Personal Tech

Alert: Using a web ad blocker may identify you – to advertisers

There's no escape muhaha

By Kieren McCarthy in San Francisco

93 SHARE

The recent explosion in people installing ad blockers for their browsers may have an ironic side effect: identifying them to advertisers.

French researchers digging into online privacy issues have built on a 2010 study by the EFF that used people's browser configurations to identify individuals. The researchers account for the 2017 internet: they look at what browser extensions people have and what social media services they are logged into.

The results have been as dramatic as the earlier study: people's browsers serve as highly effective identifiers.

We ran the researchers' online test and got a privacy of precisely zero: meaning that of the 4,000+ people that have run the test so far, our browser had a unique fingerprint.

That level of precise identification is possible through no more than a third-party cookie, meaning that advertisers in particular are likely to have a very precise tracking mechanism and be in a position to identify you when you turn up at any website where they also have a cookie.

That sort of information is immensely valuable to companies that wish to both advertise and sell advertising space. By combining the info with other online tracking tools, it also means that you could be personally identified wherever on the internet you travel, even if you clear your cache or take other privacy-protecting measures.

As well as grabbing your browser's configuration – which includes such things as version, type, fonts installed, language, timezone etc – the researchers have developed a way to identify whether over 13,000 extensions are present, and used redirection URL hijacking to check whether you are currently logged into over 50 websites, from Airbnb to Amazon to Facebook, Gmail, Instagram, Reddit, Slack, Twitter and so on.

The end result is a unique fingerprint that clearly identifies you.

Answers

So what is the solution? Well, logging out of websites – especially social media websites – when you're not using them is always a good idea, not least because it also stops them from tracking you.

Also, the fewer extensions you have installed, the less likely you are to be immediately identifiable. So revisiting those extensions and wondering whether you really need them is a smart move.

Then the researchers recommend turning off third-party cookies and using Firefox – which, while it isn't perfect, does leak less information about your setup than other browsers.

And then of course there is Incognito mode, which typically doesn't allow extensions to run unless you specifically authorize them.

But the same rule applies as ever: unless you actively prevent your information from being put out there, you should assume that whenever you log into a site or download a free piece of software – even a browser extension – you are providing people with information that they will actively try to sell.

You can try out the browser extension and login-leak experiment here. ®

Sign up to our NewsletterGet IT in your inbox daily

93 Comments

More from The Register

Oops! Almost a year in and ICO staff haven't been handed a GDPR privacy notice yet

Data watchdog: All our staffers are 'aware' of policies...

Shut the barn door: UK data watchdog tells MPs mass slurping by firms is a huge risk to privacy

You need to rifle through my photos why, exactly?

$30/month email upstart Superhuman brought low with a blast of privacy Kryptonite

Tech exec challenges startup over default tracking

What was that P word? Ah. Privacy. Yes, we'll think about privacy, says FCC mulling cellphone location data overhaul

Analysis Commissioners still doing their best to ignore bounty hunter stalking scandal

Apple arms web browser privacy torpedo, points it directly at Google's advertising model

Safari tech ready to be ignored by online ad giants like all other privacy proposals

Turn me up some: Smart speaker outfit Sonos blasted in complaint to UK privacy watchdog

Tech lawyer argues that 'give us all your data or your kit gets it' doesn't count as valid consent

California's politicians rush to gut internet privacy law with pro-tech giant amendments

Analysis Meanwhile, the only pro-privacy proposal gets quietly pulled

Apple's privacy schtick is just an act, say folks suing the iGiant: iTunes 'purchase histories sold' to data slurpers

Class-action lawsuit accuses Cupertino of breaking the law by flogging personal info

Apple to require privacy policy on all apps

October iOS change reflects broader societal shift

Eggheads confirm: Rampant Android bloatware a privacy and security hellscape

Bundled software not just an annoyance, it's also a risk