Apple Declares War On ‘Browser Fingerprinting’, The Sneaky Tactic That Tracks You In Incognito Mode

Apple Declares War On ‘Browser Fingerprinting’, The Sneaky Tactic That Tracks You In Incognito Mode

Apple is rolling out some new and much-welcomed privacy protections for Safari that it says will prevent third parties from tracking you, particularly when you’re already doing everything you can to fly under the radar.

Screenshot: YouTube (Apple)

At the Worldwide Developer Conference (WWDC) today, Apple took aim at a rarely-discussed method of online tracking known as browser fingerprinting. New Safari updates coming in macOS 10.14 Mojave will supposedly help Mac users blend in online, rather than be uniquely identified while browsing the web.

“Just like you can be identified by a fingerprint, it turns out when you browse the web, your device can be identified by a unique set of characteristics,” Craig Federighi, Apple’s senior vice president of Software Engineering, told the WWDC audience today.

Browser fingerprinting is a method whereby Facebook, online advertisers and other third parties track individual users based on a variety and combination of system configurations. Certain details about your computer and browser and plugins you use are transmitted automatically whenever you load a web page; a minuscule amount of data that, viewed in aggregate, forms a substantially unique “fingerprint”.

These fingerprints are one way that data companies can track you, even as you navigate across the web. And they can do it without the help of tracking cookies and without knowing your IP address – a technique that effectively renders “incognito mode” useless.

The data that makes up any given fingerprint may include the type of browser you’re using, your operating system, graphics hardware, screen size, browser plugins, software versions, timezone, language, system fonts, and whether cookies are enabled, among other characteristics. While one or two of these aren’t enough to uniquely identify a person, the more data offered up by your browser, the easier it becomes to pick you out.

The trick, therefore, is to blend in. Your computer should appear no more unique than millions of other users, which is why Apple is promising to cough up only the most basic information to each website you visit websites using Safari – only general system settings and only built-in fonts, for starters. Additionally, Safari will no longer transmit information about the out-of-date plugins you’ve forgotten to discard.

“With Mojave, we’re making it much harder for trackers to create unique fingerprint,” Federighi said. “As a result, your Mac will look more like everyone else’s Mac, and it will be dramatically more difficult for data companies to uniquely identify your device and track you.”

Apple initially rolled out this privacy feature, which it dubbed Intelligent Tracking Prevention, at last year’s WWDC. But the company says the feature is now “enhanced”. From Apple’s press release:

In Safari, enhanced Intelligent Tracking Prevention helps block social media “Like” or “Share” buttons and comment widgets from tracking users without permission. Safari now also presents simplified system information when users browse the web, preventing them from being tracked based on their system configuration. Safari now also automatically creates, autofills and stores strong passwords when users create new online accounts and flags reused passwords so users can change them. New data protections require apps to get user permission before using the Mac camera and microphone or accessing personal data like user Mail history and Messages database.

While browser fingerprinting data doesn’t include personally identifiable information, it can be used to create a file on your browsing habits, which can be combined with your name, email address and other recognisable details about you at a later date – or even immediately, should you visit a website such as Facebook that links you to a wealth of personal information.

Interested to see your own browser fingerprint? Run a test on the Electronic Frontier Foundation’s Panopticlick website.