Device fingerprinting: the latest threat to online privacy

What is device fingerprinting?

Device fingerprinting is a technique that uses simple pieces of information. Computers are always different from each other. Think of differences in operating systems, browser versions, screen resolutions and many other parameters.
This combination can yield a unique fingerprint that the visitor can be recognized by. This fingerprint is used by websites to prevent fraud or abuse but also for targeted advertising.

Two types of device fingerprinting

There are 2 types of fingerprinting. With passive fingerprinting, the website uses the properties that your browser automatically transmits when you visit the website. For example, the screen resolution, version of the browser and the operating system. The disadvantage (for the website) is that the number of features is limited and results in fewer unique profiles.
In addition, there is active fingerprinting, in which the website tries to extract unique characteristics from the browser. A well-known variant is font fingerprinting when the website requests the list of all fonts from the browser.

Canvas fingerprinting

A subtler version is canvas fingerprinting. The website runs a script that instructs your browser to make an invisible drawing. Since every browser makes that drawing in a slightly different way, the website can recognize browsers on different devices.

Audio context fingerprinting

Even more exotic method is audio context fingerprinting, a technique where the PC produces an inaudible sound that is unique to every combination of device and browser. However, according to research, this form of fingerprinting hardly ever occurs in practice.

How often does device fingerprinting occur?

Researchers from Princeton University examined 100,000 websites in 2014 and found fingerprinting occurred in 5% of cases. However, recent measurements from the adblocker Ghostery yield a much higher percentage.
At the end of May 2018, we researched online tracking on 150 websites and also investigated canvas fingerprinting. In our own sample, our ‘fingerprinting detector’ caught on at 18 of 150 sites (12%). This includes a striking number of news sites and websites of large companies.

Why do websites use fingerprinting?

News websites say they use fingerprinting for marketing and advertisements. This happens after the cookie notification, so technically, the sites do ask for permission to do this.

Fingerprinting is more often used to combat fraud and abuse. You can recognize frequent visits from the same PC with this technique.

How to prevent device fingerprinting?

Little can be done against passive fingerprinting. Although Apple has announced that the Safari browser will block all forms of tracking, including passive fingerprinting: ‘Your Mac will look more like everyone else’s Mac.’
Active fingerprinting takes place in the browser and can therefore be recognized – and blocked – by a good adblocker. Adblockers such as Ghostery have recently started working with blacklists of known scripts as well as artificial intelligence that independently recognize new forms of fingerprinting.
You can also install a separate extension for Chrome and Firefox that recognizes and prevents canvas fingerprinting: Canvas Defender.

Test: how unique is your browser?

Do you want to test how unique the ‘canvas fingerprint’ of your browser is? Go to Browser Leaks and look under the heading ‘Your Fingerprint’ at ‘Uniqueness’. The closer the number is to 100%, the better you can be recognized as an individual.
Note: After installing Canvas Defender, your fingerprint will be 100% unique. In this case, that’s a good sign, as Canvas Defender will deliver a fake unique fingerprint on purpose.

Talk to an Expert

1. We will review your request within 2 hours and contact you.

2. We will check your company and describe the workflow.

3. We will start cybersecurity check.

    Privacy Policy

    Vitaly is a principal consultant at Hackcontrol as wall as aa business and IT thought leader. He has over 15 years of experience in consulting, account management and is a specialist in cybersecurity.