The wicked online tracking: the fingerprint of devices
Consumers can delete their cookies, but not their fingerprint online.
Many consumers know that cookies track activity on the internet and their use is reasonably well regulated. But online fingerprinting (also called device fingerprinting) is not so well understood. We believe that the mainstream media are greatly underestimating its importance.
The fingerprint of the device is created by tracking software on websites, used to collect information about the device used, such as the make, model, operating system, browser and even the installed software . This information is used to identify your device’s unique fingerprint on the internet.
Consumers can delete their cookies and websites need to notify them and obtain their consent before they can use them. But that doesn’t happen with fingerprinting, which is becoming more common as cookie tracking becomes more watched.
The New York Times recently highlighted the problem, but suggested that the tactic would be used by less than 5% of sites. We believe this is underestimated.
What worries about digital printing is that, due to the exclusivity of its hardware and software components, users can be identified with an accuracy greater than 95%. This allows the person who identified the fingerprint to have a clear idea of who you are, even if you have not granted permission to these third parties to collect personal information.
After your fingerprint is collected and combined with the record of your internet usage and browsing history, a complete picture of your online history, preferences, activities and even life circumstances can be connected to a specific device and then to the owner.
The Mozilla study cited in the New York Times found that 3.5% of the most popular websites use fingerprints to track users. It may be that only a small percentage of these sites deploy scripts that are recognized as unique fingerprint trackers. It may seem that only a minority of sites track fingerprints, but we also know that the majority of web traffic passes through the most popular sites on the internet. The really telling figure is the number of internet users that can be identified by the information already collected about them online.
This Princeton University study shows that 60% or more of the top 1,000 sites share information with third parties, and many of them create online profiles or fingerprints of site visitors, which are sold to advertisers and data companies. In another finding from the Mozilla study, 96.5% of sites, while not using fingerprint-based tracking, have access to third-party fingerprints.
The important thing is that there is no way for the average user to know which sites create fingerprints from their devices, as these scripts look like any other that runs on a site. Scripts work in the background on websites and can be used for legitimate purposes, such as rendering videos, photos and more. However, these same scripts can also be used for harmful purposes, such as collecting data about the user.
You can imagine what companies do with the information they collect. The vast majority of companies use this data to deliver ads to you and personalize your online experience.
Some companies use your data online to make inferences that could unfairly harm you as a consumer.
For example, you search for “chest pain” online → a website sells your search history to a health insurance company → that company finds that you are at risk for coronary heart disease and increases your rates.
And more, you share your location → you live in a high-end neighborhood → company x charges higher prices, as it understands that you can pay (and will pay) more
When it comes to digital printing, there is a total lack of transparency with the user, who does not know what information is being collected, who is collecting it and for what purpose. There is also a worrying lack of control for the consumer. It is not possible to decide to take my information with me or remove my information from the systems of the companies that store it. It is not even possible to see which companies have information about me.
Even on sites such as Facebook that have questionable privacy practices, a user can download their information, examine it and make decisions to change or delete it from their profile. Users do not normally have control over the collection of their information on most other sites.
Because our devices are our portals to information and communication (and are used to manage most of our sensitive health and financial information), companies need to be held responsible for tracking. Regulations like the GDPR have appeared to protect the use of personally identifiable information by focusing specifically on cookie-based tracking. But the fingerprint appeared to circumvent these practices and make it possible to track people without restrictions, simply with the assumption that the activities of a device, are probably the actions of a specific user.
The most frightening aspect of online fingerprinting is that once your online profile is created and made available in cyberspace, preventive measures like changing passwords and deleting your browsing history are largely useless . Preventing personal information from leaking may seem impossible. This would require removing your data from hundreds of data intermediaries who already have your information, in addition to doing this regularly. Companies will continue to circumvent any policy or legislation that limits their ability to track it. Consumers, therefore, need to act to protect themselves from the surveillance economy.