The Cookie(-Less) Monster
What is Device Fingerprinting, and Can You Stop It?
With an increased focus on privacy thanks to revelations of massive spying by the NSA, computer users are (or should be) increasingly concerned about their security online. Most of us know about cookies, small pieces of data sent from a website and stored in a Web browser. These cookies enable sites to learn information about your location and browsing history. And while a user can disable cookies, a method called device or browser fingerprinting can identify users even without cookies.
What is Device Fingerprinting?
This method properties (without relying on cookies) from PCs, smartphones and tablets to identify and track users, even if they enable the “do not track” option.
How
When a phone, TV box or computer turns on, certain items and characteristics of a browser’s environment make it unique, such as:
- Screen dimensions
- Browser version
- List of plugins (like Flash and Java)
- List of installed fonts
- Clock
- What the browser talks to
Device fingerprinting can then identify or partially identify the user through those characteristics.
94.2%
Users who could be identified and tracked without cookies
Why?
The simplest reason is money. Advertisers stand to make billions off ads that target individual users.
$20.1 billion
Internet sales figures from January-June 2013, an all-time high, meaning the potential for massive profit is greater than ever
Is This Legal?
Yep. Regulations in the U.S. and Europe limit cookies, but these methods fall under the category of “supercookie,” meaning they’re outside of the traditional restrictions on tracking cookies.
Power for Good or Evil
Good
- Fraud prevention
- Prevention of account hijacking
- Anti-bot services
- Certain opt-out services are more permanent (they don’t always vanish like deleted cookies)
Evil
-
- Obtain real-time marketing analytics
- Collect personal data
- No way to know you’ve been fingerprinted
- Few resources for prevention
Maintaining Your Privacy
While device fingerprinting is difficult to combat, there are steps you can take to make yourself a bit less vulnerable.
-
-
- Disable JavaScript and Flash
- Frequently change settings on computer
- Stick with stock system fonts
- Run Windows XP
- Use Firefox with no add-ons
- Turn off cookies
- Use tools that analyze websites for suspicious scripts, such as FPDetective
-
Sources:
http://phys.org
http://motherboard.vice.com
http://www.infosecisland.com
http://www.cosic.esat.kuleuven.be
http://arstechnica.com
http://spectrum.ieee.org
http://www.threatmetrix.com
http://www.torproject.org
http://www.webmonkey.com
http://www.informationweek.com