Jump to content

Fingerprinting: Difference between revisions

From Consumer Rights Wiki
← Older edit
VisualWikitext
m AnotherConsumerRightsPerson moved page Device Fingerprint to Device fingerprint: Misspelled title: Not in sentence case
Rudxain (talk | contribs)
confirmed, superconfirmed
889 edits
more accurate "How it works"; mention cookies
 
(11 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{StubNotice}}{{ToneWarning}}
{{StubNotice}}{{ToneWarning}}
A '''[[wikipedia:Device fingerprint|device fingerprint]]''' is a string of data that maps and compiles details of a particular device or user, such as the operating system and browser information. Unlike an IP address, which is a singular piece of data that users can manipulate for privacy and security (such as using a VPN service or resetting network connection), a device fingerprint holds a series of specified data that can be uniquely attributed to a device or user (or a group thereof), and are therefore much harder to protect from tracking and abuse of privacy.
[[wikipedia:Fingerprint_(computing)|'''Fingerprinting''']] consists on attempting to uniquely identify someone or something, so that it becomes easier to [[wikipedia:Web_tracking|track]].


Common data that may be included in a device fingerprint include:
A '''[[wikipedia:Device fingerprint|device fingerprint]]''' is a collection of information about a device's hardware and configuration. Unlike an IP address, which is a singular piece of data that users can manipulate for privacy and security (such as using a VPN service or resetting network connections), a device fingerprint holds a series of specified data that can be uniquely attributed to a device or user (or a group thereof), and are therefore much harder to protect from tracking and abuse of privacy.
 
*'''Device model and hardware'''
*'''Web browser'''
*'''Screen resolution'''
*'''Font type and size'''
*'''Plugins'''
*'''Browser extensions'''
*and many more


==How it works==
==How it works==
<!-- Can someone knowledgable enough please check this? -->Fingerprinting works by getting one or more data items and turning them into a much shorter bit string that uniquely identifies itself (typically by applying a [[wikipedia:Hash_function|hash-function]]). This includes the operating system, device model, screen resolution, installed fonts, graphic-rendering, and more.<ref>{{Cite web |title=How does device fingerprinting work? |url=https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |access-date=31 August 2025 |website=crossclasiffy.com}}</ref>
<!-- Can someone knowledgable enough please check this? -->Fingerprinting can work in 2 ways:  


Even the '''lack of data can be used to build a fingerprint''', as certain data is unlikely to be missing. This is the case when a "power user" changes many default settings, or clears fields that aren't necessary. Unfortunately, this helps narrow-down the identifier, creating a unique fingerprint.
*By collecting one or more data items (e.g. device hardware, web browser, browser plugins, configuration, screen resolution, installed fonts, etc...)<ref>{{Cite web |title=How does device fingerprinting work? |url=https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |url-status=live |archive-url=http://web.archive.org/web/20250907041725/https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |archive-date=7 Sep 2025 |access-date=31 August 2025 |website=crossclasiffy.com}}</ref> from the subject and turning the data into a much shorter bit string that uniquely identifies itself (typically by applying a [[wikipedia:Hash_function|hash-function]]), this string can be recomputed and then matched against a database, to repeatedly correlate subject activity. Even the ''lack of data can be used to build a fingerprint'', as certain data is unlikely to be missing. Because of the many different variables used to generate a fingerprint, adding extensions and changing settings intending to increase privacy may have the opposite effect.
*By inserting unique (or mostly unique) data into the subject, there's no need to recompute the fingerprint, so it can be compared and matched faster. An example of this is ''Unicode [[wikipedia:Steganography|steganography]]'', which consists on adding [[wikipedia:Zero_width|invisible]] and/or [https://www.unicode.org/reports/tr39/tr39-32.html#confusables confusable] (see [[wikipedia:Homoglyph|homoglyphs]]) characters in digital text, so that copy-pasting the text distributes the fingerprint.<ref>https://www.zachaysan.com/writing/2017-12-30-zero-width-characters</ref><ref>https://www.zachaysan.com/writing/2018-01-01-fingerprinting-update</ref> A more common example is tracking [[Web cookie|cookies]].


==Why it is a problem==
==Why it is a problem==
Fingerprinting can be used to identify individuals, flagging privacy concerns and letting companies do things like targeted advertising, selling personal data and more.
While there are some benefits from a security perspective (e.g. trusted-device recognition and fraud prevention), fingerprinting allows entities (such as web servers) to identify individuals even while masking their IP address, flagging privacy concerns and letting companies do things like [[Personalized ads|targeted advertising]], selling personal data and more. It also allows another avenue for tracking across websites as services implemented on many different sites on the web (such as [[CDN|CDNs]]) will be able to follow device browsing from one website to another. <ref>{{Cite web |title=Browser Fingerprinting: What It Is and How to Block It |url=https://techreviewadvisor.com/browser-fingerprinting/ |access-date=10 October 2025 |website=techreviewadvisor.com |url-status=live |archive-url=http://web.archive.org/web/20251121085958/https://techreviewadvisor.com/browser-fingerprinting/ |archive-date=21 Nov 2025}}</ref>


==Examples==
==Remedies==
Some examples of fingerprinting include some types of cookies,
Device fingerprinting is difficult to avoid due to the aforementioned data points available. Notable remedies include using privacy-focused browsers such as [[Mullvad]], [[Brave browser|Brave]], or [[wikipedia:Tor_(network)#Tor_Browser|Tor]], which either randomizes certain data points to hide unique attributes or modifies identifiers to make all users appear to be the same in an effort to reduce the uniqueness of the system (AKA [https://en.wikipedia.org/w/index.php?title=Device_fingerprint&oldid=1330865841#Offering_a_spoofed_fingerprint spoofing]). <ref>{{Cite web |title=Anti-fingerprinting |url=https://tb-manual.torproject.org/anti-fingerprinting/ |website=tb-manual.torproject.org |url-status=live |archive-url=http://web.archive.org/web/20251029015145/https://tb-manual.torproject.org/anti-fingerprinting/ |archive-date=29 Oct 2025}}</ref>


==Remedies==
For those looking to test browser protection against web fingerprinting, the [[wikipedia:Electronic_Frontier_Foundation|Electronic Frontier Foundation]] has a tool called [https://coveryourtracks.eff.org/ Cover Your Tracks] to display unique hardware and software fingerprints.
Device fingerprinting is notoriously difficult to avoid. IP addresses  can be masked, hidden, or modified, while cookies can be blocked, cleared, and avoided. Device fingerprints, however, are a compilation of basic data points that computers and browsers use to communicate with web pages. The only notable remedy is using privacy-focused browsers such as Mullvad and Brave which randomize certain data points to hide unique attributes.


==References==
==References==

Latest revision as of 02:47, 26 April 2026

Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Article Status Notice: Inappropriate Tone/Word Usage

This article needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Specifically it uses wording throughout that is non-compliant with the Editorial guidelines of this wiki.

Learn more ▼

Fingerprinting consists on attempting to uniquely identify someone or something, so that it becomes easier to track.

A device fingerprint is a collection of information about a device's hardware and configuration. Unlike an IP address, which is a singular piece of data that users can manipulate for privacy and security (such as using a VPN service or resetting network connections), a device fingerprint holds a series of specified data that can be uniquely attributed to a device or user (or a group thereof), and are therefore much harder to protect from tracking and abuse of privacy.

How it works

[edit | edit source]

Fingerprinting can work in 2 ways:

  • By collecting one or more data items (e.g. device hardware, web browser, browser plugins, configuration, screen resolution, installed fonts, etc...)[1] from the subject and turning the data into a much shorter bit string that uniquely identifies itself (typically by applying a hash-function), this string can be recomputed and then matched against a database, to repeatedly correlate subject activity. Even the lack of data can be used to build a fingerprint, as certain data is unlikely to be missing. Because of the many different variables used to generate a fingerprint, adding extensions and changing settings intending to increase privacy may have the opposite effect.
  • By inserting unique (or mostly unique) data into the subject, there's no need to recompute the fingerprint, so it can be compared and matched faster. An example of this is Unicode steganography, which consists on adding invisible and/or confusable (see homoglyphs) characters in digital text, so that copy-pasting the text distributes the fingerprint.[2][3] A more common example is tracking cookies.

Why it is a problem

[edit | edit source]

While there are some benefits from a security perspective (e.g. trusted-device recognition and fraud prevention), fingerprinting allows entities (such as web servers) to identify individuals even while masking their IP address, flagging privacy concerns and letting companies do things like targeted advertising, selling personal data and more. It also allows another avenue for tracking across websites as services implemented on many different sites on the web (such as CDNs) will be able to follow device browsing from one website to another. [4]

Remedies

[edit | edit source]

Device fingerprinting is difficult to avoid due to the aforementioned data points available. Notable remedies include using privacy-focused browsers such as Mullvad, Brave, or Tor, which either randomizes certain data points to hide unique attributes or modifies identifiers to make all users appear to be the same in an effort to reduce the uniqueness of the system (AKA spoofing). [5]

For those looking to test browser protection against web fingerprinting, the Electronic Frontier Foundation has a tool called Cover Your Tracks to display unique hardware and software fingerprints.

References

[edit | edit source]
  1. "How does device fingerprinting work?". crossclasiffy.com. Archived from the original on 7 Sep 2025. Retrieved 31 August 2025.
  2. https://www.zachaysan.com/writing/2017-12-30-zero-width-characters
  3. https://www.zachaysan.com/writing/2018-01-01-fingerprinting-update
  4. "Browser Fingerprinting: What It Is and How to Block It". techreviewadvisor.com. Archived from the original on 21 Nov 2025. Retrieved 10 October 2025.
  5. "Anti-fingerprinting". tb-manual.torproject.org. Archived from the original on 29 Oct 2025.
Retrieved from "https://consumerrights.wiki/index.php?title=Fingerprinting&oldid=52337"