August 28, 2013 10:59 PM Subscribe
Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting [pdf].
posted by paleyellowwithorange (33 comments total)
33 users marked this as a favorite
From the 2013 IEEE Symposium on Security and Privacy
, this article examines "how web-based device fingerprinting currently works on the Internet. By analyzing the code of three popular browser-fingerprinting code providers, we reveal the techniques that allow websites to track users without the need of client-side identifiers [i.e. cookies]."
A November 2010 Wall Street Journal article (Race Is On to 'Fingerprint' Phones, PCs
) provides a neat summary of the matter: "It might seem that one computer is pretty much like any other. Far from it: Each has a different clock setting, different fonts, different software and many other characteristics that make it unique. Every time a typical computer goes online, it broadcasts hundreds of such details as a calling card to other computers it communicates with. Tracking companies can use this data to uniquely identify computers, cellphones and other devices, and then build profiles of the people who use them."
And from the pdf: "...browser extensions that are available for users who wish to spoof the identity of their browser...all fail to completely hide the browser's true identity. This incomplete coverage not only voids the extensions but, ironically, also allows fingerprinting companies to detect the fact that user is attempting to hide, adding extra fingerprintable information."