When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability.
The concept itself is still very much relevant today. Fingerprinting is considered a necessary practice to fight challenges such as fake accounts and the misuse of internet services. However, online fingerprinting is also being used to track users. Now, fingerprinting is a tool in the marketer’s toolbox. Has it failed in its initial mission?
If you are not familiar with the concept of online fingerprinting, the principles behind it are very simple. More about it can be found on Smartproxy. Whenever you access a web server, details about your IP address, your browser information, your device information, and other information are recorded in logs. Logged online activities are easier to trace so service providers can perform the necessary security check if one is required.
Fingerprinting makes it difficult for irresponsible parties to create fake accounts or social media pages. Service providers can recognize signs of fake accounts from similarities in their fingerprints, allowing further action to be taken against those accounts. In the era of bots and fake news, fingerprinting is supposed to work seamlessly.
The Electronic Frontier Foundation (EFF) recently revealed just how many details are leaked and stored when you access a web server. The number
of details that are recorded is simply staggering, with information such as your approximate location, the referrer site, and whether you have Do Not Track activated being leaked.
Online fingerprinting, which started life as a security and accountability measure, is now being used to identify internet users for other purposes. Rather than for logging online activities, online fingerprinting becomes a way to track users for advertising and other commercial purposes. It is used openly too.
The privacy risks associated with online or browser fingerprinting today are real. An IP address and some additional details about your browser or device can be used to track your activities from one site to another. Advertisers are amassing a huge amount of data and creating a comprehensive profile on you as an internet user.
Device fingerprinting does reveal a lot about who you are. Aside from the type of device you use, web servers also get information about your operating system and which version you use, your browser details, other settings that are shared by default, and of course your approximate location based on your time zone and IP address.
As more of these details are stored and processed, a better profile of you is created. By enriching online activity data with spending habits and past purchases, for example, advertisers can time the display of visual ads perfectly to maximize conversion. This is why you often see ads for hotels in a specific location after performing a search for holiday destinations.
While the practice is harmless from the outside, it is