Top Websites Secretly Track Your Device Fingerprint

Browser fingerprint tracking can bypass cookie restrictions and ignores the Do Not Track header

2 min read
Top Websites Secretly Track Your Device Fingerprint

Websites that really want to track you without permission have a way. A new report shows a surprising number of top Internet websites using so-called "device fingerprints" to secretly track visitors—a method that avoids legal limits on the use of cookies and also ignores the Do Not Track HTTP header.

The new report suggests that such secret tracking of Web users is more widespread than previous studies had found, according to researchers from KU Leuven in Belgium and New York University (NYU). Researchers counted 95 of the top 10 000 websites using device fingerprinting targeted at the Flash browser plugin used to play animations, videos, and sound files. They also found 404 of the top 1 million websites used device fingerprinting targeted at the JavaScript programming language used in web applications. Such fingerprinting can identify users on mobile phones and other devices that may not use Flash.

Device fingerprinting collects the properties of PCs, smartphones, and tablets that people use to access the Internet in order to create a unique identification. The fingerprint properties—including screen size, versions of installed software, and even lists of installed fonts—allow websites to track users without relying on the more common Internet cookies to follow users' online activities.

The technique can even track users who had requested not to be tracked by enabling a Do Not Track HTTP header, researchers found. The Do Not Track project has attempted to create a universal standard for opting out of online tracking that goes beyond implementation by individual web browsers, but the Washington Post reports that recent Do Not Track discussions by a working group organized under the World Wide Web Consortium (W3C) appear close to collapse.

The rise of device fingerprinting, also known as browser fingerprinting, falls under the category of "supercookie" technologies that avoid the traditional restrictions on tracking cookies, according to Information Week. Even anonymous Web-browsing tools such as Tor have vulnerabilities that allowed device fingerprinting to track users according to font lists. (The upcoming 2.4 version of Tor has been updated to fix that vulnerability after the KU Leuven/NYU team passed along a warning.)

Luckily, anybody who wants to scrutinize their favorite websites for such digital fingerprinting technologies can soon do so with the FPDetective tool used by the researchers. The team plans to make the tool available for free at http://homes.esat.kuleuven.be/~gacar/fpdetective/, and will present its findings at the 20th ACM Conference on Computer and Communications Security this November in Berlin.

Photo: iStockphoto

The Conversation (0)

How the FCC Settles Radio-Spectrum Turf Wars

Remember the 5G-airport controversy? Here’s how such disputes play out

11 min read
This photo shows a man in the basket of a cherry picker working on an antenna as an airliner passes overhead.

The airline and cellular-phone industries have been at loggerheads over the possibility that 5G transmissions from antennas such as this one, located at Los Angeles International Airport, could interfere with the radar altimeters used in aircraft.

Patrick T. Fallon/AFP/Getty Images
Blue

You’ve no doubt seen the scary headlines: Will 5G Cause Planes to Crash? They appeared late last year, after the U.S. Federal Aviation Administration warned that new 5G services from AT&T and Verizon might interfere with the radar altimeters that airplane pilots rely on to land safely. Not true, said AT&T and Verizon, with the backing of the U.S. Federal Communications Commission, which had authorized 5G. The altimeters are safe, they maintained. Air travelers didn’t know what to believe.

Another recent FCC decision had also created a controversy about public safety: okaying Wi-Fi devices in a 6-gigahertz frequency band long used by point-to-point microwave systems to carry safety-critical data. The microwave operators predicted that the Wi-Fi devices would disrupt their systems; the Wi-Fi interests insisted they would not. (As an attorney, I represented a microwave-industry group in the ensuing legal dispute.)

Keep Reading ↓Show less
{"imageShortcodeIds":["29845282"]}