Device fingerprinting is the process of identifying a system based on data points that are unique to it. Examples of such data include an IP address, a time zone, a browser, screen resolution, a language, and an operating system (OS). Device fingerprinting even takes into account a list of installed plug-ins and fonts in the system. As such, the process looks at a wide variety of data points to identify a device, making it easier to track its owner’s online activities.
Device fingerprinting typically begins when a user visits a website with a JavaScript that collects the necessary information about his/her device. Because of device fingerprinting, sites can better measure the return on investment (ROI) of an advertising campaign.
Other interesting terms…
Read More about “Device Fingerprinting”
Internet users are more familiar with cookies as a mode of tracking their online presence. Unknown to many, device fingerprinting, also known as “machine fingerprinting,” does the same job. With the planned phaseout of cookies, website owners are now looking at device fingerprinting as a means to track Internet users.
How Does Device Fingerprinting Work?
Device fingerprinting relies on the technology a website uses and how it works with a browser. When a user visits a website, the HyperText Transfer Protocol (HTTP) request will readily determine his/her data, OS, and browser or server type. By using a unique JavaScript, the browser can identify the user’s:
- Audio settings
- Battery status
- Fonts
- Installed plug-ins
- Location and time settings
- Screen resolution
Device fingerprinting also checks if the user has programs, such as RealPlayer, VLC, and Acrobat, among others.
In short, device fingerprinting can track users and correlate their browsing activities across multiple sessions. It enables websites to gather useful information that would allow their owners to formulate inferences about their visitors.
Why Use Device Fingerprinting?
Device fingerprinting gained traction due to the growing popularity of mobile device use that makes owner tracking challenging. Advertisers keen on reaching their audiences on a more personal level often face obstacles, making it harder for them to craft campaigns that turn to conversions. Enter device fingerprinting as an ideal method over cookies for these reasons:
- Device fingerprinting allows users to track visitors even when they shift from one device or application to another, such as from a PC to a mobile device or from Facebook to LinkedIn.
- Users can quickly delete cookies. Going on incognito mode while browsing also resets cookies every time users close their browsers.
- Browsers are now phasing out cookies due to increasing privacy concerns, making user tracking more challenging.
Essentially, device fingerprinting is ideal when cookie tracking is not possible. It has been critical in preventing credential hijacking and preventing fraud. For example, it can be used to counter-check the credentials of a user who logs into someone else’s account, signaling an account hijacking.
Who Uses Device Fingerprinting?
By 2014, some 5.5% of Alexa’s top 10,000 sites used canvas fingerprinting scripts served by a total of 20 domains. Most of the scripts were served by AddThis, which began canvas fingerprinting in January 2014, without the knowledge of some of its clients.
What Are the Downsides of Device Fingerprinting?
In an era where consumers are wary of how advertisers use their data, device fingerprinting poses privacy issues. Many consider the technique a tracking method that can act as a “supercookie,” which can’t be deleted from their computers.
Device fingerprinting can be intrusive, especially if it attempts to access personally identifiable information (PII). It goes against the concept of consented tracking. Despite this, many websites already employ the technique by integrating third-party elements into their pages.
—
While device fingerprinting can immensely benefit website owners and advertisers, it poses a threat to visitors who wish to remain anonymous. As such, regulating its use may be required.
