Device fingerprinting collects the properties of PCs, smartphones, and tablets that people use to access the Internet in order to create a unique identification. The fingerprint properties—including screen size, versions of installed software, and even lists of installed fonts—allow websites to track users without relying on the more common Internet cookies to follow users' online activities.
The technique can even track users who had requested not to be tracked by enabling a Do Not Track HTTP header, researchers found. The Do Not Track project has attempted to create a universal standard for opting out of online tracking that goes beyond implementation by individual web browsers, but the Washington Post reports that recent Do Not Track discussions by a working group organized under the World Wide Web Consortium (W3C) appear close to collapse.
The rise of device fingerprinting, also known as browser fingerprinting, falls under the category of "supercookie" technologies that avoid the traditional restrictions on tracking cookies, according to Information Week. Even anonymous Web-browsing tools such as Tor have vulnerabilities that allowed device fingerprinting to track users according to font lists. (The upcoming 2.4 version of Tor has been updated to fix that vulnerability after the KU Leuven/NYU team passed along a warning.)
Luckily, anybody who wants to scrutinize their favorite websites for such digital fingerprinting technologies can soon do so with the FPDetective tool used by the researchers. The team plans to make the tool available for free at http://homes.esat.kuleuven.be/~gacar/fpdetective/, and will present its findings at the 20th ACM Conference on Computer and Communications Security this November in Berlin.
Jeremy Hsu has been working as a science and technology journalist in New York City since 2008. He has written on subjects as diverse as supercomputing and wearable electronics for IEEE Spectrum. When he’s not trying to wrap his head around the latest quantum computing news for Spectrum, he also contributes to a variety of publications such as Scientific American, Discover, Popular Science, and others. He is a graduate of New York University’s Science, Health & Environmental Reporting Program.