Comprendere il browser fingerprinting

Il Browser fingerprinting è la raccolta sistematica di informazioni riguardanti il browser web al fine di formulare ipotesi plausibili circa la sua identità o le sue caratteristiche. Tutte le impostazioni e funzionalità del browser creano un "browser fingerprint". Most browsers inadvertently create a unique fingerprint for each user, which can be tracked across the internet. For more in-depth information on browser fingerprinting, refer to these articles on the Tor Blog: Browser Fingerprinting: An Introduction and the Challenges Ahead and Tor Browser: a legacy of advancing private browsing innovation.

Perché il browser fingerprinting minaccia la privacy online?

Innanzitutto, non c'è la necessità di chiedere il permesso all'utente per effettuare la raccolta di questa informazione. Ogni script attivo nel browser può costruire silenziosamente un fingerprint del dispositivo senza che l'utente se ne accorga.

Second, if one attribute of the browser fingerprint is unique or if the combination of several attributes is unique, the device can be identified and tracked online. This means that even without cookies, a device can be tracked using its fingerprint.

Come Tor Browser riduce il fingerprinting

Tor Browser is specifically engineered to minimize the uniqueness of each user's fingerprint across various metrics. While it is practically impossible to make all Tor Browser users identical, the goal is to reduce the number of distinguishable "buckets" for each metric. This approach makes it harder to track individual users effectively.

Alcune proprietà, come il sistema operativo e la lingua, sono necessarie per le funzionalità e non possono essere completamente nascoste o camuffate. Instead, Tor Browser limits the variety within these attributes to reduce distinctiveness. For example, it limits font enumeration and applies character fallback, standardizes screen and window sizes using letterboxing, and restricts the variety of requested languages to a small, predefined set.

The key goal of Tor Browser's anti-fingerprinting protections is to make it significantly more challenging to gather enough information to uniquely identify users, thereby enhancing privacy without compromising necessary functionality.

Funzionalità anti-fingerprinting in Tor Browser


To prevent fingerprinting based on screen dimensions, Tor Browser starts with a content window rounded to a multiple of 200px x 100px. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented in 2019. It works by adding margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.


Altre funzionalità anti-fingerprinting

In addition to letterboxing, Tor Browser employs many other features to mitigate browser fingerprinting and protect user privacy. These features include Canvas image extraction blocking, NoScript integration, user-agent spoofing, and first-party isolation. For a complete list of features, please read the Tor Browser design and implementation document.