In our earlier article, we have explained that fingerprinting is a user tracking technique. It is used to uniquely identify and track end devices and thus users. The method does not require physical access to the device. In particular, the data generated by web browsers is used for fingerprinting, this is known as browser fingerprinting.
The aim of the countermeasures is to increase privacy when surfing the Internet. Browser fingerprinting is much more difficult to prevent on the user side than comparable tracking techniques. In principle, tracking is less easy if many users have a similar or identical fingerprint, as it can then no longer be clearly assigned to a single user. The Tor Browser is designed to achieve this effect. Due to various technical basics (letterboxing, uniform fonts, etc.), many users receive a common fingerprint, they disappear into an anonymity group of users who have the same fingerprint as them. Other browsers, such as Brave, are also designed from the ground up to be as resistant to fingerprinting as possible.
Other methods to limit fingerprinting, regardless of the web browser used, are to block known fingerprinting scripts based on a blacklist. With the help of content blockers or DNS-based blocklists, contact with third-party domains that are known to use fingerprinting can be restricted. Browser add-ons such as the Electronic Frontier Foundation’s Privacy Badger or uBlock Origin can provide such protection. It could also prevent the browser-rendered canvas element from being delivered by disabling the corresponding JavaScript APIs. However, due to the unusual setting, this would create a new feature to identify the user, i.e. make him stand out from the crowd and is therefore not useful. With the complete disabling of JavaScript, canvas fingerprinting becomes impossible. However, this often leads to unusable websites, as JavaScript libraries are often integrated into websites. So this is also not a viable way to reduce tracking.
---
A recommended method, on the other hand, is to slightly manipulate the canvas elements with each output, i.e. to randomly change their properties during rendering. This makes user tracking more difficult, or prevented, because a constant fingerprint no longer exists. As a result, the fingerprint can no longer be traced unambiguously over a longer period of time. One configuration option could be, for example, that the fingerprint is persistent for each website, but changes from website to website. Another could be that the values of the canvas elements are changed every time the browser is closed.
A dedicated add-on that can prevent or falsify the reading of the canvas elements is the CanvasBlocker. Since the method of CSS fingerprinting is still new (as of 2023), the known defense mechanisms do not help against it, nor do dedicated add-ons. However, content blockers such as uBlock Origin can block iframes, which is the only known way to limit CSS fingerprinting.
Various browsers use measures to limit fingerprinting, such as Mozilla Firefox, Brave, Pale Moon, LibreWolf, the Mullvad Browser, and the Tor Browser.
