1

Assuming that I am browsing a website ( say: Amazon.com) using Private/Incognito mode, and I clear my cookies, and have VPN turn on.

Will the website still be able to identify that my device has been used to access it before? Or will it treat my device as a brand new device?

Graviton
  • 905
  • 4
  • 12
  • 26

3 Answers3

8

By using incognito mode and using a VPN you are masking two of your fingerprints:

  • Cookies
  • IP Address

These are the most common techniques used by websites to identify users today.

There is much more information websites can get from your browser to use to identify you. Such as:

  • User Agent
  • HTTP_ACCEPT Headers
  • Browser Plugins
  • Time Zone
  • Screen Size and Color Depth
  • System Fonts
  • Supercookies
  • HTML5 Canvas Fingerprinting

These pieces of information alone do not have much meaning in relation to identifying a device. But when put all together, they make up a pretty unique profile.

To view some of the information a website can obtain from you browser in order to fingerprint you, visit: https://panopticlick.eff.org/ or http://ip-check.info/

For more information about the information your browser leaks, visit: https://www.browserleaks.com/

DJCrashdummy
  • 103
  • 1
  • 1
  • 8
Orny
  • 294
  • 3
  • 7
  • They are all easy faked if you use Firefox...see https://github.com/dillbyrne/random-agent-spoofer/ – Freedo Jun 08 '15 at 05:39
  • @Freedom, are you saying that with this firefox plugin, there is no way a website can uniquely identify my browser or device? – Graviton Jun 08 '15 at 05:57
  • @Graviton Yes, if you make sure you are dealing with the IP + supercookies problems, they will still be able to identify your browser time zone and etc, but since you can set it to change every time you do a request, or every 5min your "identity" will be always changing...it's important to note that you can defeat most of this tracking techniques just setting plugins to "click to play" most of this is leaked by the plugins itself without the need of a visible video or whatever – Freedo Jun 08 '15 at 06:10
  • @Graviton per example, i use youtube without allowing it to execute Flash and i have no problems...what youtube is trying to do with Flash? I'll never know, but if i don't see a video i want to play in a website i don't allow Flash and most of sites ask for it without a visible reason or loss of functionality...beware of leaks via DNS and make sure you choose a VPN that truely don't keep logs – Freedo Jun 08 '15 at 06:15
2

It could still identify you as it looks at a lot of details such as:

  1. User-Agent
  2. Timezone
  3. Browser plugins
  4. HTTP_ACCEPT Headers
  5. Screen size and color depth
  6. System fonts
  7. Cookies (which you said you'd delete)

Please have a look at https://panopticlick.eff.org and test how "unique" your device / browser is.

Hope this gives you some insight in correlating data even if the IP address is different.

Jeroen
  • 5,783
  • 2
  • 18
  • 26
2

The two answers provided by Jeroen and Orny are good, informative answers that are perfectly accurate. Websites can certainly track you with these sophisticated tracking mechanisms. Whether they actually do this is a different matter. There's little incentive for them to do so since the majority of users aren't using incognito mode, or other means of preventing tracking via cookies. Setting up this more sophisticated tracking would take an effort to enhance the existing mechanisms for a small return.

Remember that most websites only want demographic information, they aren't terribly interested in making sure every last person is tracked. The ones that are interested in tracking behavior and what you're interested are also still going to be interested in the 99% who aren't using tracking blocking means, not the 1% that are.

The NSA obviously is very interested in individuals, and has the people to be able to do this more sophisticated tracking. I'm sure they're particularly interested in tracking TOR users who are trying to remain anonymous.

Steve Sether
  • 21,480
  • 8
  • 50
  • 76