Jan 30
2020
Your Fingerprint In The 21st Century: Device Fingerprinting
A physical fingerprint has been a standard identifying feature for decades. Our prints are completely unique to us, and they can reveal where we have been and what we have done, as well as to prove whether we have been the culprit or the victim of someone else’s wrongdoing. Every time your fingers touch a surface, they leave a mark, some evidence that you have been there.
We don’t tend to think about our computer or internet connection as having anything in common. Many people are aware of IP addresses, and how they are tied to individual connections. However, IP addresses are reused by internet service providers and can also be obscured relatively easily with a proxy server. This doesn’t mean that we don’t have truly unique digital fingerprints – just that they are a little bit more complicated than we might think.
What is Device Fingerprinting?
Regular fingerprinting involved simply collecting and analyzing a fingerprint, but device fingerprinting involves taking the measure of the whole characteristic of your device – dozens of different variables can be used to identify an individual. For example, device traits such as the operating system that it’s running the version of the web browser used to access the internet, and the settings of that browser. Your device’s screen size, whether you’ve enabled Javascript, your time zone and any cookies on the device – all of these and more create a unique identifying fingerprint.
Many people are surprised to find out that this information is even available to the websites that they visit, let alone that it is being used to build a profile of them. When it comes to identifying devices online, the IP address is only one small part of the equation.
Fingerprinting is also more complex than well known methods called cookies. A cookie is something that is placed on a device so that websites can identify that specific device or user in the future. Fingerprinting, on the other hand, is about ascertaining whether one device with a particular set of attributes is the same as another device with those same attributes accessing the service on a different day.
Most of the time fingerprinting is used to detect bots, as their fingerprints do not look like real user’s fingerprints, but the technology has been seeping into marketing and data tracking circles and is used to identify individuals from seemingly anonymized data.
What Information is Used
Even the most seemingly trivial piece of information can be used to fingerprint your device. For example, the user agent that your browser sends to every website that it’s connected to is an important part of fingerprinting your device. The user agent is a line of text that identifies the browser, operating system and software version that you are using. If someone is connected to a website using a bot or a similar automation tool, then they will appear differently to web browsers unless they take specific steps to disguise themselves.
It is possible to change your user string, but this can lead to its own problems. If your connection is the only one that is using an obscure or unique user agent or no user agent at all, then it will be obvious to the website you’re visiting that you are you. Similarly, if you are the one user who isn’t storing cookies, that will also enable the website to identify you as an individual. In addition to that, a site might block you, believing that you are a bot.
Can I Avoid Fingerprinting?
Anyone with even a basic understanding of computers will know how to change their IP address, the tools that enable you to do so are widely and freely available. As a result, many websites use fingerprinting as a more reliable means of tracking users and identifying individual connections. It’s not really possible to avoid fingerprinting as an internet user.
Everything you do can be used to fingerprint you and even if your connection is anonymized, it cannot be traced back to you, but that doesn’t mean that websites cannot identify that connection as the same person across multiple platforms. FireFox is preparing to launch a non-fingerprintable version of the browser, with some niche browsers already having launched their own protections against fingerprinting.
So, I’m Stuck?
Not entirely! Over the past year, three of the biggest names in the world of web browser development, Apple, Google, and Mozilla have announced that they will be adding measures to their respective browsers that are designed to limit device fingerprinting. Interestingly, each of these companies is taking a completely different approach to achieve the same result.
Apple has chosen to obscure any data collected by the Safari browser in an effort to make it harder for third parties to make use of that information. At the same time, enough data need to be readable for the browser to function as intended.
Mozilla is turning to a third-party solution and will be relying on a regularly updated list of businesses that perform fingerprinting analysis. By blocking these businesses’ access to Mozilla’s data, they hope to prevent any fingerprinting from occurring.
Finally, Google has proposed, although it is yet to implement, a limit on the amount of information that any company can access at one time, therefore, making it much more difficult for them to fingerprint users.
Fingerprinting is starting to take over from IP addresses as the primary form of tracking individual internet users. In the future, we can expect fingerprinting capabilities to become more complicated and the battle to avoid being fingerprinted to become much more difficult.