指纹(fingerprint)的字面意思是指尖在触摸某物时留下的印象。放大镜(magnifying glass)下可以清晰看到的螺纹和棱纹(whorls and ridges)。据我们所知,每个人的整个指纹都是独一无二的。这意味着如果你的指纹与犯罪现场的指纹相符,你最好有一个很好的解释。
因此,当我们谈论浏览器指纹识别(browser fingerprinting)时,您可能已经有了大致的想法。正如您可能认为的那样,这是一种通过识别浏览器的独特方面来识别谁访问过网站的方法。这些是什么方面?很高兴(Glad)你问!
无论如何(Stuff Anyway),这个指纹识别的东西是什么?
假设您有一个新安装的Windows副本,并且刚刚安装了您选择的Web 浏览器。(web browser)
当您访问一个网站时,该网站可以从浏览器请求有关您计算机的各种信息。在这台全新的机器上,它会知道计算机使用的硬件、屏幕分辨率(screen resolution)以及您正在运行的Windows版本等信息。
随着您使用计算机、访问网站和安装插件,您的计算机和浏览器(computer and browser)变得越来越独特。这意味着以后可以匹配用于访问给定站点的特定浏览器和计算机。(browser and computer)
假设您打开了某种隐私保护(privacy protection),例如VPN。尽管您的ISP和您连接的远程站点不知道您是谁或您来自哪里,但您的浏览器指纹(browser fingerprint)可以告诉他们一些事情。
如果两个站点都比较指纹,您可能会同时链接到这两个站点。如果您在没有任何隐私保护(privacy protection)的情况下访问其中一个,您将在表面上“匿名”的情况下确认您的互联网活动。(internet activity)
如何测试您的浏览器指纹(Browser Fingerprint)
您可以很容易地测试您的浏览器是否留下了独特的打印。有几个在线工具可以公开这些信息供您查看。最容易推荐的是电子前沿基金会的Panopticlick 3.0。
您所要做的就是单击“测试我”,您将在几秒钟内看到您的浏览器是否足够独特,足以构成隐私风险(privacy risk)。来吧,现在就试试吧。
不留指纹
想必大多数阅读这篇文章的人都没有通过跟踪测试。那么你可以做些什么来匿名你的浏览器呢?
这个问题的答案是度数。没有 100% 万无一失的匿名浏览方式,但您可以让它变得足够困难,以至于任何想要跟踪您的浏览的人都没有资源或动力这样做。
让我们看看您可以采取的一些实际步骤,以便在网上变得更加匿名。
私人浏览模式
Chrome 或 Firefox(Chrome or Firefox)等流行浏览器具有隐私浏览模式,可关闭大量用于跟踪和指纹识别的功能。
当您处于隐私浏览模式(browsing mode)时,计算机不会保留 cookie 或站点数据。它不会隐藏您正在访问的网站的许多内容,但它确实可以防止积累一些可用于识别您的独特数据。
当然,您不能在这种模式下使用整个互联网。因此,当您访问您不想将其作为总ID 数据(ID data)一部分的网站时,请切换到私人标签。
踢扩展习惯
您对浏览器所做的每一次修改都可以更轻松地将其与网络上的所有其他用户区分开来。真正定制您的体验可能很诱人,并且有许多出色的浏览器扩展,例如Chrome。
不幸的是,如果您完全关心被跟踪和识别,则需要避免使用扩展程序。嗯(Well),除了一个。EFF的Privacy Badger扩展实际上阻止了不可见的跟踪技术,您可以在Firefox 和 Opera(Firefox and Opera)中获得它。
再见 Javascript
JavaScript是现代网络的基石。它是一种脚本语言,可以让网站做各种花哨、互动和智能的事情。这也是网站询问您的系统和指纹您的浏览器的主要方式。
所以如果你真的想避免被跟踪和追踪,禁用JavaScript是一个强大的方法。一种适用于Firefox的流行工具是NoScript。它还提供防止点击劫持的保护。
使用NoScript,您必须使用JavaScript明确地将您信任的网站列入白名单,因此它非常安全,
使用流行的浏览器
虽然尝试一些不走寻常路的东西很酷,但如果您关心浏览器隐私(browser privacy),这不是最好的主意。最好坚持使用非常流行的浏览器。因此,请避免使用小众和大量修改的浏览器。
有很多方法可以表达你的个性,但这实际上是一个坏主意。
Boss模式(Mode):使用虚拟机(Machine)、VPN 和隐私操作系统(VPN and Privacy Operating System)
如果您想要一个更核心的解决方案来通过您的互联网浏览(internet browsing)习惯进行跟踪和识别,则可以在隐私方面做一些“核”的事情。通过结合多种技术,您可以从根本上减少被您访问的网站识别的机会。
食谱是这样的:
- 使用隐藏您真实硬件规格的虚拟机。
- 在虚拟机中运行注重隐私的操作系统。(privacy-focused operating system)尾巴(Tails)是个不错的选择。
- 使用现有的Tor 浏览器(Tor browser),它已经包含在Tails中。
- 使用不存储活动日志的VPN,这样您的ISP就没有与您访问的站点数据相关的数据。
综合起来,这些措施使您的 ISP 或您访问的网站很难唯一识别您。
当然,如果您自愿提供自己的身份,这些都不重要。登录Facebook 或 Twitter(Facebook or Twitter)让您对自己的身份毫无疑问。这意味着您还必须了解您公开提供的信息以及您是否想要这样做。
How Browser Fingerprinting Hurts Online Privacy & What To Do About It
The literal meaning оf fingerprint is the impression your fingertip leaves when you touch something. The whorls and ridges that can be clearly seen under a magnifying glass. As far as we know, each person’s whole fingerprint is unique. Which means if your fingerprints match those at the scene of a crime, you’d better have a good explanation why.
