Samhain Labs

By Rainer Wichmann rainer@nullla-samhna.de    (last update: Feb 09, 2016)

Part II: Avoid to leave your fingerprint

If you prefer to retain some privacy and anonymity while surfing the web, it is not sufficient to just hide your IP address. In real life you may be identified and tracked by the clothes you wear, or the fingerprints you leave on anything you touch. Likewise, when you surf the web you can be tracked by the — often unique — information given out by your web browser.

How can you be tracked?

Tracking is usually done by third parties — usually advertisement networks — which embed images or ads on many different websites and use information identifying you to track you across websites, e.g. to enable tageted advertisements. Typical methods used may be:

HTML Cookies

This is the oldest and best known method to track people. Cookies are tiny pieces of information that your browser stores on behalf of a website, and delivers again on your next visit. Often websites embed content of other sites (e.g. advertisements), and cookies allow an ad network to track where you've been and (e.g.) what you've been looking for.

"Super Cookies"

Besides classical HTML cookies, which can be blocked easily in the browser preferences, there are various other ways to set cookies for storing and retrieving information (e.g. using flash, or HTML5 session storage). Collectively known as "super cookies", these methods have in common that thea are more robust in the sense that for the user, it is harder to detect and remove them (compared to regular HTML cookies).

Flash Cookies

To view and delete flash cookies, you need to visit the Adobe Settings Manager page and click on "Delete all sites".

HTML5 Storage

On firefox, to view (and delete) HTML5 local and session storage, you can install the FireStorage Plus! Add-On.

Disabling cookies in firefox preferences will also disable HTML5 storage, unless the site is on the whitelist. Also, if cookie preferences are set to session only, this also applies to HTML5 storage. If you want to disable HTML5 storage, you need to type "about:config" in the address bar and hit enter (to go to the hidden preferences), scroll down to dom.storage.enabled, then right click on it and select Toggle to switch from "true" (enabled) to "false" (disabled).

Browser Fingerprinting

Rather than storing persistant information in cookies in order to identify and track users, websites may also collect information about a user's browser (and operating system) to form a unique fingerprint, which can be stored in a database to re-identify the user later on.

By default, your web browser will reveal plenty of information to a web site, including the precise versions of your browser, its plugins, and your operating system, as well as the list of installed fonts, your display size, and various other settings. You can use the Panopticlick site to check how uniquely that data identifies you.

Protecting yourself

Private Mode (Firefox)

From the menu (rightmost icon) you can open a window that runs in private mode, which basically means that all stored information, like e.g. cookies, is session-only, and will be deleted when you close the window. Also, some protection against tracking by third parties is enabled. However, the browser fingerprint is not significantly less unique than in default mode, so you are still susceptible to being tracked by fingerprinting.

Privacy Badger (browser plugin)

Privacy Badger is an Add-On developed by the Electronic Frontier Foundation which aims to defeat third party tracking. Again, this does not significantly alter the uniqueness of your browser fingerprint.

TOR Browser

The TOR browser is a modified version of the Firefox browser which routes all connections through the TOR network to protect your anonymity. However, it also by default includes patches to protect your privacy by defending against third party tracking and changing the browser fingerprint to a very generic one, which is far from unique.