Many people use web browser add-ons (such as Ad-blockers) for their everyday browsing. What most people are unaware of is that many of these add-ons have permissions that allow the add-on to view the content of the web pages the user is viewing.
The problem? If someone has installed a malicious add-on, their web browsing data (e.g. browsing history, password credentials, what they type into a website, etc.) would have been sent to the add-on’s creator. Now I am not implying that every single web browser add-on does this, but there is a very high potential that this can happen.
Would only using open-source browser add-ons be a safe option? Well open-source add-ons would definitely lower the chance that someone would get away with spying on you. However open-source projects do not have a spotless security track record either. There is still some risk.
Even Mozilla themselves warn about this problem with web browser add-ons (also called extensions).
Here is an example of what I am talking about (https://www.zdnet.com/article/mozilla-removes-avast-and-avg-extensions-from-add-on-portal-over-snooping-claims/).
Posted in Android, Computers, General, Internet and Servers, Security, Software
A web browser fingerprint is the identification of someone’s web browser in an attempt to track you regardless of what IP address you are coming from.
Basically your web browser is probed to determine what add-ons you have installed, what fonts are installed on your computer, what video card your computer has (via WebGL), PNG hash, what operating system you are using, your web browser’s 2D canvas, etc. All of this information is combined to form a fingerprint of your web browser.
Now you may be asking, “How does this allow someone to track my online visits?” Good question. People can make use of this fingerprinting to track you even if you take measures to deter people from monitoring your online activity (e.g. using a VPN).
If you have ever visited a website (without using a VPN) and later on you visit the same website (this time, using a VPN), they can still have a pretty good guess that it is you just by looking at your browser fingerprint you left the last time you visited (without the VPN).
This is how websites like YouTube still show you relevant recommendations, even if you use another IP address to access their web service.
Is there any way to stop browser fingerprinting? Not really. You can help confuse trackers into thinking you are someone else by spoofing the fingerprint, but this is not guaranteed to always work.
A browser fingerprint spoofer basically “lies” to a website giving it false information about the web browser. This of course causes the fingerprint to be different than it normally would be. The result? A website thinks you are someone else regardless of the IP address you are connecting from.
(This does not take into account tracking cookies. Websites can also track you with cookies, regardless if they use web browser fingerprinting techniques.)
So what do I recommend to do to help stop browser fingerprinting? Well you can do the following (my opinions, of course):
- use Mozilla Firefox – this is a good web browser for security and privacy
- use the Canvas Blocker for Firefox add-on – this spoofs your browser fingerprint
That should help protect your real fingerprint from being found out. I should note that spoofing your fingerprint may end up breaking certain websites. You will just have to try it out.
Please keep in mind, a browser fingerprint spoofer can end up making your fingerprint unique to everyone else’s fingerprint. This can cause you to stand out like a sore thumb, and cause you to be even more easily tracked. 🙁
This is because most people are not using a fingerprint spoofer and it would become obvious that you (and maybe a couple of other people) are the only ones faking your browser fingerprints. In other words, you do not “blend into the crowd”.
Another trick is to turn on Mozilla Firefox’s “resist fingerprint” feature. This feature, among other things, causes your web browser’s fingerprint to match that of the TOR web browser. This makes you blend into the crowd of TOR users, since they all should be using the same fingerprint.
To turn this feature on:
- at the about:config webpage (on Firefox), find the option privacy.resistFingerprinting and set it to true, then restart the web browser
However this feature (in my experience) causes some websites to break (animations are slowed down, current time of day will not be correct, etc.) This all helps to prevent websites from fingerprinting the browser.
Please remember that there is no way to be 100% anonymous on the Internet. Always someone out there who can track you. All you are doing is making it harder to be tracked.
I hope I have helped someone with this blog post. It took me a bit to write it, but it is worth it if it helps. 🙂
Posted in Computers, Security, Software, VPN