From 1a3e9cbe2f813c8b056ea879208bad1208c46711 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Sat, 8 Apr 2023 13:30:04 -0500 Subject: [PATCH] Browser fingerprinting overview --- config/mkdocs.en.yml | 1 + config/mkdocs.fr.yml | 1 + config/mkdocs.he.yml | 1 + config/mkdocs.nl.yml | 1 + config/mkdocs.offline.yml | 1 + docs/advanced/fingerprinting.md | 23 +++++++++++++++++++++++ 6 files changed, 28 insertions(+) create mode 100644 docs/advanced/fingerprinting.md diff --git a/config/mkdocs.en.yml b/config/mkdocs.en.yml index ab23941520..861765475e 100644 --- a/config/mkdocs.en.yml +++ b/config/mkdocs.en.yml @@ -110,6 +110,7 @@ nav: - 'os/linux-overview.md' - 'os/qubes-overview.md' - Advanced Topics: + - 'advanced/fingerprinting.md' - 'advanced/dns-overview.md' - 'advanced/tor-overview.md' - 'advanced/payments.md' diff --git a/config/mkdocs.fr.yml b/config/mkdocs.fr.yml index e5bfdc64b4..16980c53ec 100644 --- a/config/mkdocs.fr.yml +++ b/config/mkdocs.fr.yml @@ -110,6 +110,7 @@ nav: - 'os/linux-overview.md' - 'os/qubes-overview.md' - "Sujets avancés": + - 'advanced/fingerprinting.md' - 'advanced/dns-overview.md' - 'advanced/tor-overview.md' - 'advanced/payments.md' diff --git a/config/mkdocs.he.yml b/config/mkdocs.he.yml index 10ca2342e7..ad634e0bef 100644 --- a/config/mkdocs.he.yml +++ b/config/mkdocs.he.yml @@ -114,6 +114,7 @@ nav: - 'os/linux-overview.md' - 'os/qubes-overview.md' - "נושאים מתקדמים": + - 'advanced/fingerprinting.md' - 'advanced/dns-overview.md' - 'advanced/tor-overview.md' - 'advanced/payments.md' diff --git a/config/mkdocs.nl.yml b/config/mkdocs.nl.yml index e7c5fcaa7c..816cc392de 100644 --- a/config/mkdocs.nl.yml +++ b/config/mkdocs.nl.yml @@ -110,6 +110,7 @@ nav: - 'os/linux-overview.md' - 'os/qubes-overview.md' - Gevorderde onderwerpen: + - 'advanced/fingerprinting.md' - 'advanced/dns-overview.md' - 'advanced/tor-overview.md' - 'advanced/payments.md' diff --git a/config/mkdocs.offline.yml b/config/mkdocs.offline.yml index 993f3f4f82..9b66e114b9 100644 --- a/config/mkdocs.offline.yml +++ b/config/mkdocs.offline.yml @@ -99,6 +99,7 @@ nav: - 'os/linux-overview.md' - 'os/qubes-overview.md' - Advanced Topics: + - 'advanced/fingerprinting.md' - 'advanced/dns-overview.md' - 'advanced/tor-overview.md' - 'advanced/payments.md' diff --git a/docs/advanced/fingerprinting.md b/docs/advanced/fingerprinting.md new file mode 100644 index 0000000000..cb01353d09 --- /dev/null +++ b/docs/advanced/fingerprinting.md @@ -0,0 +1,23 @@ +--- +title: "Browser Fingerprinting" +icon: material/fingerprint +description: Browser fingerprinting is a method of tracking users across sites regardless of their network. +--- + +**Fingerprinting** refers to a service collecting metadata about whatever connects to it, for the purposes of identifying a user. In this overview we are largely going to cover **browser fingerprinting**, specifically how websites try to uniquely identify your web browser outside the standard identifiers most people think of, like your IP address or user agent. + +It is important to remember that your "browser fingerprint" is not a single thing, it is a collection of all the different metrics websites can use to track you. Many websites or fingerprinting scripts will take all those metrics and hash them into a single identifying string with a fingerprinting algorithm, but these algorithms and the metrics they use to create that fingerprint can vary wildly between different trackers. In other words, just because one fingerprinting test says your browser's fingerprint is non-unique, or randomized, or any certain thing; it doesn't necessarily mean that it will be for every other fingerprinting test or tracker out there. + +Many non-experts will claim that using Firefox or enabling its fingerprinting resistance preferences will make you *more* unique, give you *less* privacy, and make you "stand out in the crowd." However, if you do nothing at all your browser will already be uniquely identifiable. Thus, the "crowd" of Google Chrome or Safari users these people will claim exists in fact does not, because you can't blend in to a crowd filled with completely unique browsers. A [study](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/cross-browser-fingerprinting-os-and-hardware-level-features/) published in 2017 demonstrated an approach that could uniquely identify 99.24% of users, without even taking into account their IP address. ==Becoming "more unique" is impossible, there is no such thing.== + +## Common Metrics + +## Types of Tracking Scripts + +In general, we can classify tracking software into two groups: **naive** and **advanced**. Naive trackers can be fooled by standard anti-fingerprinting techniques like Firefox's "resist fingerprinting" or Brave's fingerprint randomization features, because they acc + +The good news is that most fingerprinting you will encounter on the internet is naive. + +## Anti-Fingerprinting Approaches + +Broadly speaking, there are two ways that browsers try to deal with fingerprinting: **Randomization** and **blocking**.