A device fingerprinting, browser fingerprinting or machine fingerprinting is information collected about a remote computing device for the purpose of identification. Fingerprints can be used to fully or partially identify individual devices even when cookies are turned off.
Collecting user details is very important for running a successful ad campaign. But, many obstacles there to track the user details because of the privacy concerns. In traditional tracking method – when you visit the website, the browser send specific data to the web server along with user identifier. Collecting users data via cookies has declined since users clear their browser history periodically and also most of them started using ad blocker plugin too. So advertisers found an alternate solution called “Browser Fingerprinting”. This is so simple method like cookies, Cookies are used to identify the exact user by the identifier. But, in the browser fingerprinting method, it identifies the Browser not the user. Identifying person is very effective but when it fails, identifying browser is the good alternative.
Table Of Contents :
What Is Cookie? How Does It Works?
What is Browser Fingerprinting?
Does Browser Finger Printing Method Is More Effective?
How Does The Browser Fingerprint Create?
How To Avoid Browser Fingerprinting?
Before getting deep into the topic “Browser Fingerprinting” We will give you a small introduction about browser cookies,
What Is Cookie? How Does It Works?
Browser Cookie is a small text file that is stored on the computer. When the user visits a website, the webserver send the cookie file with identifier information. Browser saved that text file in computer and it sends back the text file when user revisit the same website again.
Here are the detailed steps that explains the process of Browser Cookie,
- User enter the website URL on browser to access the site
- Request send to the webserver and webserver send back the corresponding website page codes to the browser
- Web server send the cookie file along with the web contents
- Computer save that cookie file in the corresponding folder
- Whenever user open a website in the browser, normally it will check the cookies stored locations to check whether any cookies already stored for the site or not. If cookie file is available then browser send the cookie file to the website server.
- Website server alter the content based on the cookie information and give more personalized experience to the user. Also, that cookie information can be used for targeting purpose.
If user cleared the cookie then he should be considered as new user and the collected information no longer useful. To overcome this deficiency “browser fingerprinting” method has introduced.
What is Browser Fingerprinting?
“Finger Printing” is a most common word in Police Department. Police personals collect the finger prints available in the crime scene and match the finer print with the doubtful persons or previous criminal records to find the exact criminal. Likely, the browser fingerprint details are collected and categorized to identify the certain group of people to target them.
A device fingerprint, machine fingerprint or browser fingerprint is information collected about a remote computing device for the purpose of identification. Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off.
Normal cookie method, the website server send a small text file to the browser and it saved that file in computer. When user revisit the same website again, then browser send back the same text file to the website server. In this browser finger printing method, the website page included with specific html code that collect and send back the browser information to the website server in real time.
For example below kind of information’s send to the website server,
IP address
HTTP request headers
User agent string
Installed plugins
Client time zone
Information about the client device: screen resolution, touch support, operating system and language
Flash data provided by a Flash plugin
List of installed fonts
Silverlight data List of mime-types
Timestamp
and more information….
Website server collects all these information and save in one place.
When a user revisits the same website, the browser collect and send the same kind of data to the website server. Website server matches the new data with the existing data, if it is matched then it will consider the same user revisits our site. In this method no files need to be retrieved from the users computer, so can track the users even though they cleared browser cookies or use cookie blockers.
Does Browser Finger Printing Method Is More Effective?
Lakhs of people using same model mobile phone, same browser and visits same site then how it will be unique and effective? If you are having this question “Kudos” to you.
I am also having the same question like you. But Panopticlick did a research on it. Per their research result they found that only 1 in 286,777 other browsers will share the same fingerprint as another user. Their abstract is,
We investigate the degree to which modern web browsers are subject to “device fingerprinting” via the version and configuration information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test side, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint.
Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample. By observing returning visitors, we estimate how rapidly browser fingerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a fingerprint was an “upgraded” version of a previously observed browser’s fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%. We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it.
There is a tradeoff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti-fingerprinting privacy technologies can be selfdefeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.
Now you believe that the browser fingerprint be an effective method.
How Does The Browser Fingerprint Create?
The websites are embedded with additional script and that code collects user browser fingerprint and send it to the server. When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors. Next, the script calls Canvas API’s ToDataURL method to get the canvas pixel data in dataURL format, which is basically a Base64 encoded representation of the binary pixel data. Finally, the script takes the hash of the text-encoded pixel data, which serves as the fingerprint.”
Is Browser Fingerprint Legal?
Currently, European union’s GDPR, California Consumer Privacy Act (CCPA) and Vermont’s Data Broker Law are the major law’s that regulate some forms of online tracking and data collection. But, these laws are don’t address about browser fingerprint. So, browser finger print is legal for now.
Anti Fingerprint Browser
Browser fingerprinting method is more invasive than cookie based third party tracking method. Mostly, the browser fingerprint is created by combining large amount users data like hardware, operating system, your browser, the software installed on your device, what timezone you’re in, which language you’re reading in, whether you use an ad blocker, your screen’s resolution and color depth, all the browser extensions you’ve installed, and even more granular technical specifications about your graphics card, drivers, and more. Companies can combine all of these data and create fingerprint data. With this fingerprint data, companies can identify whether you are a man or woman etc
How To Avoid Browser Fingerprinting?
Clearing cookies frequently, Using incognito mode, Using VPN, Using Ad Blocker are the common methods to prevent third party cookies tracking. But, these methods won’t help to avoid browser fingerprinting. But, you can use browsers like Mozilla Firefox to avoid from browser fingerprinting.
I am helping to shape your knowledge! The only fee is “comment your thoughts and share this post”
— Sridaran Baskaran