English
中文
Deutsch
HomeArticle

Die in Browsern versteckten "Fingerabdrücke" werden zur neuen Privatsphäre-Krise.

三易生活2025-08-05 19:25
Bei dem Thema des Schutzes der Privatsphäre von Internetnutzern darf man niemals die Wachsamkeit lockern.

Recently, a blog post about Apple upgrading browser privacy protection measures in the new system and enabling the "Advanced Fingerprint Protection" feature by default in all sessions has begun to circulate on the Internet.

Judging from the literal meaning, Apple has naturally done a good thing. But this also arouses our curiosity, that is, how does "fingerprint protection" relate to privacy and security? Does Apple want to use users' fingerprints to encrypt private information in the browser?

After in - depth understanding, we realized that the truth is not that simple, because this "fingerprint" is not the fingerprint in the biological sense that everyone is familiar with. In fact, it is more like all kinds of astonishing "tricks" that websites have come up with to lock in users' identities and track their behaviors for a long time.

Does the browser also have a fingerprint? It has to start with an ancient technology

Friends who have paid attention to Internet privacy protection must know the ancient technology called "Cookie" which was born in 1994. It is said that at that time, engineer Lou Montulli from Netscape was developing an early e - commerce program for customers. In order to let the website "remember" users' shopping cart information, he invented "Cookie".

As its name (meaning a small cookie) suggests, Cookie is a very small file. In principle, it actually does not record users' "behaviors" (such as shopping cart and web page records), but is only used to identify the "identity" of the user currently visiting the website. So a typical Cookie usually only contains the user's login account, password, and a small amount of preference setting information (such as the website language and theme set by the user).

Therefore, the act of simply "peeping" at the content of the Cookie file usually does not directly lead to the leakage of users' privacy. However, with the prosperity of the e - commerce industry, the security risks of the Cookie technology have begun to be taken more and more seriously. For example, a stolen Cookie may lead to users being "hacked", resulting in extremely serious privacy and property losses.

In addition, because the Cookie file has a "binding" characteristic with the user's identity, it has been increasingly abused in user behavior tracking. For example, sometimes, a user who has just purchased a certain product on an e - commerce platform may soon receive advertising push of related products or even promotional calls on various other platforms. There may be a possibility that the user's privacy has been directly sold by the platform, but it is also possible that traditional "user information tracking" technologies such as Cookie and browser identifiers have played an accessory role behind the scenes.

Browser fingerprint: It doesn't seem sensitive at first glance, but the combination is not simple

Because the "traditional" user identity recognition and tracking technologies are now "notorious", as long as people use the mainstream browsers of leading companies, they will basically enjoy the protection of a series of automatically enabled technologies such as "privacy protection", "anti - tracking", and "incognito mode".

Obviously, the absence of the traditional and simple user recognition mechanism does not mean that those websites or enterprises that attempt to track and collect user behaviors will give up. In this case, they have invented an extremely complex but indeed more difficult - to - defend method for locking in users' identities, which is the so - called collection and judgment mechanism of the "browser fingerprint".

To put it simply, the "browser fingerprint" is not a file. It actually represents a lot of information about the user's computer hardware and browser configuration that can be detected through legal means. This includes the operating system version number, screen resolution, browser version number, user's time zone, IP address, and even the CPU and graphics card models, as well as the total number of fonts installed on the computer, etc.

Region, language, time zone, font, resolution, browser version... These things together form the "fingerprint".

Obviously, any set of information here cannot be used to accurately lock in "a certain person". For example, there may be tens of millions of people around the world using the same version of the operating system, hundreds of thousands of people may have the same CPU and graphics card models, and hundreds of people may share a public IP address. But the problem is that once those websites, advertising companies, or people with ulterior motives combine all the above information, they can "filter out" the unique user identity corresponding to it, that is, you in front of the screen. And this technology of determining the user's identity through the "combination" of a large amount of legal and public information is the truth of the so - called "browser fingerprint".

Moreover, technically, many pieces of information in the "browser fingerprint" cannot be "blocked". For example, the browser version number, screen resolution, fonts installed on the computer, and graphics card model are "publicly" provided to the website to ensure the normal display of the website and the normal playback of videos. In addition, each piece of this information, when taken separately, is not really "sensitive information", so the collection and screening of such information did not attract people's attention in the past, which is the key to the establishment of the "browser fingerprint" technology.

How to prevent "browser fingerprint" tracking? It's more difficult than you think

It should be noted that, whether from the perspective of the technology itself or its purpose of birth, the "browser fingerprint" is only used to identify and track the "uniqueness" of the user, and it cannot directly reveal the user's real identity.

What does this mean? For example, you just read an article on website A and then visited website B. If both websites A and B have the "browser fingerprint" mechanism, website B may know that "you" are the person who just read that article on website A and push relevant information to you. But website B may not necessarily know who "you" are specifically.

On a website dedicated to detecting browser fingerprints, you can clearly see your own "fingerprint information".

In other words, from the perspective of the harm to personal privacy and security, the disadvantages of the "browser fingerprint" technology may not be that great. But on the one hand, people generally don't like their behaviors to be "spied on" for a long time and they have the legitimate freedom to maintain "privacy" on the Internet. On the other hand, compared with user tracking methods such as Cookie and domain name trackers that can be easily prevented, the "ruthlessness" of the "browser fingerprint" is much higher than most people think.

For example, according to the technical information released by Apple, their "Advanced Fingerprint Protection" function essentially weakens the uniqueness of the device that can be identified by the "browser fingerprint" by sending a series of "forged" browser version numbers and device hardware information to the website, without affecting the web browsing function. And in principle, the more devices that turn on the "Advanced Fingerprint Protection", the stronger the effect of this function will be.

But people should know that the user information collected by the "browser fingerprint" is not always as simple as those public software version numbers and hardware configuration information. For example, there is a mechanism called "AudioContext" that sends a piece of audio content to the device. After the device decodes and plays this audio, the website will analyze information such as the delay and frequency response range in the processed audio to form a "device fingerprint".

Since the audio processing ability of a computer is affected by multiple factors such as CPU clock speed, memory configuration, system and driver version, BIOS version, and sound card hardware, the subtle audio characteristics can be used to identify the "uniqueness" of the device. And similar tracking and identification mechanisms based on hardware capabilities are obviously difficult to invalidate through simple software camouflage.

Of course, on the bright side, Apple's launch of the "Advanced Fingerprint Protection" function at least sets a good example in the industry, which may arouse more manufacturers and consumers' attention to the "browser fingerprint" and lead to the emergence of more targeted user privacy protection technologies. But by that time, will website developers and advertisers develop new mechanisms for spying on privacy and tracking users?

It can only be said that we should never relax our vigilance on the topic of Internet user privacy protection.

This article is from the WeChat public account "3eLife" (ID: IT - 3eLife), author: 3eLife Staff. It is published by 36Kr with authorization.

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.