
Browser fingerprinting more prevalent on the web now than ever before – research - XzetaU8
https://portswigger.net/daily-swig/browser-fingerprinting-more-prevalent-on-the-web-now-than-ever-before-research
======
Normille
I may be really naive but:

until quite recently, although aware of browser fingerprinting in the sense of
sites' ability to identify you based on data like browser user agent,
operating system & version, language & timezone, installed plugins, etc. etc.
I'd never heard of Canvas Fingerprinting [0] or WebGL fingerprinting [1].

I found out about these forms of user tracking while investigating why a
friend, who had had their FB account disabled, was unable to set up a new
account without it immediately being disabled too. This in spite of said
friend having deleted all cookies, cleared browser cache, even tried different
browsers, etc.

I've since installed the Canvas/ Font / WebGL Fingerprint Defender [2] plugins
on all my browsers and I've been stunned at how many sites are surreptitiously
using these nefarious techniques to try and track me. Again, perhaps naively,
I'd thought that my existing uBlock Origin, uMatrix and PrivacyBadger plugins
were keeping me pretty untraceable.

What makes it all the more infuriating is that we've all [at least those of us
in EU] got used to those annoying GDPR cookie warnings popping up on every
site we visit and being able to make a choice as to what [if any]
identification and/or tracking we're going to allow. Yet here's a whole swathe
of unannounced and morally questionable identification & tracking going on,
which seems to be allowed to fly completely under the user's radar.

A further annoyance:

Since I installed those anti-fingerprinting plugins, my bank website will no
longer allow me to login without wanting to send me a 2FA confirmation text
each time. This in spite of the fact that I have allowed the site to set
cookies.

It displays some kind of error message about me using a browser I've not used
before, shows me a box to tick; "Remember me" and advises me to allow cookies,
if I don't want to have to go through this 2FA by SMS process each time. A
blatant piece of disinformation, since it's not identifying me by whatever
cookies I've allowed it to set, at all, but by a WebGL or Canvas [can't
remember which] fingerprint, which I'm not even told told about.

[0]
[https://en.wikipedia.org/wiki/Canvas_fingerprinting](https://en.wikipedia.org/wiki/Canvas_fingerprinting)

[1] [https://browserleaks.com/webgl](https://browserleaks.com/webgl)

[2]
[https://chrome.google.com/webstore/search/fingerprint%20defe...](https://chrome.google.com/webstore/search/fingerprint%20defender)

