In recent years, a new browser-based tracking technique has emerged. This technique is called device fingerprinting. It collects identifying information, such as screen size, browser plug-ins, time zone, and set of installed system fonts, which allows to uniquely characterize almost each computer on the Internet. An experiment conducted in 2010 revealed that tracking various browser attributes was sufficient to identify an overwhelming majority of the computers surfing the web; and if we posit that in the vast majority of cases, each individual operates his/her own computer, then device fingerprinting leads to the possibility to assign a unique identifier to each user and track users’ activities. The ultimate goal is to build up a specific profile for each individual on the network.
Device fingerprinting services are either deployed by individual companies to track their users or offered by specialized fingerprinting providers such as Bluecava and ThreatMetrix. They use an effective and stealth technique that is not based on cookies, but rather on scripts hidden in advertisements and/or unsolicited plug-ins downloaded and installed when a user downloads and installs software that has nothing to do with fingerprinting. The scripts and plug-ins quietly gather information about the host “computer/browser” even when a user checks “Do Not Track” in his/her browser’s preferences.
On the upside, device fingerprinting is very useful to improve the security of web-based services by fostering efficient web-scale identification systems that can be used to thwart online frauds and scams. On the downside, the technique is so precise in determining the profile of each individual that it raises concerns about its impact on personal privacy, especially when the profile established through fingerprinting is combined with the trail of information we leave behind while frequenting digital arenas that are beyond the reach of browsers, such as social networks, smartphone-based ecosystems, etc.
Rafik Hanibeche & Adel Amri (Trustiser Founders)