Can someone help me understand this? If hundreds of thousands of people use a popular browser extension, how does that make it easier for you to be singled out among them? I’m having a hard time wrapping my head around this, can anyone help?
You must log in or register to comment.
I think it’s about the combination of extensions you have. Not everyone has every popular extension and you may have some less popular ones etc.
Browser fingerprinting takes measurement of things the browser exposes. If a browser exposes installed extensions, this can be used to corelate information. If awebsite checks if the browser loaded something or not, that also can be used to corelate.
Example, you (ip address xxx.xxx.xxx.xxx) visited this website (trackingsite.xyz), with a screen resolution of 1920x1080, using a (Mozilla/firefox) browser. The three trigger pixels did not load, meaning you’re using an adblocker, and the remote font loaded from localhost, not google. Your canvas, microphone, and camera are all blocked. Your browser also responded to an api ping for (useful extension). Interesting. This same configuration was also on (othertrackingsite.xyz) and (definitelyalegalsite.xyz), both of which a browser with the same info navigated to for at least 5 minutes, so we know it wasn’t a mistype. This same browser configuration was seen regularly browsing these sites on [days of the week] at [time of day], indicating a regular habit.
We know who you are and where you have gone.
Okay, that makes sense (and thanks for the great explanation!). But, don’t website ads also track you? So if you’re not using an adblocker, can’t you be compromised that way? And wouldn’t a good VPN help with fingerprinting?
When you use a “good vpn”, it would just show that a user with your same fingerprint visited also from yyy.yyy.yyy.yyy
Great point. :)
Yes, turning off adblocker is worse. You should be using Tor browser with default configuration to browse privately, and never sign in to anything to further avoid getting tracked.
In the context of fingerprinting I disagree. The vast majority of the world population do NOT use an ad-blocker (supposedly maybe 15% do at most)… so having an adblocker can be used to narrow you down even more IMO. Many extensions can have this issue afaik, especially if it modifies the DOM.
Actually as of 2024, 31.5% of internet users worldwide use an adblocker. Source: https://backlinko.com/ad-blockers-users
However, allowing ads means allowing tracking. You got corelation with the ads being served from ad brokers, who can now see what sites you been on and have a record of where you’ve been.
Yes but I think you still need a unique fingerprint in order to tie that data to a single person… and there are much less people who use ad-blockers than those who don’t, so to me it’s an extra bit of identifying information; obviously this puts the privacy-conscious user in a difficult position and I don’t know that there’s a perfect answer.
never sign in to anything to further avoid getting tracked.
You’re going to have to tell me how that’s possible on an everyday-use basis. How do you do your banking? How did you access Lemmy?
Don’t use your Tor session to sign in. Also banks will probably not let you sign in via Tor.
Trust me, they don’t. ;)
I don’t think it was meant exactly that literally. If you use online banking then of course you have to allow whatever they require for it to work. But for non-necessary services that have an account feature… any time you use those of course will have more of your information out there to sell and track.
Every different part of computer setup/OS/resolution/extension/etc is a data point that can be used to uniquely identify you and track your web browsing. Generally any desktop computer will have a unique fingerprint, the only hardware setup I’ve heard of being common enough to avoid fingerprinting is something like using safari on a modern iphone.
It’s about the exact combination of extensions you have installed, along with all of the other info that a nosy website can obtain from you (installed fonts, User Agent string including exact version numbers, etc). It doesn’t come down to any one particular piece of info, but every bit adds to the overall picture. Here is a good overview and their main page runs an active test on your browser.
Great stuff! Thank you!
