Browser Fingerprinting in Action

The basis of online tracking is the accurate identification of users – you are detected and identified even when you’re just passing through a random website that you are not signed in to. The conventional solution to implement identification and tracking is saving web cookies to the user’s browser.

However, major browsers have already started to take action against this practice. Safari blocks third party cookies by default since 2017, Firefox also does this since 2019, and Chrome plans to join them, too.

As cookie-based tracking becomes more difficult, the tracking business is moving toward different techniques such as browser fingerprinting.

Browser fingerprinting uncovered

The idea behind browser fingerprinting is to collect information about the browser and its environment for the purpose of identification. These attributes include:

  • browser type and version
  • operating system
  • language, time zone
  • active plugins
  • installed fonts
  • screen resolution
  • CPU class
  • device memory
  • and various other settings

The attributes are concatenated into a long string, and the fingerprint is defined as a hash value of the string.

In order to catch real-life browser fingerprinting in action, I’ve analyzed some websites and tried to present reproducible experiments (to some degree – keep in mind that browser fingerprinting can be browser or location dependent, or it can be turned on only for a random subset of IP addresses).

You can read the complete review of the experiment on TechTalks.

Gabor Takacs