Everything you always wanted to know about web-based device fingerprinting (but were afraid to ask)

Опубликовано 27 июля 2016, 2:27

Billions of users browse the web on a daily basis, and there are single websites that have reached over one billion user accounts. In this environment, the ability to track users and their online habits can be very lucrative for advertising companies, yet very intrusive for the privacy of users. In this talk, we are going to take a step back and describe many aspects of web-based device fingerprinting, i.e., the ability to tell users apart, without the use of cookies or any other client-side identifiers, by associating browsing environments with users. We will explain how device fingerprinting works on the current web, who are the big players offering fingerprinting-as-a-service as well as who are their clients. Moreover, we will demonstrate that most of the current methods of protecting one's self against fingerprinting, not only do not work, but often make the user more fingerprintable than before. Our work shows that user-fingerprinting is on the rise, and calls for further attention of fingerprinting and its consequences, from the technical as well as legal community.