FAU computer scientist investigates methods of protection against online espionage through browser fingerprinting
There are several ways of protecting one’s data online. However, many people are not aware that the information which is revealed via their browser alone makes it possible to create an almost unique digital fingerprint which can be used to identify individual users later on. Is there any kind of protection against this browser fingerprinting? Tim Grocki, a student at FAU’s Chair of Computer Science 1 (IT Infrastructures), investigated several ways of protecting oneself against such online espionage in his Master’s thesis.
The combination of data makes the fingerprint unique
Website operators can read out information about the browsers used by the individuals visiting their pages. The amount of information that is revealed about a user via their browser is huge and the combination of data is unique, making it possible to recognise it again. The fonts installed, browser software, operating systems, screen resolution, colours and plug-ins ‑ all of this information and more is accessible to website operators via the browser used, making it possible to identify a user later on. Browser fingerprinting is mainly used for promotional purposes.
Protection strategies have limitations and disadvantages
Disappearing in the crowd is not possible
Changing one’s own settings to correspond to a common fingerprint is another method of protection – the user can simply disappear in the crowd. However, even common fingerprints are very rare and there is only limited information on common fingerprint models available.
As browser fingerprinting is based on the idea of identifying browsers by their browser configuration, standardising browser settings would be a possible way of protecting against online espionage. If all users had the same settings, it would be impossible to distinguish them from one another. However, different users have different requirements for their browsers and in order to make standardisation of settings an efficient method of protection, a sufficient number of users would have to participate. Another disadvantage of this method is that the amount of information that would have to be standardised is huge, which would make the whole process very difficult.
The recommended strategy: combine as many methods of protection as possible
As the individual strategies commonly used against browser fingerprinting do not provide sufficient protection, Grocki recommends a combination of all of these measures. However, it is impossible to achieve absolute protection. The problem of browser fingerprinting remains unsolved and there will probably not be any simple means of protection against this form of web tracking in the near future. ‘In addition to further research, politicians, website operators and normal users could take action against browser fingerprinting that does not involve technology. Browser fingerprinting could be boycotted or banned,’ says Grocki.
Dr. Zinaida Benenson
Phone: +49 9131 8569908