What is a browser fingerprint

[Man]

Every user on the Internet is assigned a unique identifier or fingerprint. It contains a lot of information about the settings and functions of the user's browser and is used to identify the user. The fingerprint includes dozens of different parameters - from the language you use and the time zone you are in, to the list of extensions and the version of your browser. It can also include information about the operating system, the amount of RAM, the screen resolution of the device, font settings and much more. This combination of data is called a fingerprint, and collecting this data is called fingerprinting.

Types of prints

• User agent is a browser element that reflects a set of information about the device. Includes browser, software, device, and more;
• Browser language;
• IP and provider data;
• Canvas;
• Cookie;
• Time zone;
• Extensions;
• Font;
• Plugins and their characteristics.

There are more than 50 parameters.

The browser fingerprint is a 32-bit hexadecimal number. The resulting browser fingerprint allows you to track users on the Internet with an accuracy of up to 94%.

Important: Fingerprints, like User agent, in combination only lead to uniqueness, but not to de-anonymization of the user.

Cookies and fingerprints - what's the difference
Cookies are an integral part of many online transactions. Website owners consider them one of the main tools used to track customer activity. But this method is already outdated and ineffective.

There are several reasons for this. Firstly, any user can reject files. Secondly, it is worth turning on "incognito mode" and your presence on the site will become invisible. Cookies send data not only to the resource owner, but also to the user himself, so there is always an opportunity to protect yourself from them.

But with fingerprints, things are different. This method analyzes the information sent by the browser to the site the user is visiting. Several types of data are evaluated, such as language settings, fonts, time zone, screen resolution, installed plugins and software versions. All together, this gives a complete picture of a specific person.

It is important to understand that changing your IP address does not protect your fingerprint.

The Dangers of Digital Fingerprints

• Deanonymization is the number one reason why users should be careful. The system marks your computer with a special digital mark in the form of a hash sum, taken by a special algorithm without your knowledge. In this way, the user can be deanonymized.
• Fingerprints as a cookie regenerator. Many websites use so-called Flash LSO super cookies, which allow cookies to be restored even when they are deleted. Browser fingerprints can not only restore the entire library of cookies, but also track users by their basic network information. In this case, the process of clearing the cookie system becomes meaningless and the site still recognizes the client.

How to understand that a site is taking a fingerprint
We previously explained what a fingerprint is. In this article, we will look at what it is used for, how websites take a browser fingerprint, and whether it is legal.

What is fingerprint used for?
Websites collect digital fingerprints from their visitors to:

1. Fraud and spoofing protection. For example, if the system sees from the fingerprint that the user is visiting the site from an unusual location or an unfamiliar device, it may suspect that the account has been hacked. As a result, your account will be frozen until you personally restore access.
2. Fight bots. For example, if someone tries to create multiple accounts from the same browser, at some point social networks will ban them.
3. Show ads. Fingerprint data: information about location, language, etc. can be used by the site to show ads or exchange with other sites. Unfortunately, this information can work against you.

How to understand that a site is taking a fingerprint​

All major websites, advertising platforms, search engines and social networks are engaged in fingerprinting. They want to collect and know as much information about their users as possible.

It is a two-tier process that runs on both the server side and the user side.

On the server side
Site access logs

In this case, we are talking about collecting data sent by the browser. At a minimum, this is:

• Requested protocol.
• The requested URL.
• Your IP.
• Refer.
• User-agent.

Headlines
Web servers receive them from your browser. The header is important for the requested site to work in your browser.

For example, the header information lets the site know whether you are using a desktop or mobile device. If you are using a mobile device, you will be redirected to the mobile-optimized version. Unfortunately, this same data will end up in your fingerprint.

Hooks
They play a very important role in logging, so you usually have to decide whether to allow your browser to handle cookies or to delete them completely.

In the first case, the server receives a huge amount of data about your device and preferences. Even if you do not accept cookies, the site will still collect some data about your browser.

Canvas Fingerprinting
This method uses the HTML5 canvas element, which WebGL also uses to render 2D and 3D graphics in the browser.

This method basically forces the browser to "force" the rendering of graphical content containing images, text, or both. This process runs in the background and is invisible to you.

Once the process is complete, canvas fingerprinting converts the graphic into a hash, making it the unique identifier mentioned above.

Thus, it is possible to obtain the following information about your device:

• Graphic adapter;
• Graphics adapter driver;
• Processor (if there is no dedicated graphics chip);
• Installed fonts.

User-side logging
This means that your browser is transmitting a lot of data using:

Adobe Flash и JavaScript
When JavaScript is enabled, data about your plugins and hardware specifications is shared with third parties.

If Flash is installed and enabled, it will provide even more data, such as:

• Your time zone;
• OS version;
• Screen resolution;
• Complete list of installed fonts.

