Types and Vulnerabilities
Fingerprinting as Useful Feature
A browser’s fingerprint can be used as a feature as well. For quite some time software vendors use the possibility to create fingerprints from devices to protect against unlawful dissemination of their software. In this process the software vendors create a fingerprint from the hardware of the device. The safety for the user can also be increased. Website operators can regularly check which user is logged in from which browser, so they can react to the case if one account is used by a different browser which might be the case if an account was hijacked. An online banking site can record fingerprints over the last logins and react on different fingerprints by requiring the user to perform an additional security step (e.g. security question, CAPTCHA). This feature can protect the users against foreign accesses on his user accounts.
Impact on user’s privacy
Which privacy impact is expected for the users? As user tracking is been done, the most asked question is: Does a browser fingerprint count as personal data and is it in need of protection? In fact a fingerprint can be assigned to a particular person in a large number of cases and thus identifies a user. Using efficient algorithms it would be possible to (re-)identify users and thus track them over a long period of time. If this data is stored and evaluated, it would be possible to create a profile for a particular user. Correlating a fingerprint with personal data (e. g. first name, last name, address) by using popular social media sites the fingerprint is no longer anonymous. It would be conceivable that website providers, advertisement distributors and secret services use this method to track users and their habits.
Mitigate browser fingerprinting
Summing up it’s to say that even for an experienced user it’s very difficult to not having a unique browser fingerprint. Only with very large efforts and limitations it’s possible to protect effectively from Browser fingerprinting. Especially for a regular user there is no easy mitigation given but usually those users are not bothered enough by this topic to take actions. Possibilities like the Tor-Browser can help but it solves the problem only partially. In a test a browser, a fingerprint of a clean installed Ubuntu Linux without any changes was created. Even in this case, a unique browser fingerprint could be discovered. If you want to test your browser fingerprint, Panopticlick has developed a great tool which is available at (Panopticlick).
Fingerprint of a clean installed Ubuntu Linux (Panopticlick)
Fingerprint of a Tor Browser (Panopticlick)
- Fingerprinting of web browsers and the consequences for privacy - 29. November 2016