How does using browser extensions help browser fingerprinting?
-
Can someone help me understand this? If hundreds of thousands of people use a popular browser extension, how does that make it easier for you to be singled out among them? I'm having a hard time wrapping my head around this, can anyone help?
-
P [email protected] shared this topic
-
[email protected]replied to [email protected] last edited by
Browser fingerprinting takes measurement of things the browser exposes. If a browser exposes installed extensions, this can be used to corelate information. If awebsite checks if the browser loaded something or not, that also can be used to corelate.
Example, you (ip address xxx.xxx.xxx.xxx) visited this website (trackingsite.xyz), with a screen resolution of 1920x1080, using a (Mozilla/firefox) browser. The three trigger pixels did not load, meaning you're using an adblocker, and the remote font loaded from localhost, not google. Your canvas, microphone, and camera are all blocked. Your browser also responded to an api ping for (useful extension). Interesting. This same configuration was also on (othertrackingsite.xyz) and (definitelyalegalsite.xyz), both of which a browser with the same info navigated to for at least 5 minutes, so we know it wasn't a mistype. This same browser configuration was seen regularly browsing these sites on [days of the week] at [time of day], indicating a regular habit.
We know who you are and where you have gone.
-
[email protected]replied to [email protected] last edited by
It’s about the exact combination of extensions you have installed, along with all of the other info that a nosy website can obtain from you (installed fonts, User Agent string including exact version numbers, etc). It doesn’t come down to any one particular piece of info, but every bit adds to the overall picture. Here is a good overview and their main page runs an active test on your browser.
-
[email protected]replied to [email protected] last edited by
Okay, that makes sense (and thanks for the great explanation!). But, don't website ads also track you? So if you're not using an adblocker, can't you be compromised that way? And wouldn't a good VPN help with fingerprinting?
-
[email protected]replied to [email protected] last edited by
Great stuff! Thank you!
-
[email protected]replied to [email protected] last edited by
When you use a "good vpn", it would just show that a user with your same fingerprint visited also from yyy.yyy.yyy.yyy
-
[email protected]replied to [email protected] last edited by
Yes, turning off adblocker is worse. You should be using Tor browser with default configuration to browse privately, and never sign in to anything to further avoid getting tracked.
-
[email protected]replied to [email protected] last edited by
never sign in to anything to further avoid getting tracked.
You're going to have to tell me how that's possible on an everyday-use basis. How do you do your banking? How did you access Lemmy?
-
[email protected]replied to [email protected] last edited by
Great point.
-
[email protected]replied to [email protected] last edited by
Don't use your Tor session to sign in. Also banks will probably not let you sign in via Tor.
-
[email protected]replied to [email protected] last edited by
In the context of fingerprinting I disagree. The vast majority of the world population do NOT use an ad-blocker (supposedly maybe 15% do at most)... so having an adblocker can be used to narrow you down even more IMO. Many extensions can have this issue afaik, especially if it modifies the DOM.
-
[email protected]replied to [email protected] last edited by
Every different part of computer setup/OS/resolution/extension/etc is a data point that can be used to uniquely identify you and track your web browsing. Generally any desktop computer will have a unique fingerprint, the only hardware setup I've heard of being common enough to avoid fingerprinting is something like using safari on a modern iphone.
-
[email protected]replied to [email protected] last edited by
I don't think it was meant exactly that literally. If you use online banking then of course you have to allow whatever they require for it to work. But for non-necessary services that have an account feature... any time you use those of course will have more of your information out there to sell.
-
[email protected]replied to [email protected] last edited by
Trust me, they don't.
-
[email protected]replied to [email protected] last edited by
However, allowing ads means allowing tracking. You got corelation with the ads being served from ad brokers, who can now see what sites you been on and have a record of where you've been.
-
[email protected]replied to [email protected] last edited by
Yes but I think you still need a unique fingerprint in order to tie that data to a single person... and there are much less people who use ad-blockers than those who don't, so to me it's an extra bit of identifying information; obviously this puts the privacy-conscious user in a difficult position and I don't know that there's a perfect answer.
-
[email protected]replied to [email protected] last edited by
Actually as of 2024, 31.5% of internet users worldwide use an adblocker. Source: https://backlinko.com/ad-blockers-users
-
[email protected]replied to [email protected] last edited by
I think it's about the combination of extensions you have. Not everyone has every popular extension and you may have some less popular ones etc.
