Privacy concerns and device fingerprinting

TL:DR – If you’re online, you cannot ensure complete privacy. But, here are some tips on keeping at least some of your private life private.

Often those in power declare that we shouldn’t worry about privacy, they often say “If you’ve got nothing to hide, then you’ve got nothing to worry about”. So let them all have clear bathroom windows and no shower curtains, shall we? Isn’t that a good idea? No? Didn’t think so!

Wanting privacy isn’t about hiding something it is about being in control of what other people can see, whether that’s your bathroom or bedroom habits, your browser medical search history, the niche sites you peruse, the hobbies and habits you have.

Unfortunately, the powers that be, marketers, and many others do not necessarily care about your privacy and in the worst case scenarios can peep through your bathroom window and lift the shower curtain for a good look at your privacy, as it were.

There are various ways in which websites and companies can track users. Some of these tools persist from site to site even if you are not logged in, even if you use an incognito browser tabe, and sometimes even if you’re using a virtual private network (VPN), perhaps even the hyper-private browser Tor. It is likely that many of the methods used break privacy laws and regulations such as GDPR, but the companies and the regulators do not seem to care about this, on the whole.

Here are some of the most common methods:

  1. Cookies: Cookies are small files stored on a user’s device that contain information about the user’s activity on a website. Websites use cookies to remember user preferences, track user behavior, and personalize content.
  2. Fingerprinting: Fingerprinting is a method of tracking users by collecting information about their device, such as the browser type, screen resolution, and operating system. This information is used to create a unique “fingerprint” that can be used to identify the user across websites. There is an excellent and detailed explanation of device fingerprinting here and more on how to test and combat.
  3. Tracking pixels: Tracking pixels are small, invisible images embedded in a website or email that can be used to track user behaviour. When a user loads a page or opens an email, the tracking pixel sends information back to the website or company about the user’s activity.
  4. Web beacons: Web beacons are similar to tracking pixels, but they can also collect information about the user’s location and device.
  5. HMTL5 tracking: HTML5 Web Storage API allows websites to store information on a user’s device, similar to cookies. This information can be used to track user behaviour and preferences across multiple sessions.
  6. WebRTC: An HTML5 feature, can be used for real-time communication between browsers, but it can also be used to obtain a user’s IP address, which can be used to track their location.
  7. Canvas element – Can be used for browser fingerprinting to uniquely identify a user’s device, and the Geolocation API, which can be used to track a user’s location.
  8. Web browser and extension tracking – Some browser extensions and plugins can track user activity and send data back to their servers. Similarly, some browsers themselves may have tracking features or send user data back to the browser developer or other third parties.
  9. Behavioural tracking: Behavioural tracking involves analyzing a user’s activity on a website or across multiple websites to build a profile of their interests and preferences.
  10. Location tracking: Websites and apps can track a user’s location through GPS, Wi-Fi, or IP address.
  11. Social media tracking: Social media platforms track user activity on their sites and across the web.
  12. Mouse tracking: It is possible to identify a user based on the way in which they move their mouse or trackpad when browsing. It is even possible to fingerprint a user from the way they type.

It’s important to note that while these tracking methods are used for various reasons, including personalization and advertising, they can also be used for nefarious purposes such as identity theft or stalking. Therefore, it’s important for users to understand how they are being tracked and take steps to protect their privacy online.

Unfortunately, while you can block and delete cookies and use a VPN to mask your real internet address (IP) it is very difficult to fake your device fingerprint. there are so many factors associated with your device that make it unique, even among millions of other devices (this has been known about since the 90s, if not earlier, I wrote about it on my old Tech Talk website sciencetext.com back then.

If you imagine that you’re protected from device fingerprinting, give this site a click and run some tests. Even if you have do-not-track enabled, cookies blocked, IP obfuscated behind a VPN, and clear all history and data between sessions, your browser version, operating system, screen resolution, plugins, fonts, and many other features of your device setup, will betray you.

Now, there might be a few other people out there who have a similar setup and this would make it hard for trackers to identify you uniquely even with detailed fingerprinting. However, there will always be a few snippets of info that are leaked from your system. Combining the various methods mentioned above and perhaps even using machine learning (AI) will guarantee that a third party, if they so wish, can open your bathroom window and with a little more effort lift the shower curtain, revealing all!

I asked ChatGPT to offer me some guidance:

Here are five steps that users can take to protect their privacy and combat online tracking:

  1. Use privacy-enhancing browser extensions: There are several browser extensions available, such as uBlock Origin, Privacy Badger, and HTTPS Everywhere, that can block tracking scripts, ads, and other invasive web technologies. These extensions can help protect your privacy and improve your browsing experience.
  2. Opt-out of tracking where possible: Many websites and advertising networks allow users to opt-out of tracking. Look for the “Do Not Track” setting in your web browser and consider installing an ad blocker that can block tracking scripts and cookies.
  3. Use a VPN: A virtual private network (VPN) encrypts your internet traffic and hides your IP address, making it more difficult for websites and companies to track your online activity. A VPN can also help protect your data from snooping and other forms of surveillance.
  4. Be cautious about sharing personal information online: Avoid sharing sensitive personal information, such as your full name, date of birth, and address, on social media and other websites. Be wary of phishing scams and other attempts to trick you into revealing personal information.
  5. Keep your software up-to-date: Software updates often include security patches that can help protect your device from malware and other security threats. Make sure to install updates for your operating system, web browser, and other software as soon as they become available.

Device fingerprinting is the most insidious form of tracking and is very difficult to circumvent. One has to assume that governments, law enforcement, as well as corporations, and other entities are well aware of its power and have in many cases been using it for decades.

Here are some tips on reducing your risk of being tracked by device fingerprinting. None of it is foolproof even if you combine all of them diligently.

  1. Use a privacy-focused browser: Some web browsers, such as Tor Browser and Brave, are designed with privacy in mind and include features that can help reduce device fingerprinting. These browsers may use anti-fingerprinting techniques, such as blocking or spoofing browser APIs that can be used to uniquely identify a user’s device.
  2. Disable browser extensions: Browser extensions can add functionality to your browser, but they can also be used to track your activity and collect data. Disable or remove any extensions that you don’t need, and be cautious when installing new ones.
  3. Use a Virtual Private Network: A VPN can help mask your IP address and make it more difficult to track your activity online. Some VPNs also include anti-fingerprinting features that can help make your device less unique.
  4. Change browser settings: Some browser settings, such as blocking third-party cookies and disabling JavaScript, can help reduce the amount of data that can be used to uniquely identify your device. Be aware that some websites may not function properly with these settings enabled, so you may need to experiment with different settings.
  5. Use a different device: If possible, consider using a different device for sensitive activities or for accessing websites that are known to use fingerprinting. Using a device that is less frequently used or that has been reset to factory settings can help reduce the amount of data that can be used to identify your device.