FINGERPRINTING: THEY ARE WATCHING YOU

In this article we will speak about a relatively new way of tracking Internet users — fingerprinting.

AEZAKMI_EN
6 min readMar 24, 2020

MARKETING MANAGERS STAY ON GUARD

Seeking your money online marketing managers as if put a glass shade above all Web users: otherwise, how will they know what you really want and then sell it to you?

Not so long ago websites just used cookies to track you, but now if websites ask your permission to use your data, you can be aware when being tracked.

Nowadays the glass shade put above us by marketing is represented by fingerprinting — it is a special method of collecting data from your device to identify you and your preferences when you are surfing the Web. With the help of fingerprinting one may see what you are looking for and offer a personalized ad for you.

It might not be that bad, but along with your interests these data will include a huge amount of private information, and websites which fingerprint your browser, still do not have to warn you about this beforehand. Most often you are just supposed to automatically give permission to be tracked when using the website, and this is actually mentioned in a small print in the Terms of Service of the website — but who has ever read it? Moreover, it is usually put quite vaguely, like: “By using our website you agree that we will save the digital signature of your machine”. Have you ever thought on this phrase?

Anyway, as a consequence — a higher price level for goods offered to your location, leaks of information because of hacker attacks and some other disadvantages. Not bad, is it?

Visit AEZAKMI now and find out how to stay anonymous!

HOW DO THEY DO IT?

It’s quite hard to fight fingerprinting, as the number of fingerprinting methods is constantly growing and methods vary more and more.

The most popular ways to fingerprint your browser include usage of browser plugins, enumeration of add-ons and fonts, user-agent string and screen resolution. Let’s delve deeper into each of them.

BROWSER PLUGINS

For instance,

  • Shockwave Flash
  • QuickTime Plug-in 7.7.3
  • Default Browser
  • Helper
  • Unity Player
  • Google Earth Plug-in
  • Silverlight Plug-In
  • Java Applet Plug-in
  • Adobe Acrobat NPAPI Plug-in, Version 11.0.02
  • WacomTabletPlugin.

And others…

Most users do not understand the difference between plugins and add-ons, but it is quite significant: plugin’s work is autonomous, it functions outside of a browser in a completely different process. Plugins are offered as useful programmes which help to improve your browser work or to get access to resources like Flash and others.

Though, be aware: they are developed by third parties. Usually you do not determine the amount of rights your browser will give to this or that plugin and, subsequently, which data it will extract.

A typical user logs into the computer system as an administrator and usually in this case he/she allows the plugin being installed in full, allowed to use all the information it needs from your device. So, it turns out that you yourself open doors to data hunters when you say “yes” to everything in the course of plugin installation.

All plugins get access to the unique information about you and your device. For example, Flash plugin interface can get the following data:

  • Full list of fonts on your device
  • Your motherboard ID and other hardware IDs
  • Real MAC address
  • Real IP-address even if you are using proxy

Even the plugin list itself can be a fingerprint of your browser. Plugins enumeration helps to form a unique fingerprint.

BROWSER ADD-ON ENUMERATION

This method is based on enumeration of add-ons on your browser and is a part of a broader set of methods called “JS behavioral tests”. Every enumeration kit turns to be unique and helps identifying you.

Using this method one can see the version of your browser and other important data. Collecting this info like a puzzle, websites take your browser fingerprint.

Visit AEZAKMI now and find out how to stay anonymous!

SYSTEM FONTS ENUMERATION

Websites can use Flash or Java Applet plugins to get information on your system fonts list.

You may think: what is bad of it?

The matter is that one and the same phrase written in, say, Times New Roman font, size 14, will take one and the same width in pixels on every screen. If this phrase takes a different size from the expected one, it is identified as not Times New Roman 14 — your browser had substituted it for a different font as Time New Roman had not been installed. By exploring in this way the fonts and their possible widths websites can extract the precise list of your fonts — quite worth contribution to fingerprinting.

USER-AGENT STRING

User-Agent string reports to websites what browser version you are using. It also takes into account your type of device — this knowledge helps websites to display their pages properly on your screen.

Alongside with this a great deal of information on your platform, your browser etc. leaks to the website, which helps your identification.

SCREEN RESOLUTION

Sites can read two variables: the screen resolution reported by your browser and the size available for the web page to be displayed.

If you leave JavaScript enabled and your browser window fully open, JavaScript will be able to measure the size of your browser window and report on it to websites. So even if you insert the wrong data on your resolution into your browser, the accurate information can be taken through JavaScript, and it is possible even in such protected browsers as Tor.

JS.NAVIGATOR PARAMETER

Speaking again about JavaScript — this plugin has a full access to a lot of data via JS.Navigator: your time zone, browser language, DoNotTrack variable, platform, AppVersion variable and even the number of CPU cores.

All these parameters contribute to identifying you. Sometimes these parameters can be manipulated in a browser, but in some cases websites can draw the real info while the page is loading, for example.

Visit AEZAKMI now and find out how to stay anonymous!

SUPERCOOKIES

Some cookies saved in non-typical places and hard to delete, are nowadays called “supercookies”. Before this term used to stand just for any Flash cookies.

They are usually injected to you through Java and Flash and it’s better to delete them manually — they are usually grouped under the same category; it is hard to delete them with common browser cleaning tools.

CANVAS WebGL & Audio Fingerprint

These three techniques are not the same, but they are aimed at one thing: to read the information about your specific device and the way it fulfills different tasks compared to other machines — but not the predetermined values in your computer.

Sometimes specialists call this method “device fingerprinting”, but there is no common name for it yet. AEZAKMI developers suggest calling it “hardware fingerprinting”.

HOW CAN WE FIGHT IT?

It is quite hard to fight fingerprinting, as the number of its techniques is constantly growing, all methods have different basis and are connected with different elements.

Though, some steps can be done by you right now.

Pay attention to the amount of rights you are giving to plugins in the course of their installation, especially Flash and JavaScript.

Check your add-ons list and think which of them can be disabled.

Install any special supercookies cleaner or find them manually to delete them.

AEZAKMI suggests you applying our product to be sure you are well protected on the Web.

We are busy with an ongoing monitoring of new methods of tracking users and constantly developing new tools to fight them and provide your security on the Internet.

If you have any questions about using these functions, you can always contact us in support:

Telegram: @aezakmisupport

Email: support@aezakmi.run

Website: aezakmi.run

--

--