Whenever you visit a website, it can obtain a great deal of information from you and the data is used for different purposes. For instance, advertisers rely on different methods to get to know more about you in order to target you accordingly. However, one of the most concerning aspects is browser fingerprinting, a process that allows your browser to identify and track you. Each browser is unique and its settings, plugins and other aspects, can be used to identify users. In order to find out how unique your browser is, you can visit https://panopticlick.eff.org and learn more about its fingerprinting and how much identifiable information it provides. Panopticlick will show you an estimate on how much information your browser’s fingerprinting is giving away. The results will vary from one browser to another but your browser could give away as much as 50 bits of identifying information. This creates a concern that security expert Henrik Gemal, hopes to address on his website BrowserSpy.dk. The site offers a list of the elements used to fingerprint your browser, as well as solutions that will allow you to test each of these elements to find out what data is being leaked.
What data is used to fingerprint your browser
Below, you will find a list of the elements that can be used to fingerprint your browser and what information they can provide.
- Accepted File Types: This would give details about the MIME types, encoding, language and charsets that are accepted by your browser.
- Active X: This will confirm if ActiveX is available and active in your browser.
- Adobe Reader: With this, it can be determined if Adobe Reader is installed and if it is, it can reveal which components are available.
- Ajax Support and XML Information: It will confirm if your browser can run Ajax (this is a web development programming language) and handle XML requests and documents.
- Bandwidth: The speed of your connection can be used to trace you
- Browser: Apart from showing what browser is being used, it also provides details like platform,
codename, online data and version.
- Colors: The colors that can be displayed by your browser
- Connections: This represents that maximum number of connections that your browser can open for a single
- Cookies: This will show if cookies are enabled, what type and how many of them
- CPU: The CPU that your computer uses
- CSS: Cascading Style Sheets is a web design element and this aspect shows which CSS are supported by your browser.
- Cursor: What cursor if supported by your browser
Date and Time
- DirectX: This shows if your browser supports Microsoft’s DirectX APIs, which are used for graphics and multimedia. It is only relevant to Internet Explorer.
- Do Not Track: This is an option that is available from most modern browsers and while it is generally ignored by websites, fingerprinting can check if it is enabled on your browser.
- .NET Framework: This confirms if Microsoft’s .NET web development framework is supported by your browser.
- Email Verification: There are some mailservers that are configured to ensure that the validity of an
email can be verified.
- Flash: It tells if Adobe Flash Player is installed. Adobe Flash is used for interactive content,
videoplayback and multiple types of animation. Unfortunately, there are security concerns around it.
- Fonts: the fonts in your system can be obtained through Java and Flash plugins and they are a strong element used to identify you.
- Google Gears: It tells if your browser supports outdated software. It is used by Google to add new features
- Gecko: It can also be checked if your browser supports Gecko. Gecko is an open source rendering engine that is mainly used in Firefox.
- Geolocation: This will confirm if your browser allows your location to be defined with exactitude.
- Google Apps: It will confirm if your browser or computer offer support for independently customizable versions of multiple
Google products using a domain name provided by the customer.
- GZip Support: This refers to GZip compression, which is generally used on websites as a way to reduce the amount of data sent to the browser.
- IP address: This represents your unique internet address, but it can be disguised with the help of a VPN.
- Java: It establishes if Java programming language is supported by your computer.
- Languages: This is related to the languages that are installed on your computer
- MIME Types: This refers to MIME Types, which is a method that browser use to associate files of a specific type with the helper applications that show files of that type.
- Mobile: This allows to determine if you are using a mobile device such as a tablet of smartphone.
- Objects: This indicates if your browser supports various objects including images, layers forms, links, anchors, frames and more.
- Online/Offline: This will show if you are connected to internet.
- OpenDNS: Will confirm if you are using free, closed source OpenDNS DNS resolution service
- Operating System: Will confirm what platform (Windows, OS X, Linux, Android, etc) you are using.
- Plugins: The browser plug-ins and extensions that are installed can be detected by a website and they
are strong unique identifiers.
- Proxy: It shows if your internet connection is running through a remote computer.
- Personal Security Manager (PSM): This would reveal if your browser uses PSM. This is a group of libraries that carry on cryptographic operations for a client application. For instance, it can take care of certificate management, object signing and signature verification and certificate management.
- QuickTime Player: This would show if your browser offers support for Apple’s media Player.
- RealPlayer: Currently, not many browsers support RealNetworks, RealVideo and Real Jukebox, but this is
other aspect that could be checked.
- Screen: Information about your screen, such as height, width, DPI, font smoothing and color depth can also be revealed.
- Shockwave: ShockPlayer plays Shockwave animations and interactive content. While it is not widely used nowadays, it can also be checked if Adobe ShockPlayer is installed and it will check what version and components are available.
- Silverlight: It will check if Silverlight (Microsoft’s version of Flash) is supported by your browser.
Sound Card: It is possible to also check if a sound card is installed on your computer.
- SVG: It will check if your browser supports Scalable Vector Graphics (SVG). This is an XML specification and file format that can describe two-dimensional vector graphics, both static and animated.
- Text Formatting: Another aspect that can be leaked is the set of formatting tags that are supported by
your browser. For instance, bold and italic.
- WAP device: Although WAP is an outdated technology, another piece of information that could be given away is if your mobile device is enabled for it.
- WebKit: It will tell if your browser supports the WebKit layout engine software component for accessing web pages.
- Windows Media Player: Another element that could be used to fingerprint your browser is Windows Media
Player to see if it is supported by your browser.
There is an extensive list of information provided by your browser to the websites you access. Most of the details gathered are used to make your browsing experience better, adjusting the content to your browser’s features. However, the data can also be used by advertisers and web analytics companies in order to uniquely identify you. This will allow them to keep track of your online activity, ensuring that they can target you with tailored ads. As previously advised, by visiting Panopticlick, you can find out how unique your browser is and if you go to BrowserSpy.dk, you will be able to test which of your browser’s elements are being used for fingerprinting.