Tech Friend is our advice column covering cybersecurity, privacy, and everyday technology. Email your question to techfriend@expressvpn.com. If you have questions about your ExpressVPN subscription or need troubleshooting help, please contact Support.
Reading between the lines
Hello Tech Friend, I know a VPN will hide my IP address, but does it help at all with browser fingerprinting? Thanks!
Submitted by: Michael
In the physical world, fingerprints feature a unique set of swirls, which make them a reliable method for identifying individuals.
When we talk about browser fingerprinting, it’s a reference to various characteristics that, in combination, make your browser unique. These factors include your choice of browser (like Chrome or Firefox), the default language, the extensions you’ve installed, and more. It sounds far-fetched, but these small settings and choices can be unique—no one else in the world uses the exact same ones—and can allow companies to pinpoint you among everyone browsing the internet and collect data on what you’re doing online.
When you visit a site, the server has to look at some information about your browser for the site to work properly. In many cases, that’s all your information is used for. Services like banks might use browser information to stop suspicious activity. But some use browser fingerprinting to track your activity and interests across the internet, then selling the information to data brokers.
And the answer is no, VPNs do not prevent browser fingerprinting. VPNs encrypt your traffic, preventing intruders from seeing what you’re doing online, and give you a different IP address. When you visit a website, the site can still gather information about your browser, even with a VPN turned on.
That said, a VPN goes a long way to keeping your browsing activity hidden, whether it’s from your internet service provider, malicious third parties, or just nosy network admins. VPNs make a big impact because your real IP address carries relatively large risks, even allowing people to look up your location. Your ISP can also in theory connect an IP address to your actual identity and provide that information to governments or other monitors.
By comparison, browser fingerprinting requires more work than simply using your IP address to identify you. Despite that, many of the top websites use this technique to track users.
What characteristics make up your browser fingerprint?
When you go online, data collectors are able to figure out many characteristics about your browser. They do this by examining your web headers and looking at JavaScript code. These details include:
- Your browser (such as Chrome, Firefox, Safari, etc.) and its version
- Browser extensions you’ve added
- Timezone
- Dimensions of your current browser window and its color depth
- Fonts installed
- Whether cookies are enabled
- Language
- Operating system and CPU
- Device memory amount
This is not an exhaustive list but gives a view into the types of characteristics used for browser fingerprinting.
Other common tracking methods
Before we talk about how to prevent browser fingerprinting, let’s briefly go over other ways for websites to track you. These are sometimes confused or conflated with browser fingerprinting and include:
Device fingerprinting
This is where a site looks at the settings of your device, rather than your browser. These include your device screen size and resolution, operating system, time zone, audio and visual capabilities, and more. Similar to browser fingerprinting, this method can narrow down your device.
Tracking your IP address
Your IP address is a string of numbers assigned by your internet service provider when you go online. It identifies a device on a network so other devices can communicate with it. Your IP address also reveals a lot about you by letting websites see your location and easily follow your online activity.
When you use a VPN, all this information is encrypted and becomes unavailable to websites, as they all see the IP owned by your VPN provider, which is shared by many people. Your new IP address can also indicate that you are in a location different from your actual one.
Read more: What can someone do with your IP address?
Cookies
When visiting a new website, you’re usually greeted with a message asking you to accept (or reject) cookies. Cookies are files created by websites that store data on your browsing activity in order to remember you if you visit the site repeatedly. For example, if you accept cookies, a shopping site will likely keep anything in their shopping cart if you close the site and come back another day—and it will forget them if you reject the relevant cookies.
With cookies, the good thing is you can reject them, delete them, or change your browser settings to block them.
Read more: GDPR 4 years on: How data consent changed the internet
How to limit browser fingerprinting
Here are some steps you can take to limit the effectiveness of browser fingerprinting by providing fewer data points, thereby making your fingerprint less unique.
- Use a common browser. By keeping your browser characteristics boring and basic, you can more easily blend in with other users on the internet. One way to do this is to opt for a common browser like Firefox, not something offbeat.
- Use a browser that limits fingerprinting. Browsers like Tor, Firefox, and Brave have built-in tools or specific designs that help limit browser fingerprinting.
- Use incognito or private mode. Using incognito or private mode strips your browser of certain data points, like extensions, reducing the uniqueness of your fingerprint.
- Disable JavaScript and Flash. When JavaScript is disabled, websites won’t have a way to detect certain characteristics of your browser, such as extensions and fonts. However, disabling Javascript could lead to websites not functioning properly.
- Change browsers for private activities. Since it’s so hard to hide your browser characteristics entirely, one line of defense would be to use a different browser for extra-private activities. For example, if you log on to social media using one browser, use a different one for activities which you don’t want to be associated with your social accounts.
Protect your privacy with the best VPN
30-day money-back guarantee
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Comments
what planet are you from? lol
you cant delete all your cookies.
many are burried in your app data and you should not delete anything in app data.
do a search of @cookies and see how many pop up compared to how amny there
really are.
if so has anyone tried it?
this is not a criticism just an observation
thanks david I am a big fan of exp vpn.
What planet are YOU from?
Of course you can delete all the cookies from your browser.
It is your computer and it is patently false to claim you should not delete anything from your user profiles AppData folder. It would be more appropriate for you to admit, due to your limited knowledge, that YOU yourself should not ever do this.
I have been studying several of these browsers, as Microsoft, Google, Apple all have a cloud indirect tracking built in even in an InPrivate or New Incognito modes. I tried the CCleaner browser and it locked up repeatedly due to Window’s cloud shadowing requirements. I also have set all my browsers set to delete history on exit and I also run CCleaner browser clean 100% as well. For those of you that have no idea on cloud tracking maybe the “Tech Friend” will publish an article on this as well. As for now the TOR browser I played with has no cloud tracking, all sites opened in a secure mode, and has DuckDuckGo as default search engine. My TOR browser experience was really slow on loading at times with the Express VPN always turned on or off and a not user friendly on startup. Learn how to clean your cloud tracking as well, as I think I have mine cleaned securely but that may be false security on my part.