Abstract

Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data. The analysis highlights that browser fingerprinting poses a complex challenge from both technical and privacy perspectives, as users often have no control over the collection and use of their data. In addition, it raises significant privacy concerns as users are often tracked without their knowledge or consent.

Methods of Browser Fingerprinting

  • A. HTTP Header Attributes
  • B. Enumeration of Browser Plugins
  • C. Canvas Fingerprinting
  • D. WebGL Fingerprinting
  • E. Audio Fingerprinting
  • F. Font Fingerprinting
  • G. Screen Fingerprinting
  • H. WebRTC Fingerprinting
  • I. CSS Fingerprinting
  • J. Additional JavaScript Attributes
  • K. Advanced Techniques Using Machine Learning
1 point

those values are in no way random enough to be sure you’re tracking a single user. it could be one or 1000 you’re tracking. just because there’s theoretically enough bits, doesn’t mean they are all used. you can’t use it to log people in, for example, you’ll end up with people in other peoples accounts occasionally. IMO it’s just a big scare.

permalink
report
reply
3 points

Because when you collect tracking data for sale you don’t care about every specific data point. You sell the data that is clean enough and scrap the rest, that’s why tor browser recommends using the same window size for everyone, for instance, to make you indistinguishable and useless as a data point

permalink
report
parent
reply
1 point

but you don’t know how clean it is.

it will never be completely useless tho. it just means all tor browser users who use this window size will get the same ads. for advertisers it’s still better than not knowing anything. they know there’s a group of people and some of them are into dragon dildos and some like to buy used underwear for example and then everyone in the group gets related ads if an advertiser decides to use it.

permalink
report
parent
reply
2 points

Personally, I’m okay with getting average ads, the less targeted ads are, the less chance it will have any effect. If course, it’s better to use blocker to not see ads at all, but I don’t always use it

permalink
report
parent
reply
3 points
*

Why is TLS fingerprinting not mentioned? This is what CloudFlare uses and it’s highly effective (unfortunately). It doesn’t even require any use of HTML, CSS or JavaScript, and so can even identify non-browser things.

permalink
report
reply
3 points

because it just identifies browser builds

permalink
report
parent
reply

Privacy

!privacy@programming.dev

Create post

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

Community stats

  • 107

    Monthly active users

  • 125

    Posts

  • 769

    Comments