Most people have never heard of browser fingerprinting before – but it's a growing problem. Browser fingerprinting is a highly accurate way you can be identified and tracked whenever you go online, even if you're using a good VPN service and other privacy measures.
Luckily there's a relatively simple solution to this complex problem.
But first, exactly what is browser fingerprinting?
Whenever you go online, your computer or device provides the sites you visit with highly specific information about your system and settings. The use of this information to identify and track you online is known as device or browser fingerprinting. Researchers have found this method of identification to be extremely effective.
Why is this being done?
Your data is valuable.
The online advertising industry will use every resource available to acquire your data and track your internet activity. Tracking and data collection is a big business because more data means more advertisement revenue. Some websites also use browser fingerprinting to detect potential fraud, such as banks or dating websites (so it's not all bad).
You can test how easy your device is to identify at the website amiunique.org, which has collected over 150,000 different device fingerprints for research purposes. The site will render your device fingerprint and assess how “unique” you are based on the following inputs:
- the User agent header
- the Accept header
- the Connection header
- the Encoding header
- the Language header
- the list of plugins
- the platform
- the cookies preferences (allowed or not)
- the Do Not Track preferences (yes, no or not communicated)
- the timezone
- the screen resolution and its color depth
- the use of local storage
- the use of session storage
- a picture rendered with the HTML Canvas element
- a picture rendered with WebGL
- the presence of AdBlock
- the list of fonts
Another great browser fingerprinting test is Panopticlick, which is a project run by the Electronic Frontier Foundation (EFF).
Will browser add-ons keep me safe?
While many people recommend a big list of privacy add-ons and extensions for your browser, this actually makes you more unique and easier to track. The catch-22 here is that the more browser plugins and add-ons you use, the more you stand out from all the other users online.
Even if you're using a standard, “plain vanilla” browser, such as Firefox or Chrome, without any modifications or add-ons, you can still be tracked through the use of other inputs. As shown in the list above, there are lots of other values that can be used to create a unique fingerprint, such as WebGL and hardware configurations.
Fortunately there's a relatively simple solution that does a great job of protecting your unique identity.
Use the Tor browser
One of the best (and simplest) solutions against browser fingerprinting is to use the Tor browser.
What is the Tor browser?
The Tor browser is simply a hardened and protected version of Firefox. It includes numerous privacy and security modifications that are built into the default version:
- HTTPS Everywhere
- Anti-tracking features
- Canvas image extraction blocked
- WebGL blocked
- Operating system cloaking (shows as Windows 7 for all users)
- Timezone and language preferences blocked (plus many more…)
The key here is to use the default version – the developers do not recommend adding any plugins or extensions, because this would again make you stand out from all the other Tor browser users.
The default version of the Tor browser is configured to run with the Tor (anonymous/onion) network. While the Tor network does have added benefits in terms of privacy, it also has a number of disadvantages:
- Your internet speed will be reduced to around 2 Mbps, making streaming videos or music nearly impossible
- Tor is vulnerable to IP leaks, especially when used on Windows
- Tor is not safe to use when torrenting (see the Best VPNs for Torrenting guide, instead)
- Tor is still funded by the US government, and some consider it to be compromised
The good news is that you can use the Tor browser with a virtual private network (VPN) instead of the Tor network.
Browser fingerprinting solution
The best combination for privacy, security, and performance is to use the Tor browser together with a good VPN. This gives you all the benefits of the Tor browser mentioned above, along with the following advantages of a good VPN:
- excellent speeds (100+ Mbps with some providers)
- strong 256-bit AES encryption for all your internet traffic
- hide your true IP address/location through self-selected VPN servers (also leak proof – if using a good VPN)
- access geo-restricted content anywhere in the world
- multi-hop VPN chains are available with some providers (Perfect Privacy, ZorroVPN, and VPN.ac) – this provides a very high level of anonymity
Caution: The VPN benefits listed above only apply to good VPNs. There are quite a few sub-par VPNs that are dangerous/insecure and should be avoided – see the VPN Warning List for examples.
You can implement this setup with two simple steps.
Step 1: Download Tor, disable Tor network
Here's how to download the Tor browser and disable the Tor network (see images):
- Download the Tor browser for your operating system.
- In the Tor browser go to the Options button (three lines in the top right corner) and select Preferences icon (image).
- Select Advanced > Network > Settings (image)
- Select No proxy > OK (image)
- Type about:config into the URL bar and hit the enter/return key
- In the search box enter network.proxy.socks_remote_dns and then double click to disable (image)
- To completely disable the Tor network, go to the search box again and enter extensions.torlauncher.start_tor and then double click to disable (image)
Step 2: Use a good VPN
While a good VPN will help protect your privacy and security, there are many VPN scams and shady VPNs popping up lately. With all of the confusing/contradictory “reviews” appearing online, there are two main factors to focus on when selecting a VPN to protect your privacy:
- Jurisdiction – Where the VPN is legally based determines what laws and government it falls under. This has serious consequences for user privacy and data security. If the VPN is operating in a bad jurisdiction, such as the United States, UK, Australia or other 14 Eyes countries, authorities could easily force VPNs, data centers, or server hosts to log and hand over customer data.
- Test results – Many VPNs that look great on the surface do not actually perform well in testing. This is especially true because low-quality VPNs will leak IP addresses and DNS requests. You can see the test results for all the VPNs we've examined in the different VPN reviews.