Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Data Privacy and Fingerprints

    Data Privacy and FingerprintsMost people know, primarily criminals, that you don't want to leave the oils from your fingers at a crime scene because it creates a fingerprint. Everyone has them (unless they don't have fingers), everyone is unique, and there are databases to store, identify and catalog those fingerprints.

    On behalf of Data Privacy Day, we're asking the important question - what about digital fingerprints? Do those exist and can they uniquely identify us? In short, "it depends."

    While it's not the objective to collect a user's fingerprint from his/her computer or endpoint device when visiting a website, specific indicators and data are collected to allow for a unique fingerprint. When a user visits a website, information about the computers, web browser, and other characteristics are provided to websites that create, in essence, a digital fingerprint.

    When users surf the internet with popular browsers like Chrome, Safari, Edge or even TOR, several unique pieces of information are collected when connecting to the website. These are, but are not limited to, the IP address, browser type, operating system and browser dimensions, plugins used like JavaScript, Flash, graphics engine and language. These items can provide unique metadata of the user and, in essence, a digital fingerprint. Something to consider with screen dimensions and resolution is that they can be used to quickly determine if the endpoint is a mobile device, like a smartphone, a tablet or larger devices like laptops or desktops.  

    Okay, So What?

    From a data privacy standpoint, some users might not be so concerned that the provided information does not contain a unique identifier of who they are, like a name or email address.  However, marketing agencies and website owners will use this information to determine demographics and the types of people visiting their website. With every tool, it's used for a properly designed purpose and a malicious reason. This action was seen with Facebook and Cambridge Analytica over the past decade. With the increase in social media and online activities, this metadata of browser information or digital fingerprint and data collected while using the website allowed these companies to create profiles about various types of people. This data, in turn, was used to target specific advertisements or videos towards the users. As seen, Cambridge Analytica has since been shut down mainly due to unethical and illegal business practices. Its actions helped raise awareness towards digital fingerprints and online privacy. 

    Users can easily see what and how much data is shared when they visit a website. Ironically, there are numerous websites that one can visit to view this information. For a recent research presentation, the website whatsmybrowser.org was used to look at the various browsers' different digital fingerprints. It was interesting to note that most browsers used by the general public all offer up the same data when surfing the web. Using Chrome, Edge, Firefox or Safari, they all deliver digital fingerprint data to the website. 

    Ways To Protect Yourself While You're Surfing

    While the initial reaction might be to think that one can surf using the privacy functions, like Incognito mode from Chrome or InPrivate browsing with Edge, that only stops the browser from recording your history, it still delivers the digital fingerprint data to the website. 

    While researching the various browsers, only one surveyed against the whatsmybrowser.org website protected most digital fingerprint data.  This browser was Brave. It hid whether plugins were used, the dimensions of the browser, screen, language and cookies, but it did provide the Operating System and IP address.

    By using Brave, it still offers up the IP address of the global address of the computer. The global source address's IP address is what is assigned to your home router or corporate internet access point, not your endpoint IP address. One recommendation to hide the IP address is to use a VPN service. A VPN provides another global address and hides your home or corporate global IP address.  This VPN will now be the exit IP address of that service providing the global IP address. One other protection is it disguises your location since the IP address determines your location. Ironically, if you're using a VPN, it won't be your actual location, but where the country, state or city of where the IP originates. 

    If a VPN is too complicated or something that’s not available to users, there are additional steps to protect our systems' information when browsing websites. The use of ad blockers and privacy search engines, along with other third-party products, privacy-designed browsers and search engine plugins, can help reduce the amount of information given to the websites. The use of an adblocker won't restrict the sending of a digital fingerprint, and it does minimize adware from appearing on websites and reducing the risk of a malware infection. Search engines that do not store the search engine history or report it to the developer's servers increase one's privacy while surfing online.  

    The internet is a powerful tool used by most people globally for communication, information, shopping and entertainment. Like any tool and most topics in security awareness training, people need to know the risks and data that transfers between the user, the client and the server or the website. While sharing information about the user's endpoint, the digital fingerprint can also be leveraged to provide information about the user's demographic. This kind of data can be protected and kept private through specific browsers and provide a safe and private surfing session. 

    Discover 5 Major Threats to Your Digital Supply Chain and How to Reduce Vendor Risk

    Threats Digital Supply ChainJoin James McQuiggan, Security Awareness Advocate at KnowBe4, as he discusses the five major threats to your digital supply chain. Find out why a Vendor Risk Management (VRM) program is an critical step to securing your organization from third-party services or vendor products.

    Watch It Now

     

     

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: https://kcmgrc.knowbe4.com/5-threats-digital-supply-chain

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training, Data Breach

    James McQuiggan

    ABOUT JAMES MCQUIGGAN

    James McQuiggan has over 20 years of experience in cybersecurity. He is currently a Security Awareness Advocate for KnowBe4, where he is responsible for amplifying the organization’s messaging related to the importance of, effectiveness of and the need for new-school security awareness training within organizations through social media, webinars, in-person presentations, industry trade shows and traditional media outlets.

    Prior to joining KnowBe4, McQuiggan worked at Siemens where he held various cybersecurity roles, including consulting and supporting various corporate divisions on cybersecurity standards, information security awareness and securing product networks. McQuiggan is a part-time faculty professor at Valencia College in the Engineering, Computer Programming and Technology division. He also volunteers for several initiatives through ISC2, including president of the ISC2 Central Florida Chapter, a member of the North American Region Advisory Council and a member of the Board of Trustees for the Center for Cyber Safety and Education.

    Read more from James »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews