Apple Goes After a Little Know Practice Called Browser Fingerprinting

During its latest Worldwide Developer Conference, Apple announced that it is rolling out new privacy features in its Safari browser. The announcement raised a few eyebrows, as it addressed a little know practice known as browser fingerprinting, a technique that renders incognito or private browsing useless.

For quite some time, deleting cookies was common practice for the privacy-minded user. That was until the arrival of “Incognito” and “Private Browsing” modes, which automatically stop cookies from being implanted into your system. But an increasingly common and rarely discussed technique has been quietly derailing their efforts.

What is Browser Fingerprinting Exactly

Browser fingerprinting can be used to potentially identify a unique user by collecting and analyzing patterns of information whenever he visits a website. That information includes seemingly generic data: browser type and version, operating system and version, the screen resolution, supported fonts and font preferences, plugins, timezone, language preferences, hardware configurations, and so on. And though they can’t be used independently to identify a person, the unique combination of specifications can be used for that end. The combination may not reveal the real-life identity of a person, but it will identify him as a unique individual and track him throughout various online activities that he might engage in.

It is very much similar to the way investigators collect evidence and fingerprints at the scene of a crime. A website will collect as many browser identification points as possible; that data is later matched against a database containing browser characteristics of known people.

This works wonderfully well for online advertisers. And it goes without saying that the method is very well liked by hackers and government surveillance operatives.

To make matters worse, good privacy techniques are ineffective at best and could even backfire. Practices such as disallowing javascript, cookies, and webRTC requests are not very common, which in turn make your browser more unique.

Your other option would be to try and confuse whoever is tracking you, you could change your screen resolution every so often, install or uninstall fonts, extensions, and plugins. Switching between different browsers is a good idea too. However, these steps require a lot of effort and it is hard to gauge their effectiveness.

The best way to protect yourself it seems is the make the collectible information as generic as possible, and that’s Apple’s trick: reducing granularity to help users blend in. If a website can only read basic information about you, it will become increasingly difficult for it to distinguish you from other users – fewer features equal less unique combinations, increasing the chance of confusing you with others.

We should also note that this issue primarily plagues desktops and laptops; smartphones and tablets have limited support for plugins or customization, making them inherently less prone to leave fingerprints.