Read this story on The Register

Alert: Using a web ad blocker may identify you – to advertisers

There's no escape muhaha

By Kieren McCarthy in San Francisco

Posted in Personal Tech, 14th April 2017 18:24 GMT

The recent explosion in people installing ad blockers for their browsers may have an ironic side effect: identifying them to advertisers.

French researchers digging into online privacy issues have built on a 2010 study by the EFF that used people's browser configurations to identify individuals. The researchers account for the 2017 internet: they look at what browser extensions people have and what social media services they are logged into.

The results have been as dramatic as the earlier study: people's browsers serve as highly effective identifiers.

We ran the researchers' online test and got a privacy of precisely zero: meaning that of the 4,000+ people that have run the test so far, our browser had a unique fingerprint.

That level of precise identification is possible through no more than a third-party cookie, meaning that advertisers in particular are likely to have a very precise tracking mechanism and be in a position to identify you when you turn up at any website where they also have a cookie.

That sort of information is immensely valuable to companies that wish to both advertise and sell advertising space. By combining the info with other online tracking tools, it also means that you could be personally identified wherever on the internet you travel, even if you clear your cache or take other privacy-protecting measures.

As well as grabbing your browser's configuration – which includes such things as version, type, fonts installed, language, timezone etc – the researchers have developed a way to identify whether over 13,000 extensions are present, and used redirection URL hijacking to check whether you are currently logged into over 50 websites, from Airbnb to Amazon to Facebook, Gmail, Instagram, Reddit, Slack, Twitter and so on.

The end result is a unique fingerprint that clearly identifies you.

Answers

So what is the solution? Well, logging out of websites – especially social media websites – when you're not using them is always a good idea, not least because it also stops them from tracking you.

Also, the fewer extensions you have installed, the less likely you are to be immediately identifiable. So revisiting those extensions and wondering whether you really need them is a smart move.

Then the researchers recommend turning off third-party cookies and using Firefox – which, while it isn't perfect, does leak less information about your setup than other browsers.

And then of course there is Incognito mode, which typically doesn't allow extensions to run unless you specifically authorize them.

But the same rule applies as ever: unless you actively prevent your information from being put out there, you should assume that whenever you log into a site or download a free piece of software – even a browser extension – you are providing people with information that they will actively try to sell.

You can try out the browser extension and login-leak experiment here. ®

Sign up to our NewsletterGet IT in your inbox daily

93 Comments

More from The Register

Canuck privacy commissioner to dig into Uber data breach

Formal investigation launched. Not the first, won't be the last

EU data protection groups: Fix Privacy Shield or face lawsuit

‘Significant concerns’ over transatlantic data flow deal

VTech hack fallout: What is a kid's privacy worth? About 22 cents – FTC

Toymaker coughs up $650k after three million youngsters have info swiped

Max Schrems launches privacy NGO, wins €60k within first 24 hours

'None of Your Business' to help bring consumer cases to court

Supremes asked to mull legality of Silicon Valley privacy 'slush funds'

Analysis When watchdogs don't watch

You are the one per cent if you read Firefox's privacy spiels

So Mozilla's going to give them their very own Tab, perhaps ahead of opt-out slurping

Windows 10 Creators Update will add app-level privacy controls

Enterprises can lock down Telemetry a little more

Privacy-focused search engine DeepSearch slinks out of hiding

New web crawler from TSignal doesn't care who you are

House GOP takes crack at ISP privacy bill

US lawmakers try to clear up FTC control over data collection

More than half of small firms plan on using Privacy Shield – survey

But it’s still not the most popular way to zip data across the pond