What is Fingerprinting? The Online Tracking You Can’t Avoid

November 15, 2019

Fingerprinting isn’t yet as widespread as cookies, those tiny files websites drop in your browser to track you. But it’s concerning because it’s much, much more aggressive.

Just when you thought we had hit rock bottom on all the ways the internet could snoop on us – no. We’ve sunk even lower.

There’s a tactic spreading across the web named after treatment usually reserved for criminals: fingerprinting. A large part of the websites we frequently visit use hidden code to run an identity check on your computer or phone.

Websites from CNN and Best Buy to porn site Xvideos and WebMD are dusting your digital fingerprints by collecting details about your device you can’t easily hide. It doesn’t matter whether you turn on “private browsing” mode, clear tracker cookies or use a virtual private network. Some even use the fact you’ve flagged “do not track” in your browser as a way to fingerprint you.

They’re doing it, I suspect, because more of us are taking steps to protect our data. Privacy is an arms race – and we are falling behind.

Fingerprinting happens when sites force your browser to hand over innocent-looking but largely unchanging technical information about your computer, such as the resolution of your screen, your operating system or the fonts you have installed. Combined, those details create a picture of your device as unique as the skin on your thumb.

Sites can use your digital fingerprint to know if you’ve visited before, create profiles of your behaviour or make ads follow you around. They can also use it to stop you from sharing a password, identify fraudsters and block harmful bots.

Fingerprinting isn’t yet as widespread as cookies, those tiny files websites drop in your browser to track you. But it’s concerning because it’s much, much more aggressive.

Fingerprinting has been around for more than a decade but considered mostly a theoretical threat for you and me. Not any more. I asked Patrick Jackson, chief technology officer of privacy software company Disconnect, to test for signs of fingerprinting on the 500 most popular websites used by Americans. He revealed what these sites hide in their code and do on our computers that we don’t get to see on our screens.

Of the 183 likely fingerprinters Jackson identified between September 30 and October 8, I asked 30 of the most well-known to explain their behaviour. Some claimed it was industry-standard to fingerprint. Many said they didn’t realise it was happening or never collected our data themselves, because they had let ad and data partners operate parts of their websites. After hearing from me, six sites said they would remove fingerprinting code, including four run by the US government.

It’s happening on sites you wouldn’t think would be so intrusive, including Thesaurus.com and AllRecipes.com – even security and privacy software maker Norton.com. Two porn sites didn’t answer my questions, but Jackson suspects they’re using it to track and tailor content to the people who view them in private-browsing modes that turn out to be not so private.

The Washington Post website fingerprints visitors when they’ve blocked cookies, which ought to be a signal visitors don’t want to be tracked. In different ways, the Fox News and The New York Times websites do it, too.

Read More

0 comment