[URGENT] How To Stop Device Fingerprinting: 6 Critical Steps

Though your smartphone looks like millions of others just like it, mass-manufactured in some vast overseas facility, each one of these units possesses a series of unique digital attributes that allow it to be precisely identified. These “device fingerprints” are similar to those on human hands, in that they leave traces that allow activity to be tracked back to a specific smartphone or tablet.

In theory, device fingerprinting is a useful tool designed to assist security protocols in assessing and preventing fraudulent activity. However, they have also been appropriated by digital marketers to track a user’s activity across apps and websites, generating personal profiles that they can use to precisely target advertising and marketing messages for that user. Ironically, this use of device fingerprinting not only infringes on individual data privacy, but it can also expose a user’s online information to hacking, fraud, and other forms of cybercrime.

While the use of digital “cookies” in online tracking has become relatively mainstream, the average smartphone user likely knows little, if anything, about the growing reliance on device fingerprinting by online marketers and data brokers. Keep reading for a complete breakdown of what device fingerprinting is, how it is used and how to prevent unwanted parties from accessing this highly specific data from your personal device.

What is Device Fingerprinting?

At its most basic level, a device fingerprint consists of a series of numbers or other code based on a list of specific attributes connected to an individual smartphone, tablet, or computer. The items used to generate this unique code include its operating system (OS), Internet service provider (ISP), Internet protocol (IP) address, language preferences, and any hardware installed on the device.

Device fingerprinting differs from the use of tracking cookies in the location in which the data is stored. With web cookies, the tracking information is stored on the device being tracked, while data used in device fingerprinting is stored in a server based outside the device itself.

What details does device fingerprinting capture?

When a device is connected to a web browser, information used to create its device fingerprint includes:

  • IP address
  • HTTP request header
  • User-agent string
  • Installed device plugin
  • Time zone in which the device is being used
  • Device settings (touch support, operating system, language and screen resolution)
  • Flash plugin data
  • Silverlight data
  • Installed fonts
  • Timestamps
  • Wi-Fi networks

What is the purpose of device fingerprinting?

Device fingerprinting was originally created to assist with identity validation and fraud prevention. However, security measures based on device fingerprinting have largely lost their effectiveness because cybercriminals have discovered ways to circumvent them, such as stolen and synthetic identities, mobile device ID resets, and remote access trojans.

Device fingerprinting cannot distinguish between legitimate users and those using fraudulent identities, and substitute device IDs can be easily purchased on the dark web. Using the replacement device ID and previously captured activity from the original device, cybercriminals can create characteristics and identifying information that is identical to the original.

Instead, device fingerprinting is now used with chilling effectiveness by marketers, who can leverage device fingerprints to track users’ activity and generate comprehensive customer profiles—even if the user declines to allow the use of cookies on a website or app. Even if an individual blocks cookies, their device fingerprint can still be used to follow their activity and capture their personal information.

Even if an individual blocks cookies,
their device fingerprint can still be used to
follow their activity and capture their
personal information.

Six Critical Steps to Prevent Device Fingerprinting

Because websites and apps are not yet required to disclose their use of device fingerprinting in the collection of users’ information, it can be hard to know when you are being tracked via this method. However, there are six critical steps you can take to minimize the likelihood that your device fingerprint is being hijacked for fraudulent or invasive marketing purposes.

Final Thoughts on Stopping Device Fingerprinting

Though no foolproof method for preventing all device fingerprinting activity currently exists, the steps above can make it less likely that you will be targeted by outside forces—generally aggressive online marketers or would-be fraudsters—using this approach.

For now, device fingerprinting is just one more aspect of online life for which you’ll need to stay on guard, and another critical component of a comprehensive digital hygiene routine to protect your private data and electronic devices from being accessed by unwanted third parties.

Interested in furthering your personal security? Get your personal information removed from 50+ other people search websites and data brokers for less than the cost of a Netflix subscription with Removaly.

2 thoughts on “[URGENT] How To Stop Device Fingerprinting: 6 Critical Steps”

  1. John, what you wrote about using less common browsers is true, but I think the greater danger to society is further enabling the likes of Google to dictate the terms of the internet. Their Chrome browser (and its derivative forks) has achieved worldwide dominance, their analytics software is on every website, their CAPTCHA software controls access to innumerable websites, their “safe” website checks funnel browsers’ internet searches through their own servers, they track every mobile device user (and internet user, and smart TV user, and IoT user) and monitor their activities, they control and tailor the search results that many people ultimately see based on what is known about them, they steer developers toward incorporating their code into software packages, their ChromeOS has been caught collecting information on children and other users, they have a stranglehold on web advertising, and they attempt to circumvent every attempt to enforce browser privacy for internet users (e.g. FLoC, TOPICS, First-party Sets).

    Fingerprinting is a threat, but I wouldn’t submit to Goole’s surveillance in order to avoid it.

    Reply

Leave a Comment