nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Alert: Using a web ad blocker may identify you – to advertisers

There's no escape muhaha

By Kieren McCarthy, 14 Apr 2017

The recent explosion in people installing ad blockers for their browsers may have an ironic side effect: identifying them to advertisers.

French researchers digging into online privacy issues have built on a 2010 study by the EFF that used people's browser configurations to identify individuals. The researchers account for the 2017 internet: they look at what browser extensions people have and what social media services they are logged into.

The results have been as dramatic as the earlier study: people's browsers serve as highly effective identifiers.

We ran the researchers' online test and got a privacy of precisely zero: meaning that of the 4,000+ people that have run the test so far, our browser had a unique fingerprint.

That level of precise identification is possible through no more than a third-party cookie, meaning that advertisers in particular are likely to have a very precise tracking mechanism and be in a position to identify you when you turn up at any website where they also have a cookie.

That sort of information is immensely valuable to companies that wish to both advertise and sell advertising space. By combining the info with other online tracking tools, it also means that you could be personally identified wherever on the internet you travel, even if you clear your cache or take other privacy-protecting measures.

As well as grabbing your browser's configuration – which includes such things as version, type, fonts installed, language, timezone etc – the researchers have developed a way to identify whether over 13,000 extensions are present, and used redirection URL hijacking to check whether you are currently logged into over 50 websites, from Airbnb to Amazon to Facebook, Gmail, Instagram, Reddit, Slack, Twitter and so on.

The end result is a unique fingerprint that clearly identifies you.

Answers

So what is the solution? Well, logging out of websites – especially social media websites – when you're not using them is always a good idea, not least because it also stops them from tracking you.

Also, the fewer extensions you have installed, the less likely you are to be immediately identifiable. So revisiting those extensions and wondering whether you really need them is a smart move.

Then the researchers recommend turning off third-party cookies and using Firefox – which, while it isn't perfect, does leak less information about your setup than other browsers.

And then of course there is Incognito mode, which typically doesn't allow extensions to run unless you specifically authorize them.

But the same rule applies as ever: unless you actively prevent your information from being put out there, you should assume that whenever you log into a site or download a free piece of software – even a browser extension – you are providing people with information that they will actively try to sell.

You can try out the browser extension and login-leak experiment here. ®

The Register - Independent news and views for the tech sector. Part of Situation Publishing