Browser Fingerprinting - In an article by Rahul Naskar, he describes vulnerabilities with Incognito. “I'm not a privacy enthusiast, but that doesn't mean I don't care about it. I have always used the best settings to protect my privacy since I learned about the benefits of controlling how my personal information is collected, stored, and shared online. I still remember the day when I first learned about private browsing, and every time I went Incognito, it felt like adding one more brick to my already strong privacy wall. Incognito mode on my favorite web browser was one of the settings I relied on heavily for a long time for this specific reason. However, all of this is past after I learned about how it doesn't offer any protection against one of the internet's most invasive tracking systems: browser fingerprinting. I don't blame anyone but myself for not learning about browser fingerprinting early, which gave me a false sense of privacy protection when I was using Incognito mode.
‘Here is why I have stopped using Incognito mode since I found out what browser fingerprinting is.”[1]
What did I learn about fingerprinting? I first learned about fingerprinting in my biology book when I was in school, but that was DNA fingerprinting, which identifies unique biological traits and confirms someone's identity with high precision.
It was a fascinating reading session, because that was when I also realized that DNA is kind of like biological software inside our body, storing, reading, and executing instructions to get the job done. But little did I know I would have to revisit those days while learning about a specific component of web technology someday. As someone who already knew what DNA fingerprinting is, it made my job easier to understand browser fingerprinting. I instantly drew the parallel when I learned that browser fingerprinting is a technique that combines several technical characteristics into a fingerprint.
The JavaScript that is running in your browser is usually the culprit here, as it gathers all details like your screen resolution, GPU information, timezone, language settings, operating system, and more. All this information is then sent to the tracking company's servers, where they often use a hashing algorithm or similar technique to create a fingerprint identifier, which can distinguish your browser and device configuration with high accuracy. While this may not expose your real-world name or address, it knows everything you do online, which also means that your browsing habit isn't anonymous. Although not everyone does this, companies can sell this information to advertisers to target you more effectively. It's hard to tell who follows the best practice and never sells their customers' data to advertisers.
It isn't worth taking the risk.
Why can't Incognito protect you against fingerprinting? Both fingerprinting and Incognito deal with data, but in different forms and with varying methods. Fingerprinting is tracking your data in real time. It collects what your browser exposes when you load a website. On the other hand, Incognito mode doesn't prevent data collection from websites. Instead, it changes how your browser stores a specific set of data locally, which is different from what websites collect in real-time for fingerprinting.
In a normal browsing session, a browser stores your browsing history, cookies, cache, and site data on your device. Incognito mode doesn't prevent any of this. Instead, it creates a temporary, isolated profile, where it stores cookies, history, cache, and site data. After you close all your Incognito windows, all that data is erased. It doesn't impact your main browser profile. Incognito has nothing to do with controlling fingerprinting, because it deals with a completely different set of data. To tackle the fingerprinting problem, you need to take stronger measures, as I did.
What do I use instead of Incognito?
Brave Browser on an Android phone's home screen
Incognito mode has no control over what data websites collect when you load them on your device, but browsers with enhanced tracking protection have. I relied on Microsoft Edge and Google Chrome to browse the internet, but neither has an excellent anti-tracking system. So, I had to look somewhere else. I asked my colleagues at Android Police, who are privacy enthusiasts, to help me find the best alternative. I took their advice, researched independently to ditch both Chrome and Edge in favor of Brave.
Firefox also offers advanced tracking protections, but you need to manually set them up in the settings. On the other hand, Brave Shields automatically blocks invasive fingerprinting by default. So, even if someone doesn't know anything about what fingerprinting is, they get far better protection than many of its rivals out of the box.
The hard truth about fingerprinting - You can't escape from browser fingerprinting, no matter how much you try, and that's the reality. While you can take extreme measures, like disabling WebGL, which is responsible for GPU and graphics fingerprinting, and JavaScript, doing so can break the websites entirely. Even if that wasn't the case, I would never have gone to that extreme to disable every tracking signal. This is because the more unique you are, the easier it is to spot you. I keep it simple and don't try too many extensions or add-ons, settings to reduce fingerprinting.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.msn.com/en-us/news/technology/i-found-out-what-fingerprinting-actually-is-and-i-m-never-using-incognito-again/ar-AA1WM11O/
Comments