Web sites can load a cookie onto your browser with a unique identifier, which allows them to correlate several consecutive website visits.
When cookies are enhanced with personal information, it allows a site to create a tracking profile that acts as a photo ID. Some of the big advertisement giants, like Google, Twitter, and Facebook, possess not only a tracking profile but are capable of going a step even further.
By convincing other websites, blogs, and platforms to integrate little snippets of code, these giants can map your movements around the whole internet. Suddenly, behavior that you think is not connected to your real identity, for example, because you use an alternative email address or connect to a different VPN server, can be traced to you.
However, these identification techniques are relatively easy to defend yourself against: Simply log you out of Twitter, Google, and Facebook and delete all your cookies.
You can use an extension like uBlock Origin and the Privacy Badger to consistently block such third party cookies and trackers (see here for other great extensions for your browser).
Protect against browser cookies
Logging out and deleting your cookies makes it far more difficult for an advertising network to track you across the internet, and it becomes especially hard to identify you uniquely.
However, with a technique called browser fingerprinting, advertisers are still able to probabilistically track you across websites. Browser fingerprinting means advertisers can see you are the same person with a certain likelihood.
How browser fingerprinting works
Your browser sends a number of characteristics so a site can serve a tailor-made version of itself that displays well on your computer. The foremost information includes the HTTP headers your browser is sending.
Your browser will communicate what languages it prefers, the version you’re using, and your operating system. In some cases, the website which referred you to the current site is also displayed (see which headers your browser sends here).
Together with your IP address this information can uniquely identify you, although it is easy to cloak your IP address by hiding behind a proxy or VPN network.
The Panopticlick tracking experiment
Which fonts you have installed or which operating system you use might by themselves not reveal a lot about you, but you could be the only one with this particular combination, allowing you to be identified easily.
For advertisers to track you by browser fingerprinting, browsers, and their settings need to be diverse and stable. In this instance, diverse means a significant number of detectable parameters exist that will differ between users, and stable means that your browser fingerprint does not change over time.
Browser fingerprints are indeed diverse, as you see from the Panopticlick experiment, but they are not entirely stable. Changing some settings, resizing your window, or plugging in a new monitor might all change your browser’s fingerprint.
Canvas data Uses Maverick Techniques to Track You
One particular sneaky method of browser fingerprinting is to ‘canvas’ data. A website will instruct your browser to draw an arbitrary hidden image, then send back a summary of how this image is drawn.
Every computer will draw the image slightly differently, due to different processors and other hardware. These tiny variations in how your browser processes the instructions can be used to identify you. The Tor Browser has a feature that detects when a site is trying to access your canvas data, and gives you the option to not supply it.
Just like other data obtained from fingerprinting users, canvas data by itself is not incredibly useful, although when enhanced with other information it can be used to identify you uniquely.
Defend yourself against internet tracking
Using a standard browser in its default settings, without plugins, fonts, or modifications is a strong defense against being fingerprinted. Theoretically, privacy conscious browsers such as the Tor Browser, especially when used with a standard operating system like Tails, can be an even stronger defense, though in reality these browsers are not widespread, so their very use will stick out as unique.
In general, browser fingerprinting is not a primary concern, and it is far more advisable to defend yourself against more standard and efficient tracking techniques.
Use uBlock Origin and Privacy Badger to block external trackers and advertising networks, don’t allow third parties to set cookies, and regularly remove your cookies.
It’s also an excellent idea to sign into Google or Facebook only in separate incognito windows and to use the Tor Browser as often as possible.
Using the ExpressVPN Chrome extension will not make it easier for a website to fingerprint your browser. The chrome extension can be used to control your ExpressVPN app from the browser conveniently and is undetectable by the sites you visit.
Also published on Medium.