12 October 2013 — IEEE
Device fingerprinting collects the properties of PCs, smartphones, and tablets that people use to access the Internet in order to create a unique identification. The fingerprint properties—including screen size, versions of installed software, and even lists of installed fonts—allow websites to track users without relying on the more common Internet cookies to follow users’ online activities.
The technique can even track users who had requested not to be tracked by enabling a Do Not Track HTTP header, researchers found. The Do Not Track project has attempted to create a universal standard for opting out of online tracking that goes beyond implementation by individual web browsers, but theWashington Post reports that recent Do Not Track discussions by a working group organized under the World Wide Web Consortium (W3C) appear close to collapse.
The rise of device fingerprinting, also known as browser fingerprinting, falls under the category of “supercookie” technologies that avoid the traditional restrictions on tracking cookies, according to Information Week. Even anonymous Web-browsing tools such as Tor have vulnerabilities that allowed device fingerprinting to track users according to font lists. (The upcoming 2.4 version of Tor has been updated to fix that vulnerability after the KU Leuven/NYU team passed along a warning.)
Luckily, anybody who wants to scrutinize their favorite websites for such digital fingerprinting technologies can soon do so with the FPDetective tool used by the researchers. The team plans to make the tool available for free at http://homes.esat.kuleuven.be/~gacar/fpdetective/, and will present its findings at the 20th ACM Conference on Computer and Communications Security this November in Berlin.