Everything You Need to Know About Browser Fingerprinting

Browser fingerprinting, a technique used to track your online activity, is at the heart of more than a few forum polemics. Read on to learn more about this tracking technique, what its for and if it’s really a case of good versus evil.

Browser fingerprinting is a technique employed by third party companies such as online advertisers or social media sites, to track your online activity. The technique, which is also known as canvas, device or machine fingerprinting, is used to identify individual users online based on their unique device configurations.

The information collected by browser fingerprinting might include browser type, operating system, screen resolution, supported fonts, plugins, timezone, language and more. This information may seem benign, but the unique configuration of these bits together can be used to identify you as an individual amongst millions of other internet users.

How to Fingerprint

Device fingerprinting begins as soon as you visit a website. The tracker, which is usually a piece of JavaScript, collects your device information (browser, operating system, etc) while you’re on the website. It then pieces the information together to identify you, and assigns you a unique fingerprint, also called a hash, which follows you around the internet.

Even when trackers aren’t able to identify every bit of information about each user on any given website, they do a good job of putting the pieces together. For example, when fingerprinting techniques are used in combination with other online identifiers such as cookies the success rate of tracking increases significantly. With enough data, it’s even possible to track your identity across multiple devices.

Unlike to cookies, which are stored client side – on your browser, for example – fingerprints are data heavy and thus need to be stored server-side in a database. And device fingerprints are almost impossible to block.

Browser fingerprinting can’t be turned off, and even avoidance tactics such as changing devices or IP addresses won’t deter it. Even VPN platforms, which promise to give you an extra layer of security and hide your identity, don’t modify your device configurations, meaning that it’s still possible to identify your unique online fingerprint.

Good or Evil?

Fingerprints are getting a lot of negative press these days, especially amongst internet privacy advocates. Compiling comprehensive, long-term records of an individual’s browsing history clearly raises some privacy concerns, especially when users are actively trying to avoid being tracked. Many people who don’t understand how much information they’re sharing online, especially via social media, and are understandably surprised to learn that the information these fingerprints can provide about you as an offline individual might be more than you thought you were sharing.

Clearly, one of the main uses of this information is for advertising. Companies pay big bucks to data collection services such as Facebook to be able to target their ideal customer. However there is a dark side – fingerprints can be used to provide misinformation, such as showing you higher prices upon second or third visit to a website, or even intentionally sending you to inaccurate information to deter you from doing business with competitors.

Safety first.

While it’s true that there are many negative aspects of browser fingerprinting, the practice isn’t inherently evil. Browser fingerprinting can be used in a multitude of ways, and might even be helping to make the internet a safer place to be.

Many of these scam websites target users on specific version of a browser or operating system, which might have identified security weakness – but browser fingerprinting might help to combat those hacks.

The information collected by device fingerprinting also can alert website owners to errors in their own code, as well as point out browser compatibility issues that might otherwise slip through the cracks, giving the owners of those site an opportunity to debug and render their website more secure for users.

Fingerprinting is also incredibly useful in authenticating users.

In the most simple context, browser fingerprinting can help determine if a person really is who they claim to be online. The ability to do this improves online safety.

Banks and financial institutions can benefit from access to this system level information, in order to identify a trusted device that a client has used to access their service on previous visit. Regular customer fingerprints are predictable and normal, which means that when someone tries to access an account through a different hash, it’s likely to be flagged as fraudulent and investigated on the spot. Payment gateways and online credit card verification services are examples of software that use device fingerprinting in an effort to deter credit card fraud. If these services can’t verify your fingerprint when you’re trying to make a purchase online, they might ask you to provide additional information to ensure the transaction isn’t fraudulent.

Of course, it’s always advised to follow common internet safety tips to keep yourself out of trouble, such as only visiting or shopping at reliable websites, deleting your browser caché and making sure your passwords are unique, creative and never part of your autocomplete.

Device Fingerprinting and the GDPR

The General Data Protection Regulation (GDPR) is part of EU law that regulates data protection and online privacy within the European Union. The GDPR essentially limits the use of cookies or personal data tracking without explicit consent of the user.

Even though device fingerprinting technically only collects data about a user’s device, it is used to identify an individual person, and thus falls under the category of personal data. When it comes to collecting personal data, the GDPR stipulates that must be legitimate interest or explicit consent to be allowed to do it, regardless of the technique used to collect it.

Legitimate interest refers to using tracking in things like security measures, such as to deter fraud or identity theft, and can be done without specific consent.

When it comes to information collecting for advertising or marketing purposes however, a website must advise a user if they are employing cookies or browser fingerprinting, at which point the user can either consent and keep using the website, change their preferences, or leave the site.

What’s in a Print

Technology will always be a double edge sword. The although the line between convenience, security and privacy in the online world is a shaky one, you can browse the web safely today with websites such as WOT and get notified about unsafe websites when you browse the web. Check out how you can know if a website is secure here

Browser fingerprinting may not be perfect, but with demonstrated use cases that prevent fraud and identity theft, it’s not a technology to be avoided completely. However as technological developments progress – and along with them, government regulations that are hopefully our best interest – we see the ever-moving online landscape constantly improving our lives, byte by byte.

Leave a Reply

Your email address will not be published. Required fields are marked *