So, when we talk about browser fingerprinting, you probably have the general idea right already. As you probably thought, it’s a way to identify who has visited a site by identifying the unique aspects of their browsers. What aspects are these? Glad you asked!
What Is This Fingerprinting Stuff Anyway?
Let’s imagine that you have a freshly-installed copy of Windows and have just installed the web browser of your choice.
When you visit a website, that website can request all sorts of information about your computer from the browser. On this fresh new machine, it will know things like what hardware the computer is using, what the screen resolution is and the version of Windows you’re running.
As you use the computer, visit websites and install plugins, your computer and browser becomes more and more unique. Which means that the specific browser and computer used to visit a given site can be matched later.
Let’s say you switch on some sort of privacy protection, such as a VPN. Although your ISP and the remote site you connect to are in the dark about who you are or where you are from, your browser fingerprint can tell them something.
If two sites both compare fingerprints, you may be linked to both. If you visited one of them without any privacy protection, you will have confirmed your internet activity while ostensibly “anonymous”.
How To Test Your Browser Fingerprint
You can test whether your browser is leaving a unique print around quite easily. There are several online tools that expose that information for you to see. The one that’s easiest to recommend is the Electronic Frontier Foundation’s Panopticlick 3.0.
All you have to do is click “TEST ME” and you’ll see within a few seconds whether your browser is unique enough to be a privacy risk. Go ahead and try it now.
Leaving No Fingerprint Behind
Presumably most of you reading this have failed the tracking test. So what can you do to anonymize your browser?
The answer to this question comes in degrees. There is no 100% foolproof way of anonymizing your browsing, but you can make it hard enough that whoever wants to track your browsing won’t have the resources or motivation to do so.
Let’s look at some practical steps you can take to become more anonymous online.
Private Browsing Modes
Popular browsers such as Chrome or Firefox have private browsing modes that switch off plenty of functions used for tracking and fingerprinting.
When you’re in private browsing mode, the computer won’t retain cookies or site data. It doesn’t hide many things from the site you are visiting, but it does prevent the accumulation of some unique data that could be used to identify you.
Of course, you can’t use the entire internet in this mode. So switch over to a private tab when visiting sites you’d rather not have as part of your total ID data.
Kick The Extension Habit
Every modification you make to your browser makes it easier to tell it apart from all the other users on the net. It can be tempting to really customize your experience and there are many brilliant extensions for browsers like Chrome.
Unfortunately, if you care at all about being tracked and identified, you need to refrain from using extensions. Well, except for one. The Privacy Badger extension from the EFF actually blocks invisible tracking technologies and you can get it for Firefox and Opera.
Bye Bye Javascript
JavaScript is a cornerstone of the modern web. It’s a scripting language that lets websites do all sorts of fancy, interactive and intelligent things. It’s also the main way that websites interrogate your system and fingerprint your browser.
So if you really want to avoid getting tracked and traced, disabling JavaScript is a strong method. One popular tool that works with Firefox is NoScript. It also provides protection against clickjacking.
With NoScript you have to explicitly whitelist the sites you trust with JavaScript, so it’s very secure,
Use Popular Browsers
While it’s cool to try something off the beaten path, it’s not the best idea if you care about browser privacy. It’s best to stick to browsers that are very popular. So avoid niche and heavily modified browsers.
There are many ways to express your individuality, but this is one area where it’s actually a bad idea.
Boss Mode: Use a Virtual Machine, VPN and Privacy Operating System
If you want a more hardcore solution to being tracked and identified through your internet browsing habits, it’s possible to do something a little “nuclear” in terms of privacy. By combining several technologies you can radically reduce the chances that you can be identified by the sites that you visit.
The recipe goes something like this:
- Use a virtual machine, which hides your true hardware specifications.
- Run a privacy-focused operating system within the virtual machines. Tails is a good choice.
- Use the stock Tor browser, which is already included in Tails.
- Use a VPN that does not store activity logs, so that your ISP has no data for correlation with data from sites you visit.
In combination, these measures make it very hard for either your ISP or the site you visit to uniquely identify you.
Of course, none of that matters if you volunteer your identity. Logging into Facebook or Twitter leaves little doubt about who you are. Which means you also have to be cognizant about the information you openly provide and whether it’s what you want to do or not.