Browser fingerprinting is a heinous new technology designed to get around the fact that internet users are becoming more aware of how websites (and in particular third party analytics and advertising domains) uniquely identify and track visitors across the internet in order to deliver highly tailored advertising.
It works by finding out all sorts of details about your browser – both passively through what your browser reveals to a website when you visit it (e.g. the browser name, operating system, and exact version number of the browser) – and actively, by requesting additional information (e.g. supported data types (so-called MIME types), screen resolution, system colors and more.)
Taken altogether, the various fingerprint attributes can be almost instantly (it takes just a few milliseconds to run algorithms that compare millions of fingerprints) combined to create a unique fingerprint that can be used to very accurately identify an individual user, no matter if cookies have been deleted, or IP address changed between website visits.
The most frustrating thing about all this is that there is basically very little you can do about it (although read our article to find out what you can do). However, a new open source Chrome browser extension hopes to change all this.
Chameleon is still very much in the early stages of development (it is described as being pre-alpha developer-only software), but it already shows promise as a way to defeat browser fingerprinting. It works by detecting and intercepting the kinds of browser information requests employed by browser fingerprinting, and aims make the browser look the Tor browser (as Tor users are supposed to all look alike).
Despite its pre-alpha status, the Chameleon extension is already looking very smart
Intrigued, but under the complete understanding that this is ‘pre-alpha developer-only software,’ we tested the extension using both the EFF’s Panoptoclick, and the newer Am I unique? browser fingerprinting detection tool that we looked at earlier this week.
Using the Tor browser
Using Chrome without the Chameleon extension
Using Chrome with Chameleon extension
As we can see, results for the older Panoploclick test are quite impressive, and yielded results close to using the Tor browser. The uniqueness rating from ‘Am I Unique’, however, is almost unchanged, but do note that the test detected entirely different browser information when using Chameleon than is actually the case (for example it detected Firefox rather than Chrome).
At present, Chameleon provides protection against the following browser fingerprinting techniques:
Request header values
… and can detect:
Canvas image data extraction
These are of course very early days for could be an invaluable tool in the ongoing fight for internet privacy. Developers are encouraged to join in and help extend the plugins functionality.