Your digital fingerprint — or browser fingerprint — may seem like innocuous details. But for online investigators, especially in law enforcement, they could make or break your case.

Traditional browsers such as Chrome, Firefox or Safari are built to track users and obtain an array of information about their device, browsing activity and more. Mostly innocent in intent (if not a bit creepy), these functions exist to tailor browsing experiences.

Search engines and websites may display differently based on your location, how long you spend on particular pages, the browser and device you’re using, etc. These details are correlated your online behaviors across different sites to paint a more complete picture of your specific interests. Most of this information is monetized and resold; and even though it sounds a bit intrusive, most people begrudgingly agree to have their browsing habits catalogued, collated, analyzed and resold in exchange for ease and convenience.

For an online investigator, though, this type of tracking can present a serious problem — especially for law enforcement professionals conducting criminal investigations.

The same tracking mechanisms that enable personalized ads and simplify shopping experiences can be exploited by adversaries and investigative targets. All this data collected over time across sites can easily give away an investigator’s identity and intent. And once adversaries know who you are and what you’re up to, they can disappear, cover their tracks or even launch a retaliation campaign against you or your agency — online or the real world.

Learn more about the risks to law enforcement investigations and how to counteract them in our white paper >

What’s in a digital fingerprint?

In addition to cookies (bits of code designed specifically to gather and save information on your online sessions), there are many other types of data that websites and devices track to help profile and identify you.

Your digital fingerprint or browser fingerprint includes everything from which sites you click on (and which ones you skip) to the type of connection you use (IP address and provider), your hardware (device type, OS, video and audio cards), configurations (keyboard and language settings, time zones, etc.), installed software and plugins, and even seemingly random things like battery status. All of this information helps browsers track you across sessions.

And while millions of web users around the world have similar devices and search for the same terms, traditional browsers are capable of fingerprinting users based on small differences and distinct combinations of settings and behaviors that make your online presence incredibly unique.

It’s important to understand that by simply turning off the most commonly used cookies or switching to Google’s Incognito or “private browsing” mode, investigators are not fully protecting their identities or ensuring anonymity.

Learn more: What VPN and Incognito Mode still give away in your online identity >

Every law enforcement agency needs to build a comprehensive strategy for understanding what information is being tracked, and design an approach on how to shield their analysts and protect their missions.

What’s in my digital fingerprint?

To find out what information is in your digital fingerprint, our experts recommend starting with an assessment of what an adversary may already know about you and your online behavior. Sites like AmIUnique.org can provide basic information about your online configuration and how trackable it is, as well as offer advice on how you can tweak it to blend in more easily.

You can also get lots of helpful information on what type of data your browser is giving away on sites like Browserleaks.com.

If you’re an online investigator, “unique” is the last thing that you want to be. Web-savvy and/or well-funded criminals, terrorists and fraudsters will be capable of counterintelligence and potentially retaliation — online or in the real world.

Knowing how you’re tracked and understanding what you can do to minimize it can make a huge difference in the success of your investigation, not to mention the safety of yourself and your organization.

Listen to What’s in your digital fingerprint NeedleStack podcast for more information about your digital fingerprint.

What is managed attribution and why is it important?

Managed attribution lets you control and customize how your digital fingerprint appears to sites that you interact with online. It gives you the ability to manipulate any number of identifiable details, such as keyboard and language preferences, time zone selections, browser and OS settings, and lots more. By matching these details to average site visitors of sites you’re investigating, analysts and law enforcement professionals can blend in with the crowd and avoid tipping off investigative targets.

Managed attribution is delivered through purpose-built browsers for online investigations.

Spoofing geolocation to further change your digital fingerprint

Websites may block users coming from certain regions or IP addresses, or they may display different information to these visitors which could impact investigations.

In addition to changing digital fingerprint settings, investigators looking to manage their attribution can benefit from using a global egress network to spoof geolocation and appear as an in-region visitor.

Leveraging a network of internet egress nodes lets you adjust the location from which you appear to be visiting, showing a local IP address that doesn’t refer to you or your agency. This ensures you can view and collect data as the visitor you desire to be, not the visitor you are.

Cloud-based browsing to eliminate persistent tracking and maintain security

Cloud-based browsers execute all web code remotely, so it never reaches the endpoint, giving users a benign video display to interact with.

Using a cloud-based browser not only enables analysts and law enforcement to isolate their investigative browsing from their device and network — protecting them from malicious content — it can also segregate browsing itself.

While all cloud-based browsers provide protection from malware to your device/network, not all provide anonymity during browsing investigations. Some can obfuscate connection to your organization, attributing to the cloud service provider, while others can obfuscate even that. To avoid persistent tracking between web sessions, these more advanced cloud-based browsers can provide a fresh, non-attributed browsing session every time they’re launched; and paired with managed attribution, they can control tracking and attribution within a session.

Cloud-based browsers can also support multiple sessions with each executing its own virtual container and using different digital fingerprints at the same time. This can help investigators segregate and not cross-contaminate browsing sessions for different sites of interest, different investigations and different purposes (i.e., personal browsing vs. browsing for investigative purposes).

With so much information collected about your every move, it’s hard to remain anonymous online. And while for ordinary citizens it’s an annoyance at best, for online researchers, digital fingerprinting can impede their ability to do their work and compromise the integrity of their investigations. Knowing what’s being tracked and having the right toolset to conceal their identity and intent can help federal, state and local law enforcement agents better use the internet to gather data on criminal individuals and organizations — and bring them to justice. 

Tags
Anonymous research Digital fingerprint