Cookies are a familiar concept to most Internet users. Online fingerprinting (also called device fingerprinting), on the other hand, is still largely unknown – and yet it’s a method that’s very popular with marketers. That’s because fingerprint tracking works where cookie tracking is limited. This article explains what fingerprinting is and how you can protect yourself from it.
This is not the case with so-called device fingerprinting. This is tracking software that is used to collect information about the device you are using, such as the make, model, operating system, browser, and even the software you are using, in order to identify your unique digital fingerprint.
However, according to an article in the New York Times, this tactic is only used on less than five percent of websites so far. Yet the importance and impact of device fingerprinting should not be underestimated.
The worrying thing about fingerprinting is that because of the uniqueness of your hardware and software components, you can be identified with more than 95 percent accuracy. This means that whoever identified your fingerprint can get a clear picture of who you are – without you giving them permission. With your fingerprint, information about your Internet usage and browsing behavior, third parties can get a complete picture of your online history, preferences, activities, and even your circumstances.
Sharing data with third parties
A Princeton University study shows that 60 percent or more of the top 1000 websites share information with third parties. Many of these third parties create online profiles or fingerprints of website visitors, which they in turn share and sell to advertisers or data companies. In addition, the research shows that while 96.5 percent of websites do not use fingerprint-based tracking themselves, they do gain access to your digital fingerprint through third parties.
The difficulty is that users don’t know which websites identify their fingerprint because their script looks like a traditional one. Scripts run in the background of websites and can be used for legitimate purposes like playing videos, photos and more. However, the same are also used for purposes like collecting data from users.
What do organizations do with the information they collect?
- The vast majority of organizations use this data to play out personalized advertising content. However, other companies also use your online data to draw conclusions about you that could negatively impact you as a consumer.
- Here’s an example: you’re researching chest pain online. A website sells your search history to a health insurance company, which in turn concludes that you are at risk for heart disease and subsequently increases your insurance premium.
- Another example would be that you enter your place of residence on a website and a company XY then – because you live in an affluent area – increases the price for certain goods because it assumes that you can pay this price.
When it comes to digital fingerprinting, users completely lack transparency – they don’t know what information is being collected and by whom, and for what purposes. Users have no control because they can’t decide whether certain information should be shared or that it should be removed from companies’ systems – let alone see which companies have information about them. Even websites like Facebook, whose privacy practices are questionable, offer users the ability to view and manage the information stored in their profile.
Device fingerprinting and the GDPR
Regulations such as the GDPR have emerged to regulate the use of personally identifiable information on the Internet by specifically focusing on cookie-based tracking. Device fingerprinting attempts to circumvent these regulations and allow unhindered tracking of individuals. In this regard, according to the GDPR, device fingerprinting is only allowed if explicit consent is given, the method is strictly necessary to provide a service explicitly requested by the user, and it is used exclusively to carry out the transfer of data.
A major disadvantage of digital fingerprinting for the user is that preventive measures such as changing passwords and deleting browser history are largely futile. To stop your data from being shared, you would have to remove your data from hundreds of data brokers who already have your data. You would have to repeat this step regularly. Since companies will use every loophole in the DGSVO to employ fingerprinting methodology, you as a consumer should take steps to protect yourself from the surveillance economy.
What can you do to protect yourself from fingerprinting?
Installing anti-tracking software and a secure browser can help you protect your privacy. For example, instead of blocking scripts that corrupt websites, anti-tracking software inputs fake data to keep the script running while preventing real personal data from being collected. Thus, the fingerprint tracking technique becomes useless.
On websites like amiunique.org you can find out your browser fingerprint and see if it is unique: Open the amiunique.org website. Click on the View my browser fingerprint button if you agree with the website’s privacy policies.
After that you will see if your browser configuration is unique based on a database comparison and if you can be tracked on the internet with it. The browser fingerprint does not only contain information about the browser. Active fingerprinting also collects information about the operating system:
- Which browser is being used?
- Which browser version is being used?
- Which language setting does the browser have?
- Which operating system is used?
- Which operating system version is used?
- Which time zone is set in the operating system?
To get more details, you can click on the View more details and View graphs buttons. There you can even see the screen resolution, installed browser plugins and fonts – and whether you are using an ad blocker.
- For Firefox there is the addon NoScript for Firefox.
- But if all scripts of a website are blocked, it can happen that the website does not work properly and videos are not played correctly.
- For Chrome, you can find the best NoScript alternatives here.
However, the use of protective measures in the browser naturally leads to individualization again, which is counterproductive.
Otherwise, you can try to make your browser no longer unique. However, you will have to do without individualization through add-ons and the like. In our practical test, even our freshly installed Firefox without add-ons was recognized as unique in combination with the configuration of our operating system.