Browser fingerprints: A big privacy threat

A new technique helps advertisers identify you online -- without cookies, and with no easy way for you to fight back.

Forget cookies -- even the ultrasneaky, Flash-based "super cookies." A new type of tracking may identify you far more accurately than any cookie -- and you may never know it was there.

The method pulls together innocuous data about your browser, such as plug-ins, system fonts, and your operating system. Alone, they don't identify you. Together, they're a digital fingerprint.

It's like describing a person. Just saying "brown hair" won't identify anyone. But add in "5 feet, 10 inches tall," "chipped right front tooth," "size 12 shoes," and so on, and soon you have enough information to pull someone out of a crowd, even without their name, Social Security number, or any other of the usual identifiers.

Test your browser for unique identifiers without the risk: The Electronic Frontier Foundation, a privacy advocacy group, has set up an interesting online experiment at Panopticlick.eff.org. Panopticlick gathers little de­­tails about your browser and computer, mostly using Javascript. In my case, the information it gathered about my browser was enough to uniquely identify my surfing software out of more than 650,000 visitors.

More Than a Rumor

Peter Eckersley, a staff technologist with the EFF, says he and his colleagues decided to create the site when he heard rumors about this kind of tracking. He wanted to see how accurate it might be.

Well, it's pretty accurate. And as it turns out, its use is more than a rumor.

Browser fingerprinting was developed for banks to employ to prevent fraud. But now one company, Scout Analytics, offers it as a service to Web sites, and it collects not just browser data but also data about how you type -- things like your typing speed and typing patterns.

This biometric signature, like the identifiers collected from the browser and the computer, can be gathered using JavaScript alone, making this form of tracking hard to block. Matt Shanahan, senior vice president of strategy at Scout Analytics, says that the company sells its service primarily to paid subscription sites, such as those offering real estate listings, and that it is keen to expand into marketing and advertising by helping sites track visitors in a way that, as he notes, is more accurate than using cookies. (Cookies can be deleted, which makes a repeat visit look like a new person to the site.)

Short of in-depth analysis of a given page, browser fingerprinting doesn't leave tracks, so it's hard to pinpoint sites that use it. But clearly advertisers want accurate tracking.

Is It Legal?

Can sites legally use this fingerprinting? Existing guidelines from the Network Advertising Initiative, an online advertiser group focused on industry self-regulation, wouldn't al­­low it if a target had opted out of it for use in behavioral advertising, according to Ari Schwartz, deputy director of the Center for Democracy and Technology.

But hard-set rules vary among business sectors and states. Because of this and other variables, its legality remains fuzzy. Schwartz adds that, hypothetically, a site could be in the clear if the practice was disclosed in those long privacy policies that nobody reads.

And countering the technique can be problematic. The EFF lists some options, but none are as simple and painless as deleting a cookie.

In the arms race between online advertisers and Web surfers, this new technology could be a pretty big gun.

Join the PC World newsletter!

Error: Please check your email address.

Tags internet privacyweb browserssecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Erik Larkin

PC World (US online)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?