Is it legal to collect fingerprints?
Unlike cookies, which cannot be collected without the user's consent, there is no such requirement for fingerprints yet. Therefore, there are no restrictions on collecting a browser fingerprint.

How to change your digital fingerprint​

This is the third part of a series of articles about browser fingerprinting.

From the previous two articles we found out:

1. Fingerprinting is a system of tracking users on the Internet, based on information from the browser and PC.
2. Fingerprints collect a large amount of information from the settings of both the browser and the computer as a whole. These include language settings, time zone, screen resolution, the presence of specific plugins, and much more.
3. If the browser is marked with fingerprints, deleting cookies will have a limited effect. It is more effective to completely change the browser and system settings. The settings should not be too unique, as this will not reduce, but increase the browser's recognizability.
4. It is impossible to completely protect yourself from fingerprinting, but you can reduce the uniqueness.

Who needs to change their fingerprint?
The fingerprint needs to be changed:

• Arbitrageurs, marketers and other digital specialists who use multiple accounts. By changing their fingerprint, they can impersonate other users.
• Anyone involved in the financial business: cryptocurrencies, betting, etc. Likewise, impersonating different users using different fingerprints.
• For everyone who wants to protect their data on the Internet.

Manually
To do this, you need to replace or disable most of the data that makes up your fingerprint. For example:

• Delete cookies before starting a new session;
• Disable Flash and JavaScript. If you disable them, the site will not be able to analyze some of the data that makes up your digital fingerprint, such as fonts;
• Set another operating system language;
• Change the screen resolution of your device;
• Set your browser language to another language and change the zoom level of the web page;
• Disable Canvas. For example, using CanvasBlocker;
• Change your device's time zone.

The advantage of this method is that it is free and does not require additional software, but you will need to constantly spend time performing the same actions. In addition, sites regularly increase the volume of analyzed data, which means you are not able to foresee all the nuances, because the fingerprint will still be able to be recognized.

Web Extensions
There have been products on the market for years that help disguise a real digital fingerprint. Extensions help increase the uniqueness of a browser fingerprint.

Here's what we can recommend:

• Chameleon - modification of user-agent values. You can set the frequency to "every 10 minutes", for example.
• Avast Antitrack removes trackers and hides fingerprints, but it is a paid service.
• Trace - protection against various fingerprint collection options.
• User-Agent Switcher - does pretty much the same thing as Chameleon.
• Disconnect.me - also promises complete protection from online surveillance.
• Canvasblocker - protection against digital fingerprinting from canvas.

VPN
VPN is the easiest way to bypass internet bans in some countries and protect yourself online. It changes your IP, thereby masking your identity, but does not hide data about your browser and its digital fingerprint. It also does not affect cookies.

For this reason, VPN is not enough for traffic arbitrage and cryptocurrency work. It should be used in tandem with other methods.

Anti-detection browsers​

These are special programs that can mask fingerprints. You can set up your own fingerprint or get a ready-made one from the browser. All popular anti-detect browsers cope with this well, so users usually pay attention to cost, convenience and additional functions. It is worth understanding that it is impossible to completely protect yourself from fingerprinting. However, the amount of information collected by third-party services can be reduced.

Firefox Browser
This browser does a good job of masking user data. Recently, the developers protected Firefox users from third-party fingerprinting. But you can increase the level of protection even further by doing the following:

To do this, you need to go to the browser settings by entering "about:config" in the address bar. Then select and change the following options:

• webgl.disabled - select “true”.
• geo.enabled - select “false”.
• privacy.resistFingerprinting - select "true". This option provides a basic level of protection against browser fingerprinting. But it is most effective when selecting other options from the list.
• privacy.firstparty.isolate - change to “true”. This option allows you to block cookies from first-party domains.
• media.peerconnection.enabled is an optional option, but if you are using a VPN, it is worth selecting. It allows you to prevent WebRTC leaks and IP exposure.

We can also highlight other browsers such as AdsPower, Multilogin and Linken Sphere, which replace user data and minimize their footprint on the Internet.

Dedicated servers
Using dedicators (from the word dedicated server) is still considered one of the most effective ways to maintain anonymity. Dedicator is a physically separate machine from which no data is transmitted to your main or working one.

• Pros: Setting up an HTTP/SOCKS proxy or SSH/VPN connection of your choice; Monitoring the history of requests; Saves from attacks via Flash, Java, JavaScript, if you use a remote browser;
• Cons: Relatively high cost;
• Technical knowledge is required for proper setup.

These virtual computers are new and clean for the Internet, and their popularity and effectiveness are largely due to their 24/7 operation and the lack of dissemination of any information about end users or the characteristics of their computers.