How easy is it to alter a browser fingerprint?

Question

I am researching this question for a possible paper. Given the exploitation of user identities for risk management and market tracking, how easy is it to alter a browser enough to throw off fingerprinting techniques?

My current sources are:

• EFF Panopticlick project
• Peter Eckersly's follow-up presentation at Def Con 18.

Answer 1

Your question comes down to how well you can change the individual components that make up a digital "fingerprint". There are some that you can't control (at least not without going to a whole lot of effort), but remember you only have to change some of them to alter the fingerprint, and some are rather easy to change depending on what sort of lengths you're prepared to go to in order to throw off anyone trying to fingerprint you. Here are some examples:

• Cookies - set your browser to delete cookies on exit, or at least to not accept third-party cookies
• Browser's user agent string - some browsers (e.g. Opera) let you "identify as" or "mask as" another browser, or use third-party software to change it (though some JavaScript tests can still tell which browser it actually is)
• Browser and browser version - Keep updating your browser and that information will keep changing, or have multiple installations of the same browser where possible, or multiple browsers
• IP address - use a proxy server

There are several other things you can change if you have multiple machines (be it physical or virtual), such as your OS and your screen resolution, etc.

The reason most people can be fingerprinted is because they're either not aware of these simple options, or it's too much effort for them, so they browse with the same browser using the same settings and don't delete their cookies. Personally, I haven't had any problems with fingerprinting (at least that I'm aware of!), and don't mind having ads targeted at me (I block most of them anyway), so I don't bother with most of these, but I can see how people would have something against it...