How to Best Explain Browser/Device Fingerprinting?

I’m pretty familiar with the topic of device fingerprinting at this point, and would like a way to break down the concept for someone who’s never heard of it before. What might be a good way to explain it to someone who is completely in the dark?

1 Like

fingerprint is like irl fingerprint it’s just for you & it’s easy to know its you on internat, they doing it by JS (most of it by JS) & websites doing it to know who you are to know what last thing you did there or to track you & sell this data to ADs companies so yeah

1 Like

Everything you do on your web browser (every setting you change, every extension you install, even just changing the size of the window) makes your browser look slightly different to the servers (websites) you connect to. If you make enough of these little changes, they add up to the point where your browser looks completely unique, because nobody else has made exactly the same changes or installed exactly the same extensions as you. This is called your browser’s “fingerprint”, because like fingerprints your browser has become unique.

The goal is to not look unique, because then you stand out. Reducing the uniqueness of your browser’s fingerprint is as simple as keeping extensions minimal (only installing big ones like uBlock Origin or none at all) and not enabling obscure settings like Do Not Track (despite the reassuring name).

2 Likes

That’s why I’ve never made any modifications to Tor (with the small exception of occasionally whitelisting sites on NoScript so they would function - does that make a huge difference?). I don’t add plugins or anything of that nature.

The sites that I had to whitelist usually used JavaScript, Java, or some other language, and often you couldn’t even log in without temporarily allowing these elements.

This topic brings up so many questions!
I’m trying to shrink down my curiosity into two cases. Plus an additional question.
The first one, Firefox browser, without considering any operating system, the second one, tor browser,without considering any operating system.
I find a huge contradiction between the common suggestions for each case.
Firstly, in case of using Firefox, there’s a mostly agreed group of addons to install, plus a great list of additional tweaks in the browsers config. All these addons and tweaks make the browser having a pretty unique fingerprint.
On the other hand though, in case of tor browser, all should be untouched. I get the point here, no question.
The real question is, what are the benefits of tweaking Firefox into having a truly unique fingerprint? Is fingerprinting less common, less harmful or more complex to apply instead of other data mining techniques, which we try to protect against?
After reading the research article from @infosechandbook about JScript fingerprinting techniques, I say, we‘re all f😃cked whatewer we tweak around or not, even whatewer browser is used…
The additional question is, where‘s the border? Can bookmarks be saved without being my browser (any) unique?
Can I have a separate address bar and a search bar, if the browser came with one bar for both out of the box? Can I have a bar below the address bar for bookmarks, rss, etc without inreasing the uniqueness of my browsers fingerprint? and so on…
I‘m appreciating all your replies guys!

1 Like

Actually, I’m not sure where the “border” is - I do bookmark sites on the Tor Browser, because otherwise it’s rather difficult to remember the addresses (particularly the v3 ones!). I don’t add plugins to it, but those are more or less the only modifications I’ve made. Maybe you’re right - we are all f:smile:cked.

Maybe it would help to show people sites like Panopticlick, or Hidester, where they explain some of the things that create a fingerprint.

Things that affect the websites will change your fingerprint. So things like bookmarks have no effect on the page content and therefore won’t affect your browser’s fingerprint. But things like extensions (that block Javascript or CSS on the site) or your window size (which changes the content layout) will affect your fingerprint.

1 Like

Thanks! That makes sense. Maybe you already knew this, but the Tor Browser warns you if you resize the window (sometimes I do it by accident). I’ve also noticed that it warns you if a site tries to extract HTML5 canvas image data.

Speaking of which, NoScript on the latest version of the Tor Browser seems a bit more complex to use, which is why I think it could benefit from a guide! For instance, it’s not immediately obvious where you would go to tell it which sites are non-malicious, etc.