How does browser fingerprinting work?

What is browser fingerprinting?

Nowadays, most people are familiar with cookies – information stored in browsers that helps websites keep track of our settings and track our actions online. Many users know how to delete cookies or navigate in private mode hoping that this will grant them privacy and prevent companies from following their actions online.

However, there is a technique that allows to track the user online without the need for cookies called browser fingerprinting. One might think that just based on some general system settings it would be hard to tell computers from one another, but the blend of our systems’ settings makes them quite unique and it’s usually possible to tell them apart.

Browsers automatically send many bits of information about a machine whenever they make a petition to the website server.  These technical non user-specific details usually help with communication between the browser and the server, such as serving a correct version of the website for specific browser. One of the most common pieces of information shared is the user agent. For example, user agent for a Windows 10 machine that uses Edge browser would looks something like: ‘Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246‘. This string identifies the operating system and the specific version of the browser. This information is automatically sent in the headers when a website is loaded.

Other pieces of information that the browser can access are: screen size, timezone, system fonts, language, video and audio hardware available etc. Fingerprinting can also perform operations with audio or video hardware to create unique hashes. Using a protocol called WebRTC it can even be possible to discover user’s IP behind a VPN. Even though fingerprinting doesn’t contain any personally identifiable information, it allows to identify users browsing on different website without his knowledge or consent.

Can browser fingerprinting be prevented?

Most browsers can be configured to make fingerprinting much harder, but it’s hard to prevent it completely, since browsers might need access to many of the functions that make fingerprinting possible just to display websites correctly or user advanced functionalities like videochats.

If you’re interested in fingerprinting you can check out: https://coveryourtracks.eff.org/. This website will tell you which techniques can be used to identify your browser and how unique your signature is. It’s quite eye-opening to see what information about your computer is available every time you access a website and how unique it is.