What is fingerprinting?
January 19, 2024
January 19, 2024
Compared to traditional third-party cookie-based tracking, fingerprinting represents a more intrusive form of online tracking. It involves creating a digital fingerprint by compiling a distinct profile based on various attributes of your computer hardware, software, add-ons, and preferences. This fingerprint factors like the device's screen, installed fonts, web browser, and other settings.
Instead of relying on traditional methods such as cookies, fingerprinting utilises a combination of factors, which might include:
· User-Agent String: Information about the user's browser, operating system, and device type.
· Screen Resolution: The dimensions of the user's screen.
· Browser Plugins: The presence and installed version of browser plugins or extensions.
· Time Zone: The user's current time zone.
· Fonts: A list of fonts installed on the user's system.
· Language: The user's preferred language settings.
By analysing this information in combination, entities can create a unique "fingerprint" that distinguishes one individual from another. The advantage of fingerprinting is that it can persist even if users clear their cookies or use private browsing mode, making it more difficult for users to avoid tracking.
Digital fingerprinting utilises complex algorithms that provide a probable match(probabilistic) on an individual and builds a unique picture of you based on your personal data, allowing websites to recognise you when you visit. Instead of monitoring you through an account login, websites collect data you never thought was important. This includes information like your screen resolution or browser configuration.
Marketers use this data for targeted marketing campaigns. It’s quite valuable for them since it’s easier to sell when they know who they’re selling to. For advertisers, it’s a dream come true, but for online privacy advocates, it has raised a lot of concern.
The practice of fingerprinting allows you to be tracked for months, even when you clear your browser storage or use private browsing mode— disregarding clear indications from you that you don’t want to be tracked. Despite a near complete agreement between standards bodies and browser vendors that fingerprinting is harmful, its use on the web has steadily increased over the past decade.
Chrome, Safari, and Firefox - have taken significant steps to actively prevent fingerprinting activities and protect users from being tracked without their knowledge.
Apple Safari focuses on making users appear similar to each other by removing unique identifiers from web requests. This approach involves presenting a simplified version of the system configuration to trackers, removing any custom headers or unique identifiers from web requests, and discontinuing support for most plug-ins on MacOS to prevent cross-site tracking. These methods result in trackers having access to fewer data points about each user, making users look alike and creating a form of ‘herd immunity’.
Mozilla Firefox, on the other hand, blocks data sharing with blacklisted tracking companies. Since January 2020, Firefox introduced fingerprinting blocking as part of its Enhanced Tracking Protection (ETP) setting. This involves blocking known fingerprinting trackers and modifying or removing APIs that could be used for fingerprinting purposes. Firefox currently blocks all requests to known fingerprinting companies and prevents them from accessing user data via JavaScript or network requests. Mozilla plans to enhance protection further by incorporating script-blocking and API-level protection, which includes updating or blocking APIs that may expose users' data, such as the battery level API.
Google Chrome, despite having the largest market share of browser traffic and initially being expected to resist change due to its involvement in Ad Tech, surprised the market by announcing its intention to block third-party cookies and fingerprinting. Chrome's approach differs from Firefox's blacklisting method. Instead, it proposes incorporating technological barriers to stop fingerprinting. These proposals are part of Google's privacy sandbox and include the following measures:
· Privacy Budget: Limiting the number or depth of pieces of information exposed about a user to make them unidentifiable. Chrome would enforce this limit by blocking API calls that exceed the budget or obfuscating the results.
· Removing Passive Fingerprinting Surfaces: Restricting certain points on websites that could provide information about a user, such as IP addresses and user-agent strings.
· Reducing Entropy from Surfaces: Decreasing the number of pieces of information available about a user to make them less uniquely identifiable.
· Device Sensors: Addressing issues related to device settings and sensors that could potentially contribute to fingerprinting.
· Battery Level: Considering measures to stop exposing battery level information to prevent short-term device identification.
· IP Address: Treating IP addresses as part of the privacy budget and potentially making third parties "blind" to IP addresses to preserve user privacy.
Although many of these fingerprinting prevention techniques are still in development, it is evident that all three major browsers are committed to blocking user tracking and safeguarding users' personal information. They share the belief that linking an ID to an IP address or device should not be allowed. It’s important to emphasise the importance of keeping a close eye on market developments to ensure full technical and regulatory compliance with these privacy initiatives.
Fingerprinting was born as a solution to the deprecation of third-party cookies. These have been limited by browsers as consumers required an increase level of privacy, security and consent on their data being tracked and shared. But as you can see above, fingerprinting is in reality doing the same thing.
We believe that there needs to be a better way – an internet where we can evolve digital identity in a privacy-focused world. In fact, this is why we created AdFixus. Today we are helping our customers across the globe to operate without third-party cookies and operating without fingerprinting.
Our solution is based solely on first-party cookie stored on a publisher website and a first-party cookie stored on a separate domain, think of it as a neutral(decentralised) location owned by the consumer and no one else. This means that unlike fingerprinting solutions our identity solution will respect privacy if consumer decides to browse internet within in-private mote, thus resulting in a different ID being issued.
Our ID solution is a true first party cookie and through our patented encryption process the data is only ever utilised by the brands that the individual has visited / consented too. This ID is owned by the brand and within that ID there is zero customer data that tracked and/or collected.
1. We are 100% deterministic and we do not use any algorithms to compute, calculate or assume a match to an individual.
2. We leave individuals in control of their identity, ensuring that we are compliant with all major global legislative policies e.g., GDPR and CCPA.
3. We do not collect or store the data and will never commercialise our partners data.
At AdFixus, we prioritise privacy and offer a solution that empowers businesses to own the data themselves and to utilise data whilst meeting privacy requirements and giving consent control back to individuals. Our platform for individuals allows them to opt out using our consent solution, ensuring that privacy remains a top priority. For publishers, we reconnect you with your full addressable audiences, and for businesses with multiple brands we uniquely sync cross-domain traffic. Together, through our audience match room, we can sync all three solutions in a privacy-compliant way with industry-leading match rates.
It’s always anonymous, accurate and in your control.
Fingerprinting is heavily used today and you are being profiled as you surf across the web. This is all happening without most people's knowledge and definitely without most people’s consent. Good news is there are solutions like AdFixus that do not run via fingerprinting.
.png)