Browser Tracking

Many common methods of preventing browser tracking are ineffective.

Tracker Blockers

Blocking a few tracker domains does not actually prevent tracking. You cannot make a list of every single tracker domain and block them all since there are far too many. Enumerating badness does not work.

Even if you did magically create a blacklist of every single tracker domain ever, the website does not need to connect to a third-party domain to run tracking code. Blocking Google Analytics does not prevent the website from simply running their own first-party tracking code.

The website can then share this information to the people that made the trackers you've blocked so everyone gets the exact same information they would have gotten in the first place.

Blocking trackers can only remove some low hanging fruit and is not a proper approach to improving privacy. This is the reason the Tor Browser does not include any tracker blockers.

Privacy Badger

Privacy Badger is a tracker blocker. It suffers from all of the same issues as described above and has more issues of its own.

Privacy Badger works by detecting new trackers as you browse and adding them to a blacklist. It may sound appealing at first, but what that does is give you a completely unique fingerprint based on your browsing history.

Privacy Badger also attempts to prevent canvas fingerprinting but this is not hard to bypass and can actually further add to your fingerprint.

Configuring / "hardening" the browser

You cannot configure your browser to prevent tracking either. Everyone will configure their browser differently so when you change a bunch of about:config settings such as privacy.resistFingerprinting and pile on browser extensions like Privacy Badger, you're making yourself stand out and are effectively reducing privacy.

Additionally, just disabling JavaScript, while preventing large vectors for fingerprinting, does not prevent fingerprinting entirely. Fingerprinting can be done with only CSS and HTML. One example is using @media rules to figure out your browser resolution.

You also cannot substantially improve security by configuring the browser. Changing a few settings will not fix deep architectural security issues. You can at most reduce some attack surface by disabling things but most people don't do this to an extent where it actually matters.

Fingerprint Testing Websites

Fingerprint testing websites such as Panopticlick cannot reliably test your fingerprint.

These websites determine the uniqueness of your fingerprint based off of their own userbase which will miss out on the majority of real users, thereby providing inaccurate statistics and is not a viable way of determining how well you fair off against fingerprinting in the real world.

These websites also don't test for much. Do these websites fingerprint you by where your cursor is on the screen? By your clock skew? By the performance of your device? etc.

Conclusion

The only real approach to preventing browser tracking/fingerprinting is by using a browser that is designed to prevent this by default and the users do not change it. The most effective browser that does this is the Tor Browser.

Although, the Tor Browser's fingerprinting protections aren't perfect and its security is quite weak.

Go back