What is digital fingerprinting?

Browser or digital fingerprinting happens when websites collect data about the browsers and devices used to view them. This data collection is aimed at optimizing the display and improving user experience, but it also allows for detailed user profiling and tracking, raising internet privacy concerns.

Read on for an in-depth article on browser or digital fingerprinting.

Dorota Martin

What is digital fingerprinting

In the late 19th century, scientists discovered that fingerprints, with their ridges, spirals, and loops, are unique to each individual. Soon after, police started using fingerprints to identify criminals. Today, fingerprints are part of the biometric profile used in IDs, passports, and to unlock devices. But another type of fingerprinting is happening behind the stage (or screen) called digital or browser fingerprinting. What’s that? Let’s dive in.

What is digital fingerprinting and how does it work?

Browser or digital fingerprinting is a tracking and identification method that collects various data points from a user’s web browser to improve user experience and prevent fraud. However, it is also associated with targeted online advertising, where fingerprints play a role similar to cookies.

How digital fingerprinting data is collected, stored, and shared

Imagine you visit an online store. The website’s server collects information about your browser, such as your user-agent string (indicating your browser, operating system, and device), screen resolution, and battery status (among others). It also observes your behavior, noting how fast you move your mouse and how you type on your keyboard. 

All the collected data is processed on the server side, often through JavaScript and other web technologies, to create a unique fingerprint for the user’s browser. This fingerprint is typically a combination of the various attributes and data points collected. 

Servers and sites store information and may share it with third-party services, such as advertising networks, analytics providers, or social media platforms, to enable cross-site tracking, targeted advertising, and data analysis.

The data points that are part of your digital fingerprint 

The list of data points that contribute to your digital fingerprint is very long. Even if you use an ad blocker, incognito mode, and a privacy-focused browser, chances are that your digital fingerprint is still unique, which means that websites can quickly identify your browser. 

To check this and the type of information websites collect about you, you can visit pages such as https://amiunique.org/ or https://coveryourtracks.eff.org/.

Below, you will find a list of some of the information collected:

• User-agent
• Browser type
• Operating system
• Device information
• Connection speed
• Device battery status (charging or not)
• List of plugins
• List of permissions
• Use of ad block
• Cookies enabled
• Canvas (determines how images and emojis are rendered) 
• Screen height, width, and depth
• Screen resolution
• Keyboard layout
• Use of fonts
• Location
• Time zone.

What is the purpose of browser fingerprinting?

Browser fingerprinting occurs at the server level, where websites and online services collect data from visitors’ browsers to create unique identifiers. Websites, advertising networks, and data brokers primarily collect this data. Gathering some of this data is necessary for the correct functioning of pages. But they can also be used to identify you personally and track what you’re doing online.

Here are the main purposes behind browser fingerprinting:

• Optimizing display: Browsers gather information such as your IP, device, and operating system to make sure the page you’re looking at shows images in the correct resolution and that all functionalities are compatible with your browser.
• Fraud prevention: Some websites and online services use fingerprinting to detect and prevent fraudulent activities, such as account takeovers, by identifying unusual or suspicious browsing patterns.
• Tracking and analytics: Website owners use browser fingerprinting to gather information about user behavior, such as page views, click patterns, and session durations. This helps them analyze user engagement and improve their websites.
• Targeted advertising: Advertisers employ browser fingerprinting to track users’ online activity and build profiles for delivering personalized ads. By knowing a user’s interests and behaviors, they can serve ads that are more likely to be relevant and engaging.

How accurate is digital fingerprinting?

Device fingerprinting is highly accurate at identifying devices—over 90%, with some fingerprinting services claiming to provide 99.5% accuracy. The number of data points and their quality increase the accuracy. Ironically, tools such as privacy-focused browsers or cookie-blocking extensions can have the opposite effect and improve the accuracy of your fingerprint because a smaller number of people use them.

The fingerprint we are discussing here is that of your browser, not you personally, as the fingerprinting process cannot determine your name and surname. That is, until you log in to a website displaying this information.

Are cookie tracking and digital fingerprinting the same thing?

Cookies and fingerprints are not the same thing, but to aggressive advertisers and data brokers, they serve the same purpose. In fact, the modern internet is moving away from cookies as they become increasingly inefficient at tracking, and fingerprinting is the next hot topic.

Cookies help advertisers track users’ web activity, but they can also be managed following online privacy legislation in the EU and some US states. On the other hand, digital fingerprinting is done in the background, raising privacy concerns regarding the process and the sheer amount of data collected. 

What are the risks of digital fingerprinting?

The extensive data collected through browser fingerprinting poses a significant risk to online privacy and security. Combined, these data points create a unique digital fingerprint that can be used to identify and track individuals across the internet, even without using cookies. 

This undermines user anonymity and leaves users vulnerable to targeted advertising, data mining, and potential security breaches. As a result, malicious actors can exploit digital fingerprinting for various purposes, including identity theft, fraud, and surveillance. 

Lastly, digital fingerprinting circumvents existing internet privacy protection measures, giving internet users little control over or insight into what happens to their data once it’s harvested.

How to stop digital fingerprinting

There is no one method to prevent browser fingerprinting today, it’s a trade-off with user experience. Blocking JavaScript and WebGL will help combat digital fingerprinting, but it can cause issues with website performance. Disabling Java with the NoScript plugin can prevent rendering errors and stop scripting, but again, it has the undesired effect of making your browser more distinctive.

Digital fingerprint technology is, ironically, good at tracking those who have taken steps to increase privacy. Using “don’t track” settings, ad blockers, and incognito can also increase digital fingerprinting accuracy. But here are ways to gain more control over your digital fingerprint.

How to reduce the impact of digital fingerprinting on your online privacy

While fingerprinting is necessary for web pages to load correctly, it’s important to ensure your digital fingerprint remains that of your browser only and does not help identify you as a person. To do that, we recommend taking care of your personally identifiable information online. There are several ways to do this.

Use a privacy-focused browser

Some privacy-focused browsers have anti-fingerprinting technology built in. For example, Brave blocks fingerprinting by default, and users can change this to “aggressively block fingerprinting” in the settings. There is also an option to block scripts, although there is a risk of pages breaking as a result. 

The Tor browser was the first to address fingerprinting, and its protection relies on how Tor works. It redirects your connection through at least two layers of nodes, making it more difficult for websites to assemble an accurate digital fingerprint of you. That said, as scripts provide most of the fingerprinting data, you still need to disable them, which will impact how pages load, if they load at all.

Be mindful of the information you share online

As soon as you log into an account, the combined data of your digital fingerprint and the website you are logging into can be used to identify you, especially if you are logging into a social media account where your name, surname, and home address are displayed for everyone to see. Or even if your email address starts with name.surname@.

Use a VPN

While a VPN cannot stop your digital fingerprints from being collected, it makes it harder for sites to determine your location because it masks your IP address. VPNs also encrypt your website activity, making it harder for hackers to identify the person behind the browser.

Digital fingerprints are the future of internet tracking 

In a recent update, Google announced its move away from third-party cookies, supposedly to give more control over ads to users. While it may look like the end of an era, it’s certainly not the end of internet profiling and tracking. Faced with this change and the extensive use of ad blockers, tech firms and other corporations must find new ways to monetize their business, and we, users, must continue to resist. While fingerprinting is difficult to control, we can use secure browsers and a VPN to limit how much of the fingerprint can be traced back to ourselves.