Cookies, Browser Fingerprinting, And How You Can Delay The Death Of Online Privacy

No matter who you are or where you are, you're all unique. And this makes everyone of us special. The same goes when you browse the web.

The bitter truth about online usage is that, all of our activities are tracked. From the sites we visit, every button we click and so forth. What we do online is being tracked. Whether it's by the governments, advertisers, Internet Service Providers (ISP) or other organization, they're doing this to know more about you.

Because again, we are all unique.

The data collected from you, can be stored, shared and even potentially be used against you.

But for the most of us, our online data is used by online companies that sell advertisements. Most notably Google and Facebook. They track users to deliver better user experience, as well as to deliver better ads in order to get more revenue.

Spy

There are ways to prevent these sneaky trackers. But to know how to avoid them, you need to first know what you are dealing with.

Web trackers refer to the act of getting and storing users' online activities over multiple different web pages and sites. The data gathered by these trackers can be used to better understand the users.

Those highly personal information is stored by the companies, in which conclusion can be drawn. From financial condition, job, approximate age, interest, holiday plans, hobby, shopping plans, sexual orientation, health, political views, habits, religious beliefs and many many more.

The data points can then be linked to individual users using unique user identifier.

The purpose of tracking users may vary from one company to the other. But most of the time, it's all about to understand who are the visitors and to know what they like.

To track users, many use what's called 'cookies'.

A cookie is a small text file that is stored on users' computer or mobile device for a certain period of time after visiting a site with trackers available. It may contains, for example, log in data or the current content of your shopping cart. Browser cookies are used to 'mark' visitors of a website in order to recognize them and their settings later on.

Cookies are the most common method of tracking users across multiple websites. Third-party tracking cookies store data about visited websites to log the user’s browsing history over a long period of time. They can land on your device through many forms, including via embedded image files (advertising banners or counting pixels).

Fortunately, cookies are easy to deal with. You can just delete them, or block third-party cookies on your browser' settings.

And this annoys marketers. So it's no secret that they move on from depending entirely on cookies, and seek for other replacements, or as backups from which deleted cookies can be respawned. One of which, is called browser 'fingerprinting.

The practice can be described as a way to identify devices or visitors to the site via user browser configuration settings or other discernible characteristics. The technique has proven successful because its obscure, and can't be deleted.

It involves assigning a unique ID that users can't delete. This ID identifies users uniquely based what they have, and not by who or what they are.

For your browser to show the content of the web you asked it to show, it needs to ask the site's web servers for data. To do this, it uses HTTP protocol. After that, the transferring of contents from the web server to your browser takes place via IP packets, which also contain information on the client (in addition to the user data). This data can be used on the server side to determine the browser fingerprints.

There are basically two types of browser fingerprints:

  1. Passive fingerprinting: Which collects browser information without using a special application. This information is often contained in the header data of the IP packet by default, and always reaches the web server. This can include the IP address, the port used, and the browser type. Basic configurations such as the desired data types (HTML, XHTML, XML), character sets, or languages can also be included. In some cases, the HTTP header also provides information about the operating system and the source page used.
  2. Active fingerprinting: Having the browser to specifically query information that isn’t automatically provided when a web resource is accessed. This query can be done with JavaScript applications or plugins that extend the browser’s functionality. This enables extra information to be extracted from the browser. This can include details about users' operating system, user’s screen size, fonts installed, timezone and others.

The combination of those varies greatly among one browser to another. This makes it sufficient to tell any two browsers apart with great accuracy.

The Electronic Frontier Foundation stated that users had a 1 in 286,777 chance of sharing their fingerprint with somebody else.

With this high accuracy, companies can use the fingerprinting technique as a fall-back 'respawning' technique when cookies are not available.

Cookie - Fingerprinting

Using the two methods, companies that utilize web trackers can collect massive amount of data from which they can create detailed user profiles, and use them for marketing purposes.

The more advertising companies knows about their users, the more money they can earn from advertisers. This is because their ads can follow users around with great accuracy, increasing the chances users will click or engage with the ads.

Other strategies companies can use to track users, include: using web beacons, server logs, browser user-agent and Flash cookies.

Protecting Yourself

Web trackers work astoundingly well, and there is no easy and sure way to avoid them.

If you don't care much about personalization and preferences, you can first try your browsers' basic protection against cookie tracking. For example, you can specify whether a cookie should or should not be stored after you exit the browser. You can also block cookies in your browser settings, which is indeed a convenience.

With browsers having the option to set up user profiles, you can also use it to rid cookies.

Another option is to use private browsing mode, Incognito or others similar. This 'privacy browsing' mode available in all major browsers disables history, web cache and also cookies. This allows you to browse the web without having the browser to store local data that could be retrieved at later times.

If you want to go to the more extreme, you can use a VPN which puts you elsewhere on the globe by creating a 'tunnel'. While this may help you in avoiding trackers, but VPN itself won't stop those trackers from tracing your online activities. Just because your IP is different and your traffic is encrypted in a tunnel, it doesn't mean you can't be tracked.

Another way is to use Tor anonymizing network. Although it is not 100 percent failsafe, it is still a good option.

Other options include, and not limited to:

  • Read the Terms of Service Agreements for services you use and give information to. See how those services use trackers to identify you.
  • Use search engines that doesn't track users, like DuckDuckGo, for example.
  • Use browser add-ons to see trackers tracking you on any given websites. You can also use the tools to avoid being tracked altogether.
  • Adjust privacy settings on services like Google, Facebook and others notable that collect user information via trackers.
  • Use different email addresses for different uses. For example, an email for work, one for personal use, and another one for online shopping.
  • Use different passwords on different websites.
  • Use different browsers for different purposes.
  • Disabling JavaScript and Flash to greatly reduce your exposure to fingerprinting.
  • Never save your passwords on your browser.
  • Use the default browser configuration to make it harder for trackers to identify you using fingerprinting.