The internet is a scary place and your personal data can be very valuable to unscrupulous marketing companies that want to harvest your information to serve you targeted ads.
Although VPNs encrypt your traffic, they can't stop websites from tracking your activities through clickbait ads and cookies. Fortunately, most major browsers support extensions that can block harmful links and prevent unnecessary cookies from being downloaded onto your device.
If you don't already have one of these extensions, take a look at our guide to the best ad-blockers of 2023. You can also check the settings of your web browser to make sure your cookie settings are configured to respect your privacy.
While using a VPN, browser extensions, and making sure your web browser settings are configured for privacy are good steps towards anonymity, unfortunately, they cannot stop you from being tracked completely. Your device fingerprints might still be giving you away.
What are device fingerprints?
Device fingerprinting, sometimes known as machine fingerprinting, is the process of collecting information about the software and hardware on a device in order to identify it from others. This isn't always done for sinister reasons. For instance, a software licence may only allow you to install software on one computer and unfortunately that computer required a system reset. In this case, the developer can use a special fingerprinting algorithm based on your machine's specifications to make sure it's the same one you used last time, allowing you to install the software again.
Unfortunately, fingerprinting can be exploited to identify your device in scenarios that you don't want to be identified. In recent years browser fingerprinting has become very sophisticated and the implications are very scary. You can be using a reliable VPN, an ad-blocker, have antivirus installed, and even be using your browser in incognito mode but you can still be identified.
A lot of the time it's your web browser that sells you out. Each time your web browser requests to load a page from the internet, it sends a header detailing which operating system and web browser you're using. This way, sites can more efficiently send the information needed for you to view the web page. Sometimes these headers also contain information about the type of device you're using. This in itself isn't much to go on but this is just one example of a device fingerprint that might be making your device more identifiable.
Untrustworthy websites can also use Javascript to find out even more information about you. Like what browser extensions you’re using, your monitor size, resolution, your time zone, system language and so on.
Some sites even go as far as using a technique called canvas fingerprinting, which uses HTML5 to insert invisible text onto your page. When your device processes the text, the time your machine took to render the image can be used to find out the exact model of GPU you're using. A similar technique called WebGL fingerprinting can also be used to identify your GPU and single it out from others as each GPU will perform ever so slightly differently.
Sometimes a tracker will even play a very short sound and then analyse it through audio fingerprinting, as each web browser manages and plays sounds slightly differently.
So you can find out how easily your device can be singled out from others, the Electronic Frontier Foundation have created the Cover your Tracks online test. If you are concerned that you can still easily be tracked online and you want to make yourself more anonymous, you can try some of these techniques to help you cover your tracks.
Use a common web browser
If you're using a particularly unusual type of browser, you're more likely to have a unique fingerprint. Consider using one of the major players like Mozilla Firefox, Google Chrome or Microsoft Edge.
The Tor Browser was one of the very first browsers to be specifically designed to resist browser fingerprinting. The developers do their best to make sure the browser fingerprint is the same for all Tor users. Some of the data sent in headers is fake so that no matter what operating system you're using, you'll always appear to be using Windows. This OS was chosen because it's the OS most commonly used around the globe. The Tor Browser can also block WebGL and Canvasing tools, and uses the NoScript extension to disable Javascript.
Disable Javascript
A lot of the information that can be used to fingerprint your device is gathered through trackers running Javascript code in your browser. You can disable Javascript altogether in all major browsers but this may prevent some legitimate sites from loading properly. Instead you can consider using a browser extension like NoScript, which blocks Javascript by default but lets you enable it for specific sites.
Use CanvasBlocker
Given that browser extensions are one of the ways you can be identified, you may wonder why we recommend installing another. We recommend CanvasBlocker as it has some great features which can prevent you from being fingerprinted from Canvas and WebGL methods mentioned above. It can also protect you from more sophisticated fingerprinting techniques like playing sounds and detecting your screen resolution. The extension is available for all major browsers like Chrome, Edge, and Firefox.
Use your smartphone more
Believe it or not mobile devices are actually harder to fingerprint. They're less configurable and support fewer extensions. This means that people use more identical browsers on their smartphones making them harder to identify through browser fingerprinting.
Stay encrypted
Trackers sometimes use supercookies to identify your device. These are inserted into your network by your ISP. They're not stored on your machine, so you can't detect or remove them. They also can't be blocked via AdBlockers. The only way to stop them giving you away is to make sure that your header information remains encrypted.
Don't give yourself away
Although device fingerprinting has some legitimate uses, it's most often used by bad actors to track your online browsing activities. There's no need for them to have your personal data, particularly as they never asked permission to gather it.
