Tracking your digital fingerprint, footprint and online behavior

Tracking your digital fingerprint, footprint and online behavior

This is the part where you should watch the documentary “The Social Dilemma” on Netflix. They cover this topic much better than anyone else IMHO.

This includes is the way you write (stylometry), the way you behave. The way you click. The way you browse. The fonts you use on your browser. Fingerprinting is being used to guess who someone is by the way that user is behaving. You might be using specific pedantic words or making specific spelling mistakes that could give you away using a simple Google search for similar features because you typed comparably on some Reddit post 5 years ago using a not so anonymous Reddit account. The words you type in a search engine alone can be used against you as the authorities now have warrants to find users who used specific keywords in search engines.

Social Media platforms such as Facebook/Google can go a step further and can register your behavior in the browser itself. For instance, they can register everything you type even if you do not send it / save it. Think of when you draft an e-mail in Gmail. It is saved automatically as you type. They can register your clicks and cursor movements as well.

All they need to achieve this in most cases is Javascript enabled in your browser (which is the case in most Browsers including Tor Browser by default). Even with Javascript disabled, there are still ways to fingerprint you.

While these methods are usually used for marketing purposes and advertising, they can also be a useful tool for fingerprinting users. This is because your behavior is unique or unique enough that over time, you could be de-anonymized.

Here are some examples:

  • Specialized companies are selling to, for example, law enforcement agencies products for analyzing social network activities such as []
  • For example, as a basis of authentication, a user’s typing speed, keystroke depressions, patterns of error (say accidentally hitting an “l” instead of a “k” on three out of every seven transactions) and mouse movements establish that person’s unique pattern of behavior153. Some commercial services such as TypingDNA ( []) even offer such analysis as a replacement for two-factor authentications.
  • This technology is also widely used in CAPTCHAS154 services to verify that you are “human” and can be used to fingerprint a user.
  • See: Counteracting Forensic Linguistics.

Analysis algorithms could then be used to match these patterns with other users and match you to a different known user. It is unclear whether such data is already used or not by Governments and Law Enforcement agencies, but it might be in the future. And while this is mostly used for advertising/marketing/captchas purposes now. It could and probably will be used for investigations in the short or mid-term future to deanonymize users.

Here is a fun example you try yourself to see some of those things in action: (no archive links for this one sorry). You will see it becoming interesting over time (this requires Javascript enabled).

Here is also a recent example just showing what Google Chrome collects on you:

Here are some other resources on the topic if you cannot see this documentary:

So, how can you mitigate these?

  • This guide will provide some technical mitigations using Fingerprinting resistant tools but those might not be sufficient.
  • You should apply common sense and try to find your own patterns in your behavior and behave differently when using anonymous identities.
  •  The way you type (speed, accuracy…).
  • The words you use (be careful with your usual expressions).
  • The type of response you use (if you are sarcastic by default, try to have a different approach with your identities).
  • The way you use your mouse and click (try to solve the Captchas differently than your usual way)
  • The habits you have when using some Apps or visiting some Websites (do not always use the same menus/buttons/links to reach your content).

You need to act and fully adopt a role as an actor would do for a performance. You need to become a different person, think, and act like that person. This is not a technical mitigation but a human one. You can only rely on yourself for that.

Ultimately, it is mostly up to you to fool those algorithms by adopting new habits and not revealing real information when using your anonymous identities. See: Counteracting Forensic Linguistics.

Source: The Hitchhiker’s Guide to Online Anonymity, written by AnonyPla © CC BY-NC 4.0