This post is more than three years old so may contain incorrect information, or opinions I no longer hold.

How Browser Fingerprinting Works

25 Sep 2019 | ~3 minute read

I recently wrote a post called how online tracking works, that post mainly focussed on cookies and how they can be used to track you. But even if a site isn't using cookies, browser fingerprinting can still be used to track you.

What is browser fingerprinting?

Browser fingerprinting is the process of collecting information about a remote device for identification purposes. Client-side scripting languages, like JavaScript, can be used in such as way to collect very detailed fingerprints.

These fingerprints can include data such as geographic location, the browser and operating system that is in use, screen resolution, system fonts, system architecture, browser plugins and system hardware.

Like all tracking technology, browser fingerprinting can be used both legitimately and maliciously.

Fingerprints can be used to prevent fraud or credential hijacking, by checking that a user who is attempting to login is likely legitimate. For example, if you have logged in to cool-website.com for the last 5 years from the UK and using Ubuntu, then someone attempts to login to your account from Germany on a Windows system, this can flag as potentially illegitimate.

But like most things online, browser fingerprints can also be used in more nefarious way, to track you across web sites and collect information about your habits and tastes without you even knowing it.

Browser fingerprinting can even be used in a downright malicious way; if an attacker knows which operating system, software, versions, plugins and hardware you're using, they can potentially deliver exploits that are specifically crafted for your machine and therefore are more likely to be successful.

How are browser fingerprints collected?

Browser fingerprints do not require cookies or any kind of user interaction. The fingerprinting process simply runs when a website is loaded. This means that the act of fingerprinting your browser is completely transparent. Browser fingerprinting can be achieved in a number of ways:

Can I prevent browser fingerprinting?

In short, no you can't. There are some things you can do, such as disable JavaScript and image rendering, but this would have a huge impact on your online experience.

Also, very few people have JavaScript and image rendering disabled, so this also makes you unique and easier to fingerprint. So although a website may not know certain details about your system because JavaScript is disabled, the very fact of having JavaScript disabled makes you pretty unique, so you can't win.

Conclusion

This post only scratches the surface of browser fingerprinting, but hopefully it will give you a better idea of how it works.

I will leave you with this final thought - I just tested my browser fingerprint using this tool from the EFF. My browser was found to be completely unique among the 228,000 browsers tested in the last 45 days.

That's how powerful browser fingerprinting is!

So even if you have 3rd party cookies blocked, you can still be identified and tracked online. Worse still, there's currently no easy way of preventing browser fingerprinting.

Reply by email

← The one before
How Online Tracking Works

Up next →
Why You Shouldn't Use Facebook

Want more?

So you've read this post and you're still not satisfied? Ok then, here's some other stuff for you to do: