Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quite far from the truth, as interacting with internet services like websites leaves a significant fingerprint. In a study by [RTINGS.com] this browser fingerprinting was investigated in detail, showing just how easy it is to uniquely identify a visitor across the 83 laptops used in the study.
As summarized in the related video (also embedded below), the start of the study involved the Am I Unique? website which provides you with an overview of your browser fingerprint. With over 4.5 million fingerprints in their database as of writing, even using Edge on Windows 10 marks you as unique, which is telling.
In the study multiple VPN services were used, each of which resulted in exactly the same fingerprint hash. This is based on properties retrieved from the browser, via JavaScript and other capabilities exposed by the browser, including WebGL and HTML5 Canvas.
Next in the experiment the set of properties used was restricted to those that are more deterministic, removing items such as state of battery charge, and creating a set of 28 properties. This still left all 83 work laptops at the [RTINGS.com] office with a unique fingerprint, which is somewhat amazing for a single Canadian office environment since they should all use roughly the same OS and browser configuration.
As for ways to reduce your uniqueness, browsers like Brave try to mix up some of these parameters used for fingerprinting, but with Brave being fairly rare the use of this browser by itself makes for a pretty unique identifier. Ultimately being truly anonymous on the internet is pretty hard, and thus VPNs are mostly helpful for getting around region blocks for streaming services, not for obtaining more privacy.
It always makes me laugh to see NordVPN adverts, as if it’s somewhat “secure” because it’s located in Norway, Sweden or Finland. Here’s a tip summer child, if it’s a NATO country then all your traffic is routed through NSA collection points, like it or not. I actually feel more comfortable browsing the Internet when I’m visiting my gf parents in Minsk (Belarus) than while working in my cubicle in Wroclaw. If I could I would smash my computer with an axe and live tech-free to be rid of NSA and CIA survelliance, but sadly being able to call
gccormakeis what puts bread on my table.(Though I must admit, in Belarus I got some Telegram messages inviting me to work for a company doing embedded systems, pay was not great though.)
I don’t worry about nsa or cia or esa, xyz seeing my traffic…. When a request leaves the computer it is ‘public’ information. Like it or not…. Only protection is encryption which can be defeated if someone is determined enough. I am more concerned about what gets into my box to exploit it/use it for nefarious things.