Fingerprinting: How advertisers, governments and covert agencies track your online presence

Special to WorldTribune, July 21, 2021

BIG TECH Watch

By Richard N. Madden

Am I being tracked online? Even with the most sophisticated VPN, Ad-Block and privacy browser extensions, the answer is still most likely: “Yes.”

Internet privacy has been the central issue concerning digital rights in the last decade as Internet service companies transition from the traditional “pay for services” to a “free” business model. Initially pioneered by HotMail, Yahoo and Google, Internet services now opt to provide their services for “free” in exchange for your usage statistics and data. Fore example, in its original form, Gmail would scan your emails and gently advertise products based on the contents of your messages – i.e., if you received a booking confirmation for a ski lodge, you may see adverts for a new pair of skis.

Although somewhat harmless, these methods have evolved over the last two decades into a much more sophisticated and nefarious tracking model. Now data from every email, Internet search, text message, online map lookup and credit card purchase is gathered, cross-referenced and stored in a database to build a complex and intricate profile of your individual habits and preferences with the sole goal of predicting your next move and beating you to the punch.

As these databases accumulate more and more data, the risk of data breaches becomes more prevalent, costly and causes greater damage to individuals. Indeed, hackers in Russia, Iran and China see these as potent targets to attack, blackmail, harass and manipulate American citizens.

Moreover, governments have a keen interest in maintaining the status quo and silencing the politically outspoken. By tracking browsing history, governments and agencies can compile databases of people whom they suspect to be unfavorable based on the political content they consume.

As free individuals, we have the right to believe and read whatever we wish to without fear of persecution. However as the tracking technologies mature, it is all too easy for organizations to betray this social contract and we can no longer take these rights for granted.

How Does Browser Tracking Work and What Can You Do About It?

While we cannot completely prevent the seizure of all of our data, there are still some steps we can take to block the tracking and gathering of our information.

VPNs

VPN services have become massively popular in the last few years, thanks in part due to the aggressive marketing campaigns which exploit the concerns presented above. A Virtual Private Network (VPN) is a service which routes all your browser traffic through a server, which then forwards you to the requested website. This way, anyone snooping on your web traffic (such as your ISP or someone on public Wi-Fi) will only see you connecting to the VPN, not where you’re actually connecting to. Furthermore, the website on the receiving end will only have access to the VPN’s IP address.

But is this enough to prevent tracking? Short answer: No.

Ad-Blocking

In the past, tracking services used to heavily rely on your IP address to trace your online presence. IP addresses change regularly and are especially unreliable at tracking with mobile Internet and LTE (wireless Long-Term Evolution communications). In recent years, these services have moved away from IP address tracking to more sophisticated tracking at the browser level. Indeed, your browser configuration remains constant no matter what IP address you connect from.

If you’ve ever seen a Facebook “Share” or Twitter “Tweet” button on a website, chances are you’re being tracked. These “social buttons” call back to their providers with information on what website the button was loaded on. If you’ve ever logged into Facebook on your browser, closed the tab and then opened a website with a social button on it, then Facebook knows exactly what website you visited and when you did it. Even if you don’t have Facebook or other social media accounts, they can still build a “shadow profile” on the fact the social button was loaded and therefore track you. An effective way to mitigate this is to install an Ad-Block browser extension such as U-Block Origin. These extensions block social buttons, advertising banners and tracking cookies from infecting your browser and help prevent digital tracking. Be sure to disable Ad-blockers on websites you frequent to support the maintainers.

Fingerprinting

Browser fingerprinting is the latest technology utilized by virtually every organization with an Internet presence. As alluded to in the previous sections, websites can uniquely identify you based on the configuration of your browser.

Since websites have to now provide support for a diverse range of devices, they require some information to best tailor the website’s experience to your device. This means they need to know if you’re using a desktop PC or phone, the operating system, the screen size and what features your device supports. While this has an obvious benefit to the user, it turns out that there are many, many parameters a website can request about your device. All these parameters are compiled into a unique identifier which persists across all websites and is the most accurate way to track regardless of any mitigations in place.

You can check how much information your browser leaks and see what trackers look at with the Electronic Frontier Foundation’s “Cover Your Tracks” website. Browser fingerprinting is very difficult to fight against. In fact, trying to prevent browser fingerprinting is itself trackable; since very few people do it, if a website detects you’re blocking this method then that itself is a unique identifier.

Therefore, the best strategy to avoid browser fingerprinting is to “blend in to the crowd.” In other words, always browse websites from your PC and use a popular operating system and browser. The EFF has invested millions in fighting Internet tracking and upholding user privacy; you may also consider donating to help them with their cause.

Nowadays, it’s virtually impossible to completely “digitally detox” from having your data harvested and sold. However, with good digital hygiene, it is possible to take back some control and protect yourself from malicious actors who wish to manipulate you. In short, use a VPN, install browser extensions which protect you, use only one device to access your content, limit your browsing to trusted websites and most importantly, educate others on the dangers of Internet tracking and what they can do to prevent it.

Richard N. Madden is a researcher in the fields of Cryptography and digital hardware design. He holds a Master’s degree in Computer Engineering with particular interest in security, data privacy and digital rights.

INFORMATION WORLD WAR: How We Win . . . . Executive Intelligence Brief

You must be logged in to post a comment Login