• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
RestorePrivacy

RestorePrivacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Browser Fingerprinting
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Skiff Mail Review
    • Runbox Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Browser Fingerprinting
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Skiff Mail Review
    • Runbox Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

Persistent Fingerprinting Beats Most Modern Browser Protections

March 21, 2023 By Heinrich Long — 10 Comments
Persistent Fingerprinting Beats Most Modern Browser Protections

Current web fingerprinting solutions can still bypass most privacy protections offered in modern web browsers, persistently tracking users and identifying them.

This applies even in cases where the user has wiped their browser’s cache and restarts them or when they use a VPN connection.

A software developer using the moniker “Bitestring” tested an open-source tool released by a company that offers “fingerprinting as a service” to websites against Chrome, Firefox, and Tor, and the results are worrying.

What Is Web Fingerprinting?

Web fingerprinting is a sophisticated tracking method that can identify users across multiple sessions and websites without using cookies or other persistent storage.

Fingerprinting works by analyzing a user’s web browser and hardware configuration to generate a unique ID. For example, websites employ fingerprinting libraries to collect data from JavaScript APIs offered by browsers, including browser version, number of CPUs, screen size, codecs, and more.

Because this data does not need cookies to collect, existing protection systems are weak against fingerprinting. Moreover, there are enough data points that can be freely collected to help websites create unique visitor IDs with high confidence.

The main problem with web fingerprinting is privacy invasion, as it allows websites, online services, and third parties to profile, track, and identify users across multiple browsing sessions and websites without their consent.

If a user visits multiple websites that use common fingerprinting technologies, third parties could create detailed profiles about their interests, preferences, and habits, deliver personalized ads across the sites, and deanonymize them even when the user actively tries to avoid that by using a VPN, for example.

Browser Test Results

In this case, the software developer tested the solution of FingerprintJS Inc., which offers a live fingerprinting demo on its website, claiming accuracy of 99.5%.

The service claims that it can persistently track website visitors for years, even after multiple browser upgrades using a combination of fingerprinting, fuzzy matching, and server-side techniques.

The researcher visited the test page and got a tracking ID. Then he cleared the cache and browsing data and revisited the test page, which counted this as a second visit, although that shouldn’t be theoretically possible.

Next, he cleared the browser cache and all data and launched the browser on private mode (incognito), and yet FingerprintJS’s tool still assigned the same visitor ID, counting this as the third visit.

Chrome visitor getting persistently identifier as the same user
bitestring.com

This applies to both Firefox and Chrome but not to Tor, for which the fingerprinting tool generates a new ID on each new visit.

Fingerprinting tool returning a new visitor ID each time on Tor
Restore Privacy

This is because Tor relays user traffic via network nodes, so each time, the exit node is different, and the real user’s IP address and hardware data remain adequately masked.

How to Protect from Fingerprinting

The apparent solution to fingerprinting is to use the Tor browser, however, this may not be for everyone, as regular browsing with Tor is rather slow and cumbersome.

Another solution would be to enable the “resistFingerprinting” feature on Firefox, which yielded good results in the test, tricking FingerprintJS’s tool into generating a different visitor ID on each visit.

Firefox’s “resistFingerprinting” working as promised
bitestring.com

This feature, which is also available for Firefox for mobile, was initially contributed to Firefox by the Tor Project. It works by masking most of the data points websites collect to achieve fingerprinting, like CPU core count, timezone, screen resolution, user agent, etc.

If you’d rather use a Chrome-based browser, Brave would be the best bet. The browser randomizes the fingerprint for each session, making persistent tracking harder, although not impossible.

About Heinrich Long

Heinrich is an associate editor for RestorePrivacy and veteran expert in the digital privacy field. He was born in a small town in the Midwest (USA) before setting sail for offshore destinations. Although he long chafed at the global loss of online privacy, after Edward Snowden’s revelations in 2013, Heinrich realized it was time to join the good fight for digital privacy rights. Heinrich enjoys traveling the world, while also keeping his location and digital tracks covered.

Reader Interactions

Comments

  1. xilg

    April 19, 2023

    I use Fingerprint Spoofing extension which is available for Chrome and Firefox. I find it simple to use and not complicated like canvasblocker. However, both extensions seem to be no longer supported.

    Reply
  2. glix

    March 27, 2023

    For those of us who have resistFingerprinting set to false because they can’t deal with the constantly changing zoom levels of web pages, I’m happy to report that the CanvasBlocker add-on for FF (https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/) seems to do a good job of generating a different fingerprint for every session. As far as mobile browsers, I was surprised to discover that Mull and FF did not seem to be able to defeat fingerprinting (at least not out of the box) although Fennec F-Droid did.

    Reply
  3. abaabdella

    March 24, 2023

    I tested the Brave browser, but it did not change, knowing that it is strict, while Firefox was changing with each session with modification and adding script, ublock and canvas

    Reply
  4. Anony

    March 22, 2023

    Question to founder: why don’t you create a forum for yourt website? I mean old school phpbb type! no facebook groups, but real disccussion forum! I would like to be a member! Because, your site is must have in a bookmakarks! My go to information about privacy!

    Reply
  5. JuhaT

    March 22, 2023

    I use “Temporary tabContainer” extension for Firefox and I get new fingerprint every time in the live fingerprinting demo. The extension works fine with multi-account container.

    Reply
    • JuhaT

      March 22, 2023

      I am so sorry, my experiment isnt entierly true. I forgot I had canvas defender extension (hidden in Firefox) enabled. When I disabled it, I got the same fingerprint.. If I disable temporary containers and just run Canvas defender, then it gets the same fingerprint every time also. So my conclution is that you get a new fingerprint every time. when both extensions are enabled.

      Reply
  6. Dixon

    March 22, 2023

    I used Firefox with ArkenFox’s userJS, Chameleon, CanvasBlocker, and UBlock Origin and got a different user session every single time I switched VPN servers (5/5)

    I succeeded twice using Brave (Fingerprinting set to aggressive) with UBlock Origin.

    Reply
  7. Jack

    March 21, 2023

    Thanks for the test and your dedication. Have you tested Brave or Firefox with other browser add ons like canvas blocker, ublock, and clearurls? I have had a hard time with firefox and various config changes. Also how do you feel about eff.org’s cover your tracks tool that doesn’t require creating an account?

    I am working with friends who expressed interest in helping their online privacy and we are finally at the part where hes ready to use tools in addition to a change in his habits and his specific “threat modeling”.

    Respectfully

    Reply
  8. Duff

    March 21, 2023

    I’ve apparently visited 13 times before from 9 different IP addresses including 5 incognito sessions. I don’t do incognito. Ever.

    In the past, fingerprinting type sites have always shown me to be unique. Running Gentoo, compiling everything just as I want it, having an oddball mix of hardware and so on does make for a very unique system. I’ve been running Librewolf lately and I’ve been forced to turn on resistfingerprinting because audio from several sites won’t play correctly otherwise (it’s a Firefox/Linux thing.) It seems this has at least made me a little bit harder to uniquely identify. It does take some getting used to, but I live with it. Tor has always seemed useless to be because more and more sites block exit nodes all the time.

    I do use a VPN, but it just routes me through a personal VPS, and I only do it because my ISP tracks *everything* I do and this way all they see is copious amounts of traffic going over a tunnel. They’re welcome to the traffic my archiveteam warrior client generates.

    Reply
  9. D

    March 21, 2023

    Congratulations! for your great post Heinrich. I learnt a lot from you.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browser
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN [63% Off Coupon] or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

RestorePrivacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

RestorePrivacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP