Consumers and privacy advocates are forever concerned about the ways they can be tracked online. But it looks like one effective method has not gotten much attention to date: the browser. According to a new study from the Electronic Frontier Foundation, 84% of browsers have an “instantaneously unique fingerprint.” What’s more? Efforts to disguise a browser might actually make consumers more easily identifiable.
Now if only companies were using this information for nefarious purposes, we’d have a real privacy issue on our hands.
The EFF’s Panopticlick project analyzed 470,161 browsers. 83.6% had an “instantaneously unique fingerprint.” The number jumped to 94% for browsers using Adobe Flash
and Oracle’s Java plug-ins. In addition, only 1% of plug-in users’ browsers had fingerprints that were seen more than twice.
Meanwhile, marketers continue to track consumers using HTML and Flash cookies. But that’s becoming less effective. First because regulators and privacy groups don’t like the practice. And there’s also the fact that consumers are increasingly deleting their cookies to avoid being tracked online.
But when they try to protect their browser privacy, the EFF found that individuals actually made themselves more identifiable. According to the study:
“The paradox, essentially, is that many kinds of measures to make a device harder to ﬁngerprint are themselves distinctive unless a lot of other people also take them.”
That’s pretty disturbing. However, it’s not entirely clear that anyone is using this method for nefarious tracking online. Ars Technica found one instance of browser tracking:
That hardly sounds mainstream. According to the EFF:
“There are several companies that sell products which
purport to fingerprint web browsers in some manner, and there are
anecdotal reports that these prints are being used both for analytics
and second-layer authentication purposes. But, aside from limited
results from one recent experiment, there is to our knowledge no
information in the public domain to quantify how much of a privacy
problem fingerprinting may pose.”
In the end, this could be disturbing. If anyone actually starts using it. Namely because it’s harder to track. According to the report:
“As a tracking mechanism for use against people who limit cookies, ﬁngerprinting also has the insidious property that it may be much harder for investigators to detect than supercookie methods, since it leaves no persistent evidence of tagging on the user’s computer.”
But considering the flack that marketers are getting for tracking consumers via cookies, it’s hard to imagine that companies will start tracking people by unique browser now. What would be the point in investing in the area when it’s sure to be a huge red flag for regulators?