Homepage

Effectiveness of Fingerprinting Countermeasures

Logo

Advertisement

Study into the Effectiveness of Fingerprinting Countermeasures

A common technique that is used by organizations and websites is fingerprinting. It is either done on its own or through a complementary method to identify and track internet users.

Two core approaches are used by fingerprinting, in order to assign unique identifiers for internet users. Data is transmitted automatically using the first approach which means that when the users connect to the website, they would be assigned a fingerprint. The operating system, version and web browser or even the language falls within that group. The second approach uses the APIs which the browsers support to retrieve and generate any additional data points.

Techniques

Some techniques have made it possible to identify users across browsers and sessions. One of the studies that had been conducted in 2013, suggested that fingerprinting techniques are used by at least the top 1% websites.

In order to test fingerprinting, internet users may run tests such as Panopticlick 2 or Browserprint. Extensions can be installed by the users to block or detect certain attempts that are made at the collecting data points which might be used for distinguishing users from others.

Research Paper

If one looks at the research paper FP-Scanner by Romain Rouvoy, Walter Rudametkin, Pierre Laperdrix, and Antoine Vastel, in which privacy implications of browser fingerprint inconsistencies had been studied; it shows that anti-fingerprinting techniques are normally not as effective as the developers claim them to be.

Results of the Research

Browser fingerprinting countermeasures had been investigated by the researchers and they found out that these techniques do introduce some inconsistencies and how user privacy is impacted by this. The results have been surprising, not only would it be possible to identify the altered browser fingerprints, but it is also possible for the original values of fingerprint attributes to be uncovered, which had been altered by the users (via plugins or extensions).

A fingerprint scanner had been designed by the researchers, the FP-Scanner. It was used to explore the fingerprint attribute inconsistencies that had been introduced by the countermeasures so as to detect if a given fingerprint would be genuine or not. A large number of attributes have been detected by the scanner such as screen resolution, fonts, platform, HTTP headers and more. The scanner checks those using different methods in order to find out if they are fake or genuine.

Firefox

Firefox fingerprint protection feature was used as an example. It needs to be switched on by users. The user agent of the browser is changed by it to a generic one. The developers help provide an analysis for the canvas fingerprint spoofer, random agent spoofer, user-agent spoofers such as the Brave browser, canvas FP block, and canvas defender, and other anti-fingerprinting techniques.

Conclusion

It was concluded by the researchers that the anti-fingerprinting techniques in the browsers might actually lead to the users becoming more trackable rather than less. It is due to the inconsistencies that are introduced by them. Therefore, if the research is broken down, one can come to the conclusion that most of the countermeasures that are taken are ineffective and it is possible for the inconsistencies to be detected.