Read this story on The Register

Alert: Using a web ad blocker may identify you – to advertisers

There's no escape muhaha

By Kieren McCarthy in San Francisco

Posted in Personal Tech, 14th April 2017 18:24 GMT

The recent explosion in people installing ad blockers for their browsers may have an ironic side effect: identifying them to advertisers.

French researchers digging into online privacy issues have built on a 2010 study by the EFF that used people's browser configurations to identify individuals. The researchers account for the 2017 internet: they look at what browser extensions people have and what social media services they are logged into.

The results have been as dramatic as the earlier study: people's browsers serve as highly effective identifiers.

We ran the researchers' online test and got a privacy of precisely zero: meaning that of the 4,000+ people that have run the test so far, our browser had a unique fingerprint.

That level of precise identification is possible through no more than a third-party cookie, meaning that advertisers in particular are likely to have a very precise tracking mechanism and be in a position to identify you when you turn up at any website where they also have a cookie.

That sort of information is immensely valuable to companies that wish to both advertise and sell advertising space. By combining the info with other online tracking tools, it also means that you could be personally identified wherever on the internet you travel, even if you clear your cache or take other privacy-protecting measures.

As well as grabbing your browser's configuration – which includes such things as version, type, fonts installed, language, timezone etc – the researchers have developed a way to identify whether over 13,000 extensions are present, and used redirection URL hijacking to check whether you are currently logged into over 50 websites, from Airbnb to Amazon to Facebook, Gmail, Instagram, Reddit, Slack, Twitter and so on.

The end result is a unique fingerprint that clearly identifies you.

Answers

So what is the solution? Well, logging out of websites – especially social media websites – when you're not using them is always a good idea, not least because it also stops them from tracking you.

Also, the fewer extensions you have installed, the less likely you are to be immediately identifiable. So revisiting those extensions and wondering whether you really need them is a smart move.

Then the researchers recommend turning off third-party cookies and using Firefox – which, while it isn't perfect, does leak less information about your setup than other browsers.

And then of course there is Incognito mode, which typically doesn't allow extensions to run unless you specifically authorize them.

But the same rule applies as ever: unless you actively prevent your information from being put out there, you should assume that whenever you log into a site or download a free piece of software – even a browser extension – you are providing people with information that they will actively try to sell.

You can try out the browser extension and login-leak experiment here. ®

Sign up to our NewsletterGet IT in your inbox daily

93 Comments

More from The Register

You are the one per cent if you read Firefox's privacy spiels

So Mozilla's going to give them their very own Tab, perhaps ahead of opt-out slurping

Windows 10 Creators Update will add app-level privacy controls

Enterprises can lock down Telemetry a little more

More than half of small firms plan on using Privacy Shield – survey

But it’s still not the most popular way to zip data across the pond

Privacy-focused search engine DeepSearch slinks out of hiding

New web crawler from TSignal doesn't care who you are

House GOP takes crack at ISP privacy bill

US lawmakers try to clear up FTC control over data collection

Give staff privacy at work, Euro human rights court tells bosses

Management must consider employees' rights in workplace policy

India's Aadhaar national biometric ID scheme at risk after Supreme Court rules privacy is a right

Facebook and Google also have reason to be worried

OnePlus privacy shock: So, the cool Chinese smartphones slurp an alarming amount of data

Are we shocked? *Cough* Google, Apple *Cough*

First annual review of Privacy Shield gives it a resounding... 'adequate'

Just missing an ombudsman, checks on companies, info on how to use it... Mere quibbles

Facebook's left hand is fighting for Americans' right to privacy

The right hand? Go on, guess