Personal Tech

Alert: Using a web ad blocker may identify you – to advertisers

There's no escape muhaha

By Kieren McCarthy in San Francisco

93 SHARE

The recent explosion in people installing ad blockers for their browsers may have an ironic side effect: identifying them to advertisers.

French researchers digging into online privacy issues have built on a 2010 study by the EFF that used people's browser configurations to identify individuals. The researchers account for the 2017 internet: they look at what browser extensions people have and what social media services they are logged into.

The results have been as dramatic as the earlier study: people's browsers serve as highly effective identifiers.

We ran the researchers' online test and got a privacy of precisely zero: meaning that of the 4,000+ people that have run the test so far, our browser had a unique fingerprint.

That level of precise identification is possible through no more than a third-party cookie, meaning that advertisers in particular are likely to have a very precise tracking mechanism and be in a position to identify you when you turn up at any website where they also have a cookie.

That sort of information is immensely valuable to companies that wish to both advertise and sell advertising space. By combining the info with other online tracking tools, it also means that you could be personally identified wherever on the internet you travel, even if you clear your cache or take other privacy-protecting measures.

As well as grabbing your browser's configuration – which includes such things as version, type, fonts installed, language, timezone etc – the researchers have developed a way to identify whether over 13,000 extensions are present, and used redirection URL hijacking to check whether you are currently logged into over 50 websites, from Airbnb to Amazon to Facebook, Gmail, Instagram, Reddit, Slack, Twitter and so on.

The end result is a unique fingerprint that clearly identifies you.

Answers

So what is the solution? Well, logging out of websites – especially social media websites – when you're not using them is always a good idea, not least because it also stops them from tracking you.

Also, the fewer extensions you have installed, the less likely you are to be immediately identifiable. So revisiting those extensions and wondering whether you really need them is a smart move.

Then the researchers recommend turning off third-party cookies and using Firefox – which, while it isn't perfect, does leak less information about your setup than other browsers.

And then of course there is Incognito mode, which typically doesn't allow extensions to run unless you specifically authorize them.

But the same rule applies as ever: unless you actively prevent your information from being put out there, you should assume that whenever you log into a site or download a free piece of software – even a browser extension – you are providing people with information that they will actively try to sell.

You can try out the browser extension and login-leak experiment here. ®

Sign up to our NewsletterGet IT in your inbox daily

93 Comments

More from The Register

CEOs beg for America-wide privacy law... to protect their businesses from state privacy laws

Freedom is slavery, ignorance is strength, privacy is sharing

Google takes sole stand on privacy, rejects new rules for fear of 'authoritarian' review

Lone 'no' vote nixes renewal of W3C's Privacy Interest Group

Apple's WebKit techs declare privacy circumvention to be a security issue

Bypass our tracking controls at your unspecified peril, warns maker of minor browser

Google Maps gets Incognito fig leaf: We'll give you vague peace of mind if you hold off those privacy laws

Location data is likely to remain accessible to web ads giant, network service providers, apps

As browser rivals block third-party tracking, Google pitches 'Privacy Sandbox' peace plan

Disclaimer: No advertisers were harmed in making this project

Analytics exec nicked as Ecuador tries to rush through privacy laws after massive data leak

Government gave them the deets, so not a hacking charge

Privacy? Watchdogs? Fines? Whatever, nerds, more people than ever are using Facebook and filling its deep coffers

Zuck to Uncle Sam: Go ahead, regulate me, regulate me like the naughty little founder I am

The results are in… and California’s GDPR-ish digital privacy law has survived onslaught by Google and friends

Analysis Five amendments to law approved before deadline, none undercut core goals

Oops! Almost a year in and ICO staff haven't been handed a GDPR privacy notice yet

Data watchdog: All our staffers are 'aware' of policies...

Shut the barn door: UK data watchdog tells MPs mass slurping by firms is a huge risk to privacy

You need to rifle through my photos why, exactly?