Why are VPNs ineffective against browser fingerprinting?

February 7, 2023
February 7, 2023
business security image

Learn more about Fingerprint

  • Streamline user experiences for trusted traffic
  • The highest accuracy device identification for mobile and web
  • Improve visitor analytics on mobile and web
Talk to our Team

Surfing the internet with a VPN (virtual private network) can feel like wearing an invisibility cloak or using a super strength incognito mode. 

With the multitude of VPNs available in various forms and prices, it can be easy to forget how potent they are - allowing users to mask their true IP address. But when cloaked identities become a threat used for fraud against your business, this anonymity is suddenly far from harmless.

VPNs may feel impenetrable, but are they truly anonymous? 

You should know: while a VPN can hide a person's IP address and location, VPNs are ineffective against browser fingerprinting. This isn't good news if you're a fraudster.

But if you're an eCommerce business owner who's intent on keeping fraudsters and malicious attacks far away from your business, it's excellent news.

Using sophisticated device fingerprinting tools like Fingerprint Pro can help you identify malicious users and prevent them from defrauding your business, even when they attempt to conceal their identity with a VPN or other encrypted connections.

What is a VPN?

VPN stands for "virtual private network." It's an encrypted connection over the internet from a device to a network. It can allow users to hide their IP address and location for privacy.

VPNs are widely available and relatively affordable. You can set up a VPN on any device that connects to the internet, including PCs, Macs, Android devices, iPhones, or even your router itself to use a VPN with all of your devices. 

People commonly use VPNs to:

  • Protect online privacy
  • Browse securely on public WiFi networks
  • Access geo-restricted video content
  • Browse the web anonymously
  • Communicate securely
  • Access restricted sites
  • Circumvent government censorship
  • Safely connect to an office's internal network

Unfortunately, VPNs are also commonly used by fraudsters attempting to conceal their identity. One way fraudsters use VPNs to commit fraud is by  geo-spoofing. Geo-spoofing is the process of changing your online location to the location of your choosing, allowing them to carry out malicious schemes even if they have been blocklisted. 

No matter how proactive you may be with IP address-blocking, fraudsters have a seemingly unlimited supply of new access points at their disposal. Without a sophisticated fraud detection system in place, they often get away undetected.

How do VPNs work?

Without a VPN, your web traffic passes through your internet service provider's servers. Your internet service provider can then see your browsing data and history using your IP address. 

VPNs encrypt your internet traffic to disguise your online identity. A VPN provides a secure tunnel to send data through, leading to the VPN service provider's servers. The data is then encrypted and rerouted to the site you're trying to visit. 

VPNs often achieve this using one of the following types of VPN security protocols:

  • IP Security – Internet Protocol Security is a popular protocol that protects and encrypts data through transport or tunnel modes. 
  • Layer 2 Tunneling Protocol/IPSec – L2TP tunnels data while IPSec encrypts it. It provides a high level of security but can result in slower connections.
  • Point-to-Point Tunneling Protocol – PPTP is an early security protocol that's fast but provides low encryption.
  • Secure Socket Tunneling Protocol – SSTP is highly secure and user-friendly, working best on Windows platforms.
  • Internet Key Exchange, Version 2 – IKE version 2 is entirely secure and fast but can be blocked by firewalls.
  • Open VPN – One of the most popular VPN protocols, open-source VPN tech combines high security and speed.

Why are VPNs ineffective against browser fingerprinting?

Browser fingerprinting goes beyond detecting a user's IP address. Browser fingerprinting is an identification method to associate individual browsing sessions with one site visitor. It uses Javascript to collect data about a user's web browser and device to determine a user's unique fingerprint across browsing sessions – even when a user browses in incognito mode or uses a VPN for surfing the web.

The following browser fingerprinting techniques can help to gather browser data:

  • Javascript canvas fingerprinting – uses the HTML5 canvas element to identify variances in a user's GPU, graphics drivers, or graphics card.
  • WebGL fingerprinting – similar to canvas fingerprinting, this method distinguishes users based on graphics drivers and device hardware.
  • Media device fingerprinting – uncovers a list of all connected media devices and respective IDs on a user's laptop or PC.
  • Audio fingerprinting – checks how a device plays sound, measuring minute differences in sound waves generated.

Browser fingerprinting is valuable in helping business owners prevent fraud. It can help automatically identify visitors with a pattern of fraudulent behavior and target those suspicious visitors with additional security – even when they use identity concealing techniques like using a VPN, incognito mode, or disabling cookies.

A VPN might be a sufficient concealment measure if a company employs less advanced security measures that combine only basic browser information with or without IP address information. But more sophisticated tools such as Fingerprint Pro can still precisely identify a visitor even when using a VPN since they use more advanced identification techniques, calculating based on many browser attributes besides an IP address.

Sophisticated online fraud prevention software can help you identify suspicious users and prevent malicious attacks. Schedule a demo today to see how Fingerprint Pro can help prevent fraud in your business.