{"id":38979,"date":"2023-04-06T15:25:32","date_gmt":"2023-04-06T19:25:32","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=38979"},"modified":"2023-04-08T10:32:34","modified_gmt":"2023-04-08T14:32:34","slug":"web-fingerprinting-is-worse-than-i-thought","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/04\/06\/web-fingerprinting-is-worse-than-i-thought\/","title":{"rendered":"Web Fingerprinting Is Worse Than I Thought"},"content":{"rendered":"

Bitestring<\/a> (via Hacker News<\/a>):<\/p>\n

\n

But companies found another way to uniquely identify you across different sessions and websites without using cookies or other persistent storage. It’s called web fingerprinting. Fingerprinting is a more sophisticated approach to identify a user among millions of others. It works by studying your web browser and hardware configuration. Many websites use a fingerprinting library to generate a unique ID. This library collects data from multiple JavaScript APIs offered by your web browser. For example, websites can see web browser version, number of CPUs on your device, screen size, number of touchpoints, video\/audio codecs, operating system and many other details that you would not want a typical news website to see.<\/p>\n

All of these values are combined to generate a unique ID. Surprisingly, each user’s device and browser specifications differ so much that they get a unique ID among millions.<\/p>\n

I did not think web fingerprinting is serious until I came across a company which is actually selling fingerprinting as a service to other websites. I tried their demo and shocked how accurate it is. Many ecommerce websites use it because these fingerprinting companies sell it, saying it prevents credit card frauds and increases security of the websites.<\/p>\n<\/blockquote>\n\n

Nick Heer<\/a>:<\/p>\n

\n

My visitor ID was stable in Safari after visiting fingerprint.com only in private windows across two separate sessions. This, despite using Safari’s anti-tracking features, having iCloud Private Relay switched on, and using browser extensions which limit what kinds of scripts are able to run in my browser — and, again, accessing it only in private windows. On its homepage, FingerprintJS says the “VisitorID will remain the same for years, even as browsers are upgraded”. It can be, near as makes no difference, a permanent personal identifier.<\/p>\n<\/blockquote>\n\n

Previously:<\/p>\n