Most people know, primarily criminals, that you don't want to leave the oils from your fingers at a crime scene because it creates a fingerprint. Everyone has them (unless they don't have fingers), everyone is unique, and there are databases to store, identify and catalog those fingerprints.
On behalf of Data Privacy Day, we're asking the important question - what about digital fingerprints? Do those exist and can they uniquely identify us? In short, "it depends."
While it's not the objective to collect a user's fingerprint from his/her computer or endpoint device when visiting a website, specific indicators and data are collected to allow for a unique fingerprint. When a user visits a website, information about the computers, web browser, and other characteristics are provided to websites that create, in essence, a digital fingerprint.
When users surf the internet with popular browsers like Chrome, Safari, Edge or even TOR, several unique pieces of information are collected when connecting to the website. These are, but are not limited to, the IP address, browser type, operating system and browser dimensions, plugins used like JavaScript, Flash, graphics engine and language. These items can provide unique metadata of the user and, in essence, a digital fingerprint. Something to consider with screen dimensions and resolution is that they can be used to quickly determine if the endpoint is a mobile device, like a smartphone, a tablet or larger devices like laptops or desktops.
Okay, So What?
From a data privacy standpoint, some users might not be so concerned that the provided information does not contain a unique identifier of who they are, like a name or email address. However, marketing agencies and website owners will use this information to determine demographics and the types of people visiting their website. With every tool, it's used for a properly designed purpose and a malicious reason. This action was seen with Facebook and Cambridge Analytica over the past decade. With the increase in social media and online activities, this metadata of browser information or digital fingerprint and data collected while using the website allowed these companies to create profiles about various types of people. This data, in turn, was used to target specific advertisements or videos towards the users. As seen, Cambridge Analytica has since been shut down mainly due to unethical and illegal business practices. Its actions helped raise awareness towards digital fingerprints and online privacy.
Users can easily see what and how much data is shared when they visit a website. Ironically, there are numerous websites that one can visit to view this information. For a recent research presentation, the website whatsmybrowser.org was used to look at the various browsers' different digital fingerprints. It was interesting to note that most browsers used by the general public all offer up the same data when surfing the web. Using Chrome, Edge, Firefox or Safari, they all deliver digital fingerprint data to the website.
Ways To Protect Yourself While You're Surfing
While the initial reaction might be to think that one can surf using the privacy functions, like Incognito mode from Chrome or InPrivate browsing with Edge, that only stops the browser from recording your history, it still delivers the digital fingerprint data to the website.
While researching the various browsers, only one surveyed against the whatsmybrowser.org website protected most digital fingerprint data. This browser was Brave. It hid whether plugins were used, the dimensions of the browser, screen, language and cookies, but it did provide the Operating System and IP address.
By using Brave, it still offers up the IP address of the global address of the computer. The global source address's IP address is what is assigned to your home router or corporate internet access point, not your endpoint IP address. One recommendation to hide the IP address is to use a VPN service. A VPN provides another global address and hides your home or corporate global IP address. This VPN will now be the exit IP address of that service providing the global IP address. One other protection is it disguises your location since the IP address determines your location. Ironically, if you're using a VPN, it won't be your actual location, but where the country, state or city of where the IP originates.
If a VPN is too complicated or something that’s not available to users, there are additional steps to protect our systems' information when browsing websites. The use of ad blockers and privacy search engines, along with other third-party products, privacy-designed browsers and search engine plugins, can help reduce the amount of information given to the websites. The use of an adblocker won't restrict the sending of a digital fingerprint, and it does minimize adware from appearing on websites and reducing the risk of a malware infection. Search engines that do not store the search engine history or report it to the developer's servers increase one's privacy while surfing online.
The internet is a powerful tool used by most people globally for communication, information, shopping and entertainment. Like any tool and most topics in security awareness training, people need to know the risks and data that transfers between the user, the client and the server or the website. While sharing information about the user's endpoint, the digital fingerprint can also be leveraged to provide information about the user's demographic. This kind of data can be protected and kept private through specific browsers and provide a safe and private surfing session.