Reclaim Your Digital Life

Browser tracking is the single most important concept on this website. I see browser tracking as the single biggest threat to online privacy and also the single most difficult threat to overcome. If you don’t know about browser Fingerprinting you must read this post.

To understand this you must realise that when you visit a website,that website and any code on it, sees and interacts with your browser. One way it might interact with your browser is by placing a cookie in your browser. I will post a long list of things it might ‘see’ below, but first just read on.

When I talk about “Browser Tracking” I am referring to any technology that enables a website or a bit of code within a website to recgonise you when it sees your browser for a second time. This is a big privacy threat becasue imagine that you visit a website to buy a pizza. A week later you visit a website to book a doctors appointment. But both websites the same bit of code (for example, the code which displays a social media button) and thus the owern of that code knows that you, the same person who baught the pizza, have now visited a doctors website. Overtime, the owner of this code can build a profile about your browsing habbits.

Now lets look at the technologies that make this possible. In other words, these are the technologies that enable the website (or code within the website) to know that this is the same browser that has been seen before.

The first is Cookies: Everyone knows about normal cookies cookies (also called HTTP cookies) but honestly cookies are of no great concern to me. Cookies are files placed on your computer by a website, or code within that website. But there are two types of cookies, first party cookies and third party cookies.

Third party cookies are placed by third party code within a website, and they can be used track you whenever you visit a website which has the same third party code embeded in it. These do pose a privacy threat but most browsers can be set to reject third party cookies, so really they of no threat to smart privacy fans of this website.

Summary: Third party cookies pose a privacy threat but are easily avoided You should set your browser to block them.

First party cookies can only be placed by the website you visit (ie not by third pardy code) and they enable this website to know that you are the same person when you return to that same website a subsequent time. For example, you buy a pizza online, next week you go back to the pizza website and it recgonises your browser it sees the cookie that it put there the first time it “met you”. This is useful. It might mean you don’t have to re-type your login details (for example). But first party cookies pose no threat to privacy (in my opinion) becasue other websites you visit simply cannot see them. This is how they differ from third party cookies.

Summary: First party cookies are useful and pose no real privacy threat. You should set your browser to allow them.

Next we talk about super cookies. And I’m going to start with the most dangerous type of supercookie, the ISP-Based Supercookie. Despite it’s name, this is not a cookie at all. This is a bit of code that your internet service provider inserts into the header of a request after it has left your computer. This code contains your Unique Identifier Headers (UIDH), which uniquely identifies your connection to your internet service provider. It is not unique to your browser, rather it is unuique to your internet connection, and thus ANY DATA (even that from apps) could be tagged with this dangerous cookie.

The internet is full of reports about this case _____ in which a US internet service provide was fined as a result of using this kind of cookie to share information about it’s customers.

You can’t delete the ISP-supercookies because they are not on your computer, they are inserted to data that has left your computer already so you have no control over it. Add blockers can’t help you either, for the same rason. There is only one defense, and that is to ensure that your connection with your website is always encrypted. This means always using HTTPS rather than HTTP, or the easiest way, always use a trusted VPN.

[insert digram showing connection between users device, ISP, with labled point of ISP-cookie insertion and a second digram showing how VPN helps]

I recommend and use ExpressVPN. Note that this is an affiliate link that will provide you with a free month and also help this website.

Summary: ISP-supercookies are a huge privacy violation. They have ability to track your whole ineternet activity (not just your browser) and there is only 1 good way to avoid yourself being succeptable to them: use a trusted VPN (I use ExpressVPN).

Next I mention Other Supercookies. These are the Flash and LSO supercookies. They are stored on your computer, much like a HTTP cookie (the normal cookie) but they aren’t deleted in the same way. They are stored in obsqure places on your computer presumably to avoid detection and deletion. But most modern privacy respecting browsers have mitigated this risk: they simply maintain a seperate cache for each website, so that anything that a website stores in your cache can not be used to track you, it can only be seen by the one website that created it.

If you want to know where they are stored, or what broswers can to protect you from them, I recomend this blog post by Moxilla from 2021 explaining what they have done in version 85 of firefox to mitigate the risk posed by flash and LSO supercookies: https://blog.mozilla.org/security/2021/01/26/supercookie-protections/

And if still lack trust? do what I do and use Qubes operating system. This single best way that I know of to ensure that malware never survives on your computer, and that it breaches your privacy minimally even if it does. But it will be the topic of a different post.

Summary: Flash and LSO supercookies are stored on your computer, albeit in secret places. While they are sneaky, the risk posed by them is largely mitigated by modern privacy-respecting browsers. But if you’re still very paranoid? Well, there is always Qubes!

Fingerprinting

This is the single biggest threat to online privacy in my opinion. Why? Becasue it is so powerful and so difficult to avoid.

If you’ve been paying attention you’ve now reach the stage wherey you can forget about cookies and even super cookies! By now you use a VPN, you have blocked third party cookies, you use a privacy-respecting browser (like firefox or brave) and maybe you even use Qubes. But I have bad news for you: Fingerprinting is so powerful that it can still be used to track you around the internet and build a profile about your browsing habbits.

Let me explain what it is. When you visit a website you share information about your browser with that website. It’s simple information but collectively there is a lot of it. Which fonts you have installed, what your screen resolution is, wether or not you have javascript enabled. Sounds harmless, right? No, wrong. Collectively there is enough data to make your browser VIRTUALLY UNIQUE on the internet. Don’t believe me? This was proven by the panopticlick project. You should go to this website now to read about the project, and then to this page to have it test your browser. See the huge list of information available, and see how unique your browser is?

The websites listed above also contain lots of steps you can take to reduce the threat of fingerprinting (see this link) and I recomend you read the list. But most of them are very very inconvenient (like disabling javascript, which is great for privacy but then half the worlds websites wont work) and this is why there is only a few measures that I really recommend to defend against browser fingerprinting, and I’ll outline them below:

The Tor Browser:

Use the ultimate fingerprint resistant browser. I recommend it’s use whenever your privacy matters the most. Read about torr browser on the Torr website, but in summary it attempts to overcome fingerprinting by not being unique: It aims for all people using the Tor browser to have the same fingerprint.

If you want to use the torr browser you can simply install it and run it on most operating systems – go and get started! [If you install Qubes it will in fact contain Torr browser within Whonix, but this is for more advanced privacy and security fans and will be the topic of a different article].

You should follow some rules to ensure you do not sabotage its annonimity and it is important to undertand it’s limitations. You should read the support page of the Torr website.

Now given that this is the ultimate in online privacy protection, you might ask why you would not use it all the time? The reasaon is that the Torr browser uses the Torr network, and most people think it is just too slow for daily use. You will also be frustreted by “captchas” on websites everywhere you go. It is for this reason that I recommend the following.

Use another fingerprint resistant browser, Brave Browser, for the rest of your browsing (when you consider Tor to be just too slow and too inconvenient). Brave aims to overcome fingerprinting in a different way: it aims to have a randomised fingerprint. But do make some modifications to it: turn fingerprint protection to “strong”, set it to block social media like buttons, and change the default search engine to a privacy respecting one (duckduckgo.com).

Summary: Browser fingerprinting can uniquely identify most browsers, such that the same browser can be “recgnised” or “identified” everywhere it goes. It is a powerful way of tracking your browser. Tor browser is the only real defenese but not practical for daily use. For daily use I recomend brave browser at least, and you can consider other precautions listed on this website but most cause too much inconvenience for me personally.