![]() ![]() Tor Browser was the very first browser to address the problems posed by fingerprinting as soon as 2007, even before the term “browser fingerprinting” was coined. Hopefully, as we will see in the next sections, a lot of progress have been made to prevent users from having unique values in their fingerprint and thus, avoid tracking. In that case, no need for a cookie with an ID in it, the fingerprint is enough. Second, if one attribute of your browser fingerprint is unique or if the combination of several attributes is unique, your device can be identified and tracked online. Any script running in your browser can silently build a fingerprint of your device without you even knowing about it. First, there is no need to ask for permissions to collect all this information. What makes fingerprinting a threat to online privacy? With the data that we collected from more than a million visitors, we got invaluable insight into its inner-workings and we pushed the research in the domain forward. It is a website that I launched in 2014 to study browser fingerprinting. If you want to see your own browser fingerprint, I invite you to visit. This example is a glimpse of what can be collected in a fingerprint and the exact list is evolving over time as new APIs are introduced and others are modified. Here, the laptop is using an Intel CPU with a Kaby Lake Refresh microarchitecture. ![]() Finally, the WebGL renderer gives information on the CPU of the device. The “-120” for the timezone refers to the GMT+2 time. The “content-language” header indicates that the user wants to receive her page in English with the “US” variant. The “user-agent” indicates that the user was using Firefox version 67 on the Fedora Linux distribution. The information in the fingerprint was collected via HTTP with the received HTTP headers and via JavaScript by running a small script. In Figure 1, you can see a browser fingerprint taken from my Linux laptop. ![]() However, all that information that is freely available to optimize the user experience can be collected to build a browser fingerprint.įigure 1: Example of a browser fingerprint from a Linux laptop running Firefox 67 Here is the model of my graphic card so that the game I’m playing in my browser can chose graphic settings for me.”Īll of this makes the web a truly beautiful platform as it enables us to have a comfortable experience browsing it. Here is my platform so that the website can give me the right version of the software I’m interested in. “Here is my timezone so that I can know the exact start time of the NBA finals. To offer an experience that is optimized for every device and usage, there is still a need today to share configuration information with the server. ![]() We can also use a very wide variety of devices from tablets, smartphones or laptops to connect to it. We can listen to music, watch videos, have real-time communications or immerse ourselves in virtual reality. The web as a platform is a lot richer in terms of features. In 2019, the user-agent header is still here but a lot has changed since then. In the nineties, this started the infamous era of the “Best on IE” or “Optimized for Netscape.” This informed the server on the browser being used so that it could send the device a page that was optimized for it. To remedy this problem, browsers started including the “user agent” header. Since the very beginning of the web, browsers did not behave the exact same way when presented with the same webpage: some elements could be rendered improperly, they could be positioned at the wrong location or the overall page could simply be broken with an incorrect HTML tag. Let’s get started! What is browser fingerprinting? What is it? How is it used? What is Tor Browser doing against it? In this blog post, I’m here to answer these questions. In the past few years, a technique called browser fingerprinting has received a lot of attention because of the risks it can pose to privacy. ![]()
0 Comments
Leave a Reply. |