How to Counter Device Fingerprinting

We already discussed that device fingerprinting identifies you, even without cookies or divulging personal information, to create an personalize profile on you. Unfortunately, device fingerprinting is difficult to thwart, but not impossible. This article endeavors to minimize your fingerprint to reduce targeted ads or other data collection goals.

Two Theoretical Ways


There’s two approaches to avoid being fingerprinted:

  1. Block a site or network’s ability to fingerprint you. This approach would stymie technologies that are used to extract information from you. Disabling scripts, installing privacy add-ons and enabling Do No Track requests are such techniques.
  2. Keep yourself as generic as possible. This approach attempts to use the same setup as the majority of users, so you’re effectively lost in the crowd.

A Paradox


Unfortunately, neither approach is sufficient by itself. It’s nearly impossible to appear utterly generic, because there’s just too much information available unless you restrict the ability to collect such data. However, simply installing privacy add-ons or enabling privacy settings sets you apart from the masses and makes you more identifiable. This paradox is why it’s so difficult to avoid being fingerprinted. Thus, the best strategy is a combination of both circumvention approaches.

 

Helpful Steps


  1. Use a newly installed, unmodified version of Windows 7. According to NetMarketShare’s August 2016 Desktop Operating System Market Share report, 46.25% of all desktop users use Windows 7. This doesn’t mean your copy would be unrecognizable, but it does place you in a larger pool of users and you avoid the tracking of later versions of Windows.
  2. Install a clean copy of Google’s Chrome browser. According to NetMarketShare’s August 2016 Desktop Browser Market Share report, Chrome represents 53.97% of all desktop browsers currently out there. Again, that doesn’t mean you’re just one of 53.97% of Internet users, because plugins, settings, versions, etc., reduce your entropy, but it again enlarges the pool of similar users.
    According to that same report, Firefox is a measly 7.69%, but StatCounter states Firefox has 15.6% market share, similar to all versions of Internet Explorer combined. Thus, Firefox is another good option, one I personally respect for its open-source nature (Chrome might be based on the open-source Chromium, but it’s not fully open-source itself).

  3. Migrate between different browsers. There’s no reason you can’t use Chrome and Firefox or even Internet Explorer for some tasks. You could also install portable versions of Chrome and Firefox and have multiple versions of each portable browser, bouncing between them all for different tasks, experimental settings, or just to confuse collectors.
  4. Use Tor Browser. According to the Electronic Frontier Foundation’s Panopticlick project, Tor Browser is “a strong defense against fingerprinting.” Unfortunately, Tor is comparatively slow, because it bounces your connection all around the world through other Tor users’ nodes. But even more unfortunate, according to Wired, using Tor (or just reading about it) can get you on the NSA’s watch list. So really, Tor might be a little overkill to protect against, for example, targeted ads.
  5. Keep your system, browser and plugins updated. Most systems and browsers enable automatic updates, which logically means more users will be using the latest versions than outdated ones. Therefore, not only do you keep up with the latest security patches, you also increase the pool of similar users.
  6. Disable JavaScript. Disabling JavaScript goes a long to toward mitigating being fingerprinted, because it stops most active collection of data. Unfortunately, disabling JavaScript also prevents most websites from functioning properly. One easier way around that is to install NoScript, so you can selectively enable scripts on trusted sites, temporarily or permanently.
  7. Install Privacy Badger. The EFF’s own Privacy Badger is a great Firefox/Chrome tool to disable tracking. Granted, installing this plugin increases your identifiableness, but it then takes away available information from trackers, so the end result is still positive. It also enables Do Not Track, so you don’t have to manually enable this browser setting. One downside is it sometimes “breaks” webpages, and it isn’t always obvious why.
  8. Use Privacy Mode or clear all cookies after your browsing session. Some settings, including logins, will also cease, so you’ll need to select them again in your next session. You could also just disable third-party cookies, if you’re primarily worried about advertising companies; this setting could add a small amount of identifiableness, but it should reduce more than it adds.
    Note cookies can also be reissued automatically by “supercookies,” but disabling JavaScript goes a log way toward preventing supercookies. One final clarification: Cookies themselves don’t add to your device fingerprint, but they can be used by themselves to identify you.

  9. Uninstall Flash. It’s a security risk, a privacy risk and adds to your fingerprint. This will prevent some websites from working properly, but even sites like YouTube are making the switch to HTML5 instead.
  10. Use a popular VPN service. Note that people often overstate the advantage of using a VPN to foil fingerprinting, so let me set the record straight: A VPN does not eliminate your IP address; it masks your real IP with the IP of the VPN server. That means you’re still providing an IP address that can add to your fingerprint, even if it’s not your own.
    If you always use the same VPN server that very few people ever use, you’re really no better off; you’ll still reap other benefits of a VPN, but not when it comes to fingerprinting.
    Therefore, if you’re worried about being fingerprinted, choose a popular VPN that many people use and change your server from time to time. That will improve the effectiveness of your VPN by increasing the pool of similar users and offer drastic, periodic changes to your IP address.

  11. Experiment. Go to the EFF’s Panopticlick website and test how identifiable you are after making small changes. Use the settings that afford the greatest protection, measured as the lowest bits of information conveyed.

Leave a Reply

Your email address will not be published. Required fields are marked *