Most of the time, hackers aren’t hacking just for the LOLz. Only sometimes. The rest of the time they are hacking into computers and servers for specific information which they can take. This information can be used for a number of things, one of the biggest being a profile that the data in your browser tells about you: This is browser fingerprinting.
Why is this ‘profile’, or online fingerprint, important? Let’s find out before hackers do, and let’s look at protecting this fingerprint as well so that you can be safer.
Online profiling and how to avoid browser fingerprinting
Everywhere you go online you are being followed. I’m not talking about Twitter, I’m talking about tools used by:
- Online businesses
- Social media websites
And still others. Why would these legitimate businesses want to track you? You’re not a criminal …are you? Well, the primary reason they are doing it is to help prove that you are …you. They track you, they monitor you, they ..sell your data segments to advertisers to cash in. That’s the bulk of the ‘game’ on their end. They just want to sell advertisements. Their need to make money comes at the expense of you.
Why this is useful to hackers
Why hackers are interested in this information is painfully obvious to them, but not so much so to the average Internet user. Hackers can learn so much about you from your computer and digital tracking via browser fingerprinting:
- They will know your name.
- They can learn your address.
- They can get login details.
- Your email address will be easy to find.
- They can see what websites you visit.
So they will know your name and where you live, which is plenty, but they will also know your ‘name’ and ‘where you live’ online, too. Your name online is your email, and where you live are all the sites you visit.
With that information on your physical identity hackers can:
- Stalk you, and break into your home when you post online that you’re “Off to Tahiti for 3 weeks biiiiitches.’ This is a realer threat than people give credit for. This is the basics of how the entire true-life story of The Bling Ring came about. Not to mention the horrible robbery of Kim Kardashian as she posted her whereabouts, and possessions, all over the Internet.
- Steal your identity. The more information they have about you, the better they’ll be at stealing your identity and convincing credit card companies, banks, and online retailers that they are you. You’ll have charges in your name, and accounts opened by ‘you’ that you’ve never heard of.
Do you still think that you can do whatever you want online and it will have no real world implications? Really? Keep reading, because this is what they can do with the digital information they steal:
- Brute force hacks, which can start from something as simple as an email address, can crack open your accounts by guessing thousands of passwords per second.
- Once they have one password they can see all of the website you’ve been to and try the same password there to steal from you again.
They can then do this, again and again, until all of your online accounts are drained and you’re left high and dry. Does your bank share the same password as your Facebook? How about you just give me all of your money. I’m nicer than most hackers.
How typical are you?
The EFF is an online privacy activist. They recently started a project called Panopticlick, which tracks how ‘unique’ your online identity is. It’s goal is to figure out how well any tools you’re using to anonymize yourself actually work. Here are the results from a test on a browser I use for general browsing:
Good, but not great, and certainly containing some identifiable information.
Choices you can make to avoid browser fingerprinting
To limit browser fingerprinting, and how easy it is to identify you online, first choose a common browser that is not too unique to start with. Ranked in approximate order from best at the top, to worst at the bottom:
- Safari (Pre-iOS10)
- Microsoft Internet Explorer
- Have as fresh of an install of your OS as possible.
- Limit how much you modify your browser.
- Use a VPN service provider to mask your IP address, particularly one like IPVanish which doesn’t log user data.
- Use your browser’s privacy mode often, or clear cookies at the end of every session.
- Disable Flash as often as possible.
With this done, head back to PanoptoClick to see how much harder it is to identify you and your computer. As you will notice, your fingerprint will not be completely anonymous. Fingerprinting is a major issue which requires proper legislation in order to be lessened so that hackers have fewer opportunities to steal your data. You can make it harder on them using all of the techniques above, so don’t quit and think you’re helpless!
The browser fingerprinting tradeoff
At this time, there is no way to completely defeat fingerprinting. Some aspect of your computer’s identity is going to be identifiable. All you can do is make it harder for those trying to track you.
For example, if you add an extension which blocks tracking via cookies, it makes you more identifiable via fingerprinting. Playing the tradeoff game, and increasing your privacy using the right tools, like a VPN which hides your IP address, are all you can do. Unless you have the money to start up a brand new computer every time you log on…