What is the problem?
I am sure many of you already already know what fingerprinting is. If not, this article of the WaPo might be a good introduction.
Why is it important?
Because, if we are not able to reliably resist fingerprinting, neither anonymity nor privacy on the internet can be maintained. Indeed some companies (Google, Facebook, Cloudflare, Wix, Squarespace and, and many more…) have their pieces of codes on many websites. What would then prevent them to recognize us on the many websites we visit (by our fingerprint) and to even know our identity (because they fingerprint us as well when we’re logged in on their own sites)?
According to the WaPo, fingerprinting is simply standard practice for some industries:
I asked 30 of the most well-known to explain their behavior. (See below for a list.) Some claimed it was industry-standard to fingerprint.
Actually, we know for a fact that Facebook currently uses a very similar mechanism with apps on smartphones, where the fingerprint is the advertiserID and the “malicious” code come from their SDK (I’d love to provide the references but “Sorry, new users can only put 2 links in a post.” ).
But I’m getting of topic since I’d like to keep this post centered on desktops & laptops.
So… How to resist fingerprinting with those 3 constraints?
Having ublock origin installed (because it can really be a pain to browse without an ad-blocker)
Being able to browse full screen (because I would like to use my screen as a full screen and not like a tablet )
How do I know if I have succeeded?
- I go on NothingPrivate
- If there is already a name when I arrive on the website for the 1st time ==> Fine, my fingerprint is not unique!
- Else ==> My fingerprint looks unique or, at least, pretty rare; I enter my name and come back some days later to see if it sticks or if it changes.
- NB: I hear your (valid) objections:
- The number of people checking there might be too small to draw conclusions.
- There are other more elaborate fingerprinting techniques not used on that site.
Success and failures:
- My name sticks on NothingPrivate ==> Fail
- NB: disabling all the addons gives the same outcome.
- My name sticks on NothingPrivate ==> fail
- Tails (the version just before 4.0) without any changes (ublock is installed by default on that version of the Tor browser)
- Somebody with the same fingerprint was already registered ==> success!
- So this looks like a solution! But (1) using Tails for everyday browsing is inconvient and (2) it wasn’t even full screen.
- Tails 4.0 without any changes (ublock is installed by default on that version of the Tor browser)
- Fail (nobody was registered yet). But I guess it is simply because no Tails user has already been on NothingPrivate yet , since Tails 4.0 is fairly new.
TL;DR - How do you (reliably) resist fingerprinting with:
- ublock origin installed in your browser
- full screen when browsing
- without using Tails
This was a very looong post so… Thank you for your attention!