Ever get the feeling that you are being tracked by online brands, even though you diligently disable cookies on the sites you visit? So-called fingerprinting enables companies to track your browsing habits in a way that bypasses standard cookie opt-ins. Now though, Mozilla’s latest version of Firefox (Firefox 72) includes fingerprint blocking by default as part of its Enhanced Tracking Protection feature.
Here’s a closer look at fingerprinting technology and at Mozilla’s latest attempts to curb it.
What is digital fingerprinting?
Fingerprinting is based on the notion that each computer or device setup is pretty much unique. Your computer or phone specifications, browser configuration and any associated plug-ins, the video card you use and more: all of this adds up to a specific profile that’s likely to be different to any other device.
Fingerprinting involves analysing how your computer processes certain data to build up a unique profile. This profile can then be used to identify your computer and track your browsing activity across the Web. This information can then be used for website optimisation and (more annoyingly for the user), targeted advertising.
How browser fingerprinting works
Fingerprints rely on the coding features of HTML5, the principal coding language used to construct websites. Specifically, fingerprinting is performed using the HTML “canvas” element, which was primarily designed to create graphics and add images when building websites. That’s why fingerprint tracking is sometimes referred to as ‘canvas fingerprinting’.
There are two layers to fingerprinting:
- Passive fingerprinting. When you access a website, you automatically transfer certain information to that site via an IP packet. The HTTP header data of this packet is likely to include certain limited information about your browser: notably, browser type, IP address and language used. This basic information can be captured without necessarily using a special application (hence the term, ‘passive’ fingerprinting).
What is the difference between fingerprinting and cookies?
Cookies are small files that websites install on a user’s device to record and memorise your behaviour. They can make life easier; for instance, by maintaining your preferences and removing the need for you to re-enter your password each time you visit a site. But the other side of this is that it makes it easier for companies to track you across the web with targeted advertising.
Just like cookies, fingerprinting allows companies to build a unique story about your browser and behaviour. However, it can do all this without the need to install a file on your browser. You can generally choose whether or not to download a cookie – and once installed, you can go to your browser settings to delete it at any time. By contrast, fingerprinting potentially allows companies to track you, without you having any idea that you are being tracked – even when you are in private browsing mode.
What is Firefox doing about it?
Last year, Mozilla launched its Enhanced Tracking Protection feature on Firefox, which was designed to block third-party tracking cookies by default. With the recent release of Firefox 72, Enhanced Tracking Protection has been bolstered to include fingerprint blocking in its standard setting. In short, if you have the latest version of Firefox installed, fingerprinting scripts should be blocked by default.
How does Firefox fingerprint blocking actually work?
According to its recent blog, Mozilla has partnered with tracking protection specialists, Disconnect to deliver its anti-fingerprinting function. This is basically a list-based blocking method: Disconnect maintains a list of companies that it has identified as participants in cross-site tracking and those that are known to use fingerprinting techniques. Firefox 72 blocks all third-party requests from companies that meet both of these criteria.
Test if your browser can be tracked through fingerprinting
Here are two services where you can test your browsers fingerprint uniqueness.
Other good reasons to update Firefox…
According to Mozilla, Firefox 72 fixes 11 security vulnerabilities, (5 ‘High’, 5 ‘Medium’ and 1 ‘Low’). Four of those ‘High’ vulnerabilities have the potential to be exploited by attackers through arbitrary code execution (thereby potentially enabling the attacker access to your files). So even if anti-tracking isn’t on your priority list, updating to the latest version is a no-brainer from a wider security perspective.