Privacy Experiment Shows Websites Are ‘Fingerprinting’ You

News Websites Fingerprinting Featured

There has been a huge push in efforts to protect our data the past few years. The more and more we learned that there were websites and companies that wanted our data, the more we’ve become protective of it.

The most recent news with data privacy is that there really isn’t anything we can do to keep our data private if someone wants it badly enough. An experiment has shown many websites collect your data in a process called “fingerprinting,” and it doesn’t matter whether you turn on “private browsing” or use a VPN. Websites are still able to collect your data by fingerprinting.

Websites Collecting Your Data

This knowledge is the result of a website experiment by The Washington Post. It showed that one-third of the 500 websites it studied were using code to run an identity check on you as you browse.

It doesn’t matter how big or small the site, even CNN, Best Buy, and WebMD are collecting details about you and your device. Some are even tracking you through your use of “do not track.”

Sites force browsers to turn over the data about your computer or device, such as screen resolution, operating system, or even something so innocuous like the font you have installed. This data combines to create a clearer picture of your device, the fingerprint.

Once they learn your fingerprint, websites can use it to find if you have visited the site before, create profiles of your behavior on the site, or follow you with ads. They can also do good in preventing you from sharing a password, identifying fraud, and blocking bots.

News Websites Fingerprinting Sssh

While it’s been known for some time that fingerprinting was a possibility, it wasn’t known that it was being used. The chief technology officer of privacy software company Disconnect, Patrick Jackson, tested 500 of the most popular websites Americans use to see what the sites were hiding and what they were doing on our computers.

Jackson found 183 websites collecting fingerprints between September 30 and October 8, leading to Washington Post’s Geoffrey A. Fowler asking for explanations from the most well known. Their reasons ranged from it being an industry standard, to they didn’t realize it was happening, to they allowed ad and data partners to control those parts of the websites. While two porn sites didn’t answer his questions, Jackson thinks they’re using the data to tailor their content to the people who view it in private-browsing mode.

After he spoke with the websites, six said they would remove the fingerprinting code from their websites. Four of those are run by the United States government. They had been using the data as part of a customer satisfaction survey and collected the data to not have to re-ask for the information.

It’s not just surprising sites doing this like Thesaurus.com and AllRecipes.com – it’s also shocking sites like Norton.com. Author Fowler also noted that even The Washington Post fingerprints visits after they’ve blocked cookies. The websites for Fox News and New York Times fingerprint visitors as well but in different ways.

Ironically, one company speaking up against the practice is Google. Chrome browser engineers wrote in May, “Because fingerprinting is neither transparent nor under the user’s control, it results in tracking that doesn’t respect user choice.” But it seems Google itself is known to collect data on you, not your device, but you yourself, so it’s puzzling why they would find such fault with this.

Limiting Chances of Being Fingerprinted

You can’t prevent sites fingerprinting you altogether, but you try to make it less likely that you will be fingerprinted.

News Websites Fingerprinting Keyboard

Not all devices and browsers carry the same weight with respect to ease of detection. Engineer Valentin Vasilyev, who has written fingerprinting software, said you can make it hard to fingerprint you by using Tor, a privacy-first browser that tries to make all user devices look the same, but Fowler explains it’s meant for “highly technical people because it breaks common websites.”

iPhones, iPads, and Macs using the Safari browser are among the hardest machines and devices to fingerprint. This is partially because Apple’s limited product line tends to have standardized devices, so they look similar to fingerprinting software.

Apple has also been working with Safari to get it to fight fingerprinting directly by reducing the amount of information that it shares, such as a list of built-in fonts instead of a custom list. Additionally, it asks for permission before it gives out info regarding device orientation and motion. Best yet, these are default settings – they’re always on.

Those who do not own an Apple device should consider using Firefox. It, too, is working on adding default fingerprinting protections by blocking traffic from known addresses for fingerprinting, though it admits that only fixes fingerprinting in part. You can turn this on under privacy and security settings in the “Custom” tab.

Google Chrome by default doesn’t do that much to stop fingerprinting, though you can add privacy extensions, including uBlock Origin, Privacy Badger, or Disconnect. The software might break some of the sites you want to visit, though, according to Fowler. Google has also announced they are working on reducing the way browsers can “passively” fingerprint.

Do these methods ease your mind regarding fingerprinting? Or is this something you remain concerned about? Tell us in a comment below. And if you’d like to know which websites have been identified as fingerprinting you, check the list at the bottom of this link.

3 comments

  1. I gave up hope for online privacy some time ago. It seems that sites and companies believe they have a Constitutionally-guaranteed right to users’ data and to use ANY means to obtain it.

  2. Just don’t give up or give in. Fight back every way one can. Giving up or giving in means they won and it’s the lazy mans way of doing things.

    1. Sounds like a great political sound bite. However, how does one ‘fight back’ against companies like Facebook, Google and others that harvest data about you even when you never had ANY contact with them? How does one ‘fight back’ against companies like Equifax that gather data on you without your knowledge, let alone, permission and then suffer the indignity of getting hacked? Riddle me that.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.