- Mar 29, 2018
- 7,105
I just read this article, poached from Wilders: Browser Fingerprinting: An Introduction and the Challenges Ahead | Tor Blog . So I started to re-think this subject after recently testing different forms of tracking protection. The most interesting point raised by the author is that it may be best to use no tracking protection of any kind.
"...
3. Today, there is no ultimate solution to fix browser fingerprinting. As its origin is rooted in the beginning of the internet, there is no single patch that can fix it for good. And as such, designing defenses is hard. A lot of approaches have been tried and evaluated over the years with each their strengths and weakness. Examples include blocking attributes, introducing noise, modifying values, or increasing fingerprint diversity. However, one important observation that has been made is that sometimes having no specific defense is better than having one. Some solutions, because of the way they were designed or coded, remove some fingerprinting vectors but introduce some artifacts or inconsistencies in the collected fingerprints. (my italics)
For example, imagine a browser extension that changes the value of fingerprints before they are sent.
Everything works perfectly except the fact that the developer forgot to override the navigator.platform value. Because of this, the user-agent may say that the browser is running on Windows whereas the platform still indicates it is on a Linux system. This creates a fingerprint that is not supposed to exist in reality and, as such, make the user more visible online. It is what Eckersley [1] called the “Paradox of Fingerprintable Privacy Enhancing Technologies.” By wanting to increase online privacy, you install extensions that in the end make you even more visible than before. ..."
I've done some very initial testing at AmIUnique.org and my experience verifies this conclusion. However, I'll continue informal testing at other sites and to ponder the implications and how best to combat fingerprinting with available technology. Some may disagree but I believe privacy protection is part and parcel of web security.
What do you think about browser fingerprinting and tracking generally? If you use tracking protection, what form do you use? Specific browser? Extensions? VPN or other? Let me know your thoughts.
"...
3. Today, there is no ultimate solution to fix browser fingerprinting. As its origin is rooted in the beginning of the internet, there is no single patch that can fix it for good. And as such, designing defenses is hard. A lot of approaches have been tried and evaluated over the years with each their strengths and weakness. Examples include blocking attributes, introducing noise, modifying values, or increasing fingerprint diversity. However, one important observation that has been made is that sometimes having no specific defense is better than having one. Some solutions, because of the way they were designed or coded, remove some fingerprinting vectors but introduce some artifacts or inconsistencies in the collected fingerprints. (my italics)
For example, imagine a browser extension that changes the value of fingerprints before they are sent.
Everything works perfectly except the fact that the developer forgot to override the navigator.platform value. Because of this, the user-agent may say that the browser is running on Windows whereas the platform still indicates it is on a Linux system. This creates a fingerprint that is not supposed to exist in reality and, as such, make the user more visible online. It is what Eckersley [1] called the “Paradox of Fingerprintable Privacy Enhancing Technologies.” By wanting to increase online privacy, you install extensions that in the end make you even more visible than before. ..."
I've done some very initial testing at AmIUnique.org and my experience verifies this conclusion. However, I'll continue informal testing at other sites and to ponder the implications and how best to combat fingerprinting with available technology. Some may disagree but I believe privacy protection is part and parcel of web security.
What do you think about browser fingerprinting and tracking generally? If you use tracking protection, what form do you use? Specific browser? Extensions? VPN or other? Let me know your thoughts.