Browser Fingerprinting - Technique to Identify Users without using Cookies

Written on May 18th, 2010 at 15:36 pm by shredder12

Protecting one's online privacy has been one of the most popular point of concern for Internet users these days. If you don't want a website to keep track of you or if want to remain anonymous for a website, you are advised to disable cookies or use private browsing mode in your browser. But a forthcoming paper by an Electronic Frontier Foundation technologist suggests that Cookies are not be the only way to identify users, a combination of various information about the system and software collected from the browser are enough to uniquely identify a user.

Modern web browsers provide a user with a lot of features but they have also been designed to send tons of information to websites - screen size, colour schemes, detailed browser version, fonts installed, the order in which they are installed, font size, OS information and a whole bunch of similar info.

According to Peter Eckersley, the researcher behind the paper, a collection of such innocent looking information can be used to uniquely identify users. He calls this technique Browser fingerprinting.

Think of it this way, it is similar to finding out a person if you know his date of birth, gender, type of clothes he usually wear, height, weight etc. The individual bits of information may seem useless but their combination can become personally identifiable. 

Of the 470,161 browsers sample data, collected through informed users visiting EFF's Panopticlick, 94.2% of browsers were unique in the sample i.e. about 1 in 450,000.

Websites already use this technique

Although this point is being raised now, this technique is already being used by a lot of websites - mainly bank or credit card companies. They call it CDI - Clientless Device Identification. They use it to identify who is a legitimate user and who's not.

According to a Gartner report, Februrary 2010, this technique gives 15-25 percent lift in fraud detection rates than Flash cookies, which were used earlier to identify users.

Even though this technique is used in a good way to catch frauds but there should be ways of configuring your browser to prevent the flow of such data. Peter will be presented at Privacy symposium in Berlin in July.

  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Newsvine
  • Facebook
  • Google
  • Yahoo
  • Technorati

3 Comments

Techwatch (not verified)
May 18th, 2010 09:47 pm
Browser fingerprinting sounds like a little more information collection for big brother, these things are always a trade off between privacy and helpfulness
/me (not verified)
May 27th, 2010 02:01 pm
This article uses the buzz icon, and you seem like a google fanboi.. what business have you raving about privacy concerns??
StWs (not verified)
July 22nd, 2010 11:55 am
Browser fingerprinting relies on profiling stack... why be tied to to ONE winsock in windoze? or any other platform? Become your own man in the middle when surfing to wipe out finger prints

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <h1> <h2> <h3> <h4> <h5> <h6> <p> <br>
  • Image links with 'rel="lightbox"' in the <a> tag will appear in a Lightbox when clicked on.

  • Search Engines will index and follow ONLY links to allowed domains.

More information about formatting options

Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.