter lists you have that are adding to the uniqueness of your fingerprint.
Cover Your Tracks is operated by the non-profit Electronic Frontier Foundation and offers similar information to Am I Unique. But also offers some great educational material for you to learn from.
Use a browser with built-in fingerprinting blocking
Firefox-based browsers now support fingerprint blocking out of the box. They do this by blocking companies that are known to be using fingerprinting. Brave is another browser, Chromium-based, that has this technology built in. It does this by randomising your fingerprint on every website you visit.
Use Private/Incognito modes in your browser
Using a Private or Incognito mode in your browser does NOT mean you are private no matter what you do online. But it can be a useful way to browse the internet making sure that none of your cookies and the like follows you around the internet for tracking. This also helps improve how common your fingerprint is.
vpn“>Use a vpn
One of the most common metrics to be tracked is your IP address. By using a vpn, you can hide your public IP address. Removing another vector for you to be tracked by. At hide.me vpn, multiple users can be using the same IP address, this makes it impossible for a tracker to use your IP address to create an accurate profile on you.
vpn-use-fingerprinting”>Does hide.me vpn use fingerprinting?
Privacy is paramount here at hide.me vpn so we do not do any sort of fingerprinting. We have for a long time been trying to remove our reliance on the likes of Google and their advertising platforms on our website to protect our users more.
In July 2021, we finally managed to move to a privacy-centric open-source alternative in Plausible. And we even managed to self-host it, so data never leaves our servers. Plausible doesn’t even need cookies! It instead generates an identifier that changes daily. The identifier users your IP address and user-agent, and then filters it through a hash function with a rotating salt. This means your data is anonymised and private, and we just see an identifier and the info we need to improve our service. If you would like to learn more about our switch to Plausible, we have a whole blog post detailing it here.
What about tracking in your apps?
As this blog has established, tracking can and does lead to an invasion of privacy. This makes it a non-starter for inclusion in any of our vpn apps. We have zero trackers in our vpn apps, feel free to check our vpn/latest/” target=”_blank” rel=”noreferrer noopener”>Android app on Exodus for example.
Our stance is less common than you would think. If you want to read about how major vpn companies are compromising your privacy by using trackers in their apps, check out this blog post.
Your hardware isn’t betraying you – companies are
The title of this blog sounds like the blame is being placed on the end-user. It is YOUR fault for using an ultrawide monitor. It is YOUR fault you use an obscure browser. It’s YOUR fault you use an accessibility device because you have a disability. But it isn’t your fault.
The fault lies squarely at the feet of the likes of Google, Facebook, Microsoft, and Amazon. These companies have made your data a necessity, and they will get it by hook or by crook. Whether that means using your hardware against you to advertise more effectively or not. They will do whatever it takes to improve their bottom line. Regardless of the privacy implications.
And the disturbing thing is that the more you try and stop these companies from harvesting your data, the more unique and easier you make it for them to profit off you.
Thankfully, there are some steps you can take to remove fingerprinting from your online experience. But you will find that the likes of NoScript and ad/tracker blockers will inconvenience you.
You will have to go through the websites you use regularly and manually trust them. And you will find a lot of random websites you visit won’t even load or are broken because they’re trying to harvest data from you. You have to make the choice between accessing something potentially important and having your privacy invaded.
We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.
Have you considered using a vpn?
By using a vpn you get enhanced security whilst online, and the ability to circumvent censorship, amongst much more. Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone.
Get hide.me vpn!
If you have any questions, please feel to contact our 24/7 support team either at email@example.com or via live chat.