Firefox Blocks Fingerprints

Latest Firefox Blocks Fingerprint Tracking

Ever get the feeling that you are being tracked by online brands, even though you diligently disable cookies on the sites you visit? So-called fingerprinting enables companies to track your browsing habits in a way that bypasses standard cookie opt-ins. Now though, Mozilla’s latest version of Firefox (Firefox 72) includes fingerprint blocking by default as part of its Enhanced Tracking Protection feature.

Here’s a closer look at fingerprinting technology and at Mozilla’s latest attempts to curb it.

Table Of Contents

Add a header to begin generating the table of contents

What is digital fingerprinting?

Fingerprinting is based on the notion that each computer or device setup is pretty much unique. Your computer or phone specifications, browser configuration and any associated plug-ins, the video card you use and more: all of this adds up to a specific profile that’s likely to be different to any other device.

Fingerprinting involves analysing how your computer processes certain data to build up a unique profile. This profile can then be used to identify your computer and track your browsing activity across the Web. This information can then be used for website optimisation and (more annoyingly for the user), targeted advertising.

How browser fingerprinting works

Fingerprints rely on the coding features of HTML5, the principal coding language used to construct websites. Specifically, fingerprinting is performed using the HTML “canvas” element, which was primarily designed to create graphics and add images when building websites. That’s why fingerprint tracking is sometimes referred to as ‘canvas fingerprinting’.

There are two layers to fingerprinting:

  • Passive fingerprinting. When you access a website, you automatically transfer certain information to that site via an IP packet. The HTTP header data of this packet is likely to include certain limited information about your browser: notably, browser type, IP address and language used. This basic information can be captured without necessarily using a special application (hence the term, ‘passive’ fingerprinting).
  • Active fingerprinting. To flesh out the user’s profile, it is possible to use a JavaScript program to obtain further information about the user’s browser and operating system. This includes the browser version, operating system, hardware configuration, time zones and details of installed plugins and fonts.

What is the difference between fingerprinting and cookies?

Cookies are small files that websites install on a user’s device to record and memorise your behaviour. They can make life easier; for instance, by maintaining your preferences and removing the need for you to re-enter your password each time you visit a site. But the other side of this is that it makes it easier for companies to track you across the web with targeted advertising.

Just like cookies, fingerprinting allows companies to build a unique story about your browser and behaviour. However, it can do all this without the need to install a file on your browser. You can generally choose whether or not to download a cookie – and once installed, you can go to your browser settings to delete it at any time. By contrast, fingerprinting potentially ​allows companies to track you, without you having any idea that you are being tracked – even when you are in private browsing mode.

What is Firefox doing about it?

Last year, Mozilla launched its Enhanced Tracking Protection feature on Firefox, which was designed to block third-party tracking cookies by default. With the recent release of Firefox 72, Enhanced Tracking Protection has been bolstered to include fingerprint blocking in its standard setting. In short, if you have the latest version of Firefox installed, fingerprinting scripts should be blocked by default.

How does Firefox fingerprint blocking actually work?

According to its recent blog, Mozilla has partnered with tracking protection specialists, Disconnect to deliver its anti-fingerprinting function. This is basically a list-based blocking method: Disconnect maintains a list of companies that it has identified as participants in cross-site tracking and those that are known to use fingerprinting techniques. Firefox 72 blocks all third-party requests from companies that meet both of these criteria.

You can still visit the blocklisted sites, but the blocking measure prevents those parties from using JavaScript tools (i.e. active fingerprinting) to inspect properties of your device or browser.

Test ​if your browser can be tracked through fingerprinting

​Here are two services where you can test your browsers fingerprint uniqueness.

Other good reasons to update Firefox…

According to Mozilla, Firefox 72 fixes 11 security vulnerabilities, (5 ‘High’, 5 ‘Medium’ and 1 ‘Low’). Four of those ‘High’ vulnerabilities have the potential to be exploited by attackers through arbitrary code execution (thereby potentially enabling the attacker access to your files). So even if anti-tracking isn’t on your priority list, updating to the latest version is a no-brainer from a wider security perspective.

CATEGORIES
  • Ray says:

    Interesting Blog. Being someone who is learning about cyber-security in the
    the hope of one day helping to conquer it.

  • Charlie Stewart says:

    Thank you Nathan, wondered when that was to be fixed and I suppose all the Microsoft browsers will follow. Never stop learning do we?

    • Nathan House says:

      I’m not sure if Edge will follow. Microsoft has the advertising ID on Windows 10. Microsoft’s business model relates to tracking. As for Chrome. Google who develops Chrome has a business model that is reliant on tracking users for the purposes of advertisement. It is not in Googles best interest to restrict its own business model. So there is a conflict of interest between how they do business and privacy. Mozilla the guys behind Firefox have no such business model and need for tracking.

  • 3234 says:

    it says I can be tracked. but I have fingerprinting turned on. and I use the ublock origin extension. so I don’t understand?

  • ROLAND OTABOR says:

    Am a fresh and a beginner here ,yet to know a lot about security.My intention is to develop into big security worker in big companies. I just got a Ghostery protection..How do I know who is and has been tracking me?

  • achillesresolute says:

    Do you really think turning on the fingerprint is going to help the user? What do you think?

    • Nathan House says:

      Turning it on will prevent black listed sites from tracking you via fingerprinting. This will stop some tracking.

  • >