Fingerprinting
❗Article Status Notice: This Article is a stub
This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼
Issues may include:
- This article needs to be expanded to provide meaningful information
- This article requires additional verifiable evidence to demonstrate systemic impact
- More documentation is needed to establish how this reflects broader consumer protection concerns
- The connection between individual incidents and company-wide practices needs to be better established
- The article is simply too short, and lacks sufficient content
How you can help:
- Add documented examples with verifiable sources
- Provide evidence of similar incidents affecting other consumers
- Include relevant company policies or communications that demonstrate systemic practices
- Link to credible reporting that covers these issues
- Flesh out the article with relevant information
This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.
❗Article Status Notice: Inappropriate Tone/Word Usage
This article needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Specifically it uses wording throughout that is non-compliant with the Editorial guidelines of this wiki.
Learn more ▼
How You Can Help: If this is a non-Theme article (See: Article types):
- Persuasive language should not be used in the Wiki's voice. Avoid loaded words, or the causing of unnecessary offense, wherever possible.
- No direct attacks on named individuals or companies. Malice may be attributed to bad and proven offenders, but only through the use of quotation and citation - never in the Wiki's voice.
If this is a Theme article:
- Where argumentation is used make sure it is clear and direct but not inflammatory. Avoid strong language, or causing unnecessary offense.
- No direct attacks on named individuals or companies. Malice may be attributed to bad and proven offenders, in a formal and calm manner.
This notice will be removed once sufficient documentation has been added to establish the systemic nature of these issues. Once you believe the article is ready to have its notice removed, visit either the Moderator's noticeboard, or the Discord (join here) and post to the #appeals channel.
Fingerprinting consists on attempting to uniquely identify someone or something, so that it becomes easier to track.
A device fingerprint is a collection of information about a device's hardware and configuration. Unlike an IP address, which is a singular piece of data that users can manipulate for privacy and security (such as using a VPN service or resetting network connections), a device fingerprint holds a series of specified data that can be uniquely attributed to a device or user (or a group thereof), and are therefore much harder to protect from tracking and abuse of privacy.
How it works
Fingerprinting can work in 2 ways:
- By collecting one or more data items (e.g. device hardware, web browser, browser plugins, configuration, screen resolution, installed fonts, etc...)[1] from the subject and turning the data into a much shorter bit string that uniquely identifies itself (typically by applying a hash-function), this string can be recomputed and then matched against a database, to repeatedly correlate subject activity. Even the lack of data can be used to build a fingerprint, as certain data is unlikely to be missing. Because of the many different variables used to generate a fingerprint, adding extensions and changing settings intending to increase privacy may have the opposite effect.
- By inserting unique (or mostly unique) data into the subject, there's no need to recompute the fingerprint, so it can be compared and matched faster. An example of this is Unicode steganography, which consists on adding invisible and/or confusable (see homoglyphs) characters in digital text, so that copy-pasting the text distributes the fingerprint.[2][3] A more common example is tracking cookies.
Why it is a problem
While there are some benefits from a security perspective (e.g. trusted-device recognition and fraud prevention), fingerprinting allows entities (such as web servers) to identify individuals even while masking their IP address, flagging privacy concerns and letting companies do things like targeted advertising, selling personal data and more. It also allows another avenue for tracking across websites as services implemented on many different sites on the web (such as CDNs) will be able to follow device browsing from one website to another. [4]
Remedies
Device fingerprinting is difficult to avoid due to the aforementioned data points available. Notable remedies include using privacy-focused browsers such as Mullvad, Brave, or Tor, which either randomizes certain data points to hide unique attributes or modifies identifiers to make all users appear to be the same in an effort to reduce the uniqueness of the system (AKA spoofing). [5]
For those looking to test browser protection against web fingerprinting, the Electronic Frontier Foundation has a tool called Cover Your Tracks to display unique hardware and software fingerprints.
References
- ↑ "How does device fingerprinting work?". crossclasiffy.com. Archived from the original on 7 Sep 2025. Retrieved 31 August 2025.
- ↑ https://www.zachaysan.com/writing/2017-12-30-zero-width-characters
- ↑ https://www.zachaysan.com/writing/2018-01-01-fingerprinting-update
- ↑ "Browser Fingerprinting: What It Is and How to Block It". techreviewadvisor.com. Archived from the original on 21 Nov 2025. Retrieved 10 October 2025.
- ↑ "Anti-fingerprinting". tb-manual.torproject.org. Archived from the original on 29 Oct 2025.