For anyone who thinks he or she is circumventing web tracking via enabling Do Not Track (DNT) functionality … think again.
A recently released study from researchers at KU Leuven-iMinds, a Dutch-based university think tank, shows that nearly 150 of the world’s leading websites have ditched tracking cookies in favor of “device fingerprinting” (or “browser fingerprinting” as it’s sometimes called).
What’s that? It’s the practice of evaluating selected properties of desktop computers, tablets and smartphone to build a unique user identifier. These properties include seemingly innocuous details found on each device, such as:
- Versions of installed software and plugins
- Screen size
- A listing of installed fonts
An analysis by the Electronic Frontier Foundation (EFF) has shown that for the majority of browsers, the combination of these properties creates a unique ID – thereby allowing a user to be tracked without the perpetrator needing to rely on cookies — or having to deal with pesky legal restrictions pertaining to the restriction of cookies’ use.
Is there anything good about device fingerprinting? Perhaps … in that it can be used for some justifiable security-related activities such as protection against account hijacking, fraud detection, plus anti-bot and anti-scraping services.
But the accompanying bad news is this: It can also be used for analytics and marketing purposes via the fingerprinting scripts hidden behind banner advertising.
How to fight back, if one is so-inclined? The Leuven-iMinds researchers have developed a free tool that analyzes websites for suspicious scripts. Known as FPDetective, it’s being made available to other researchers to conduct their own investigations.
So you’re able to identify the offenders. But then what — short of never visiting their websites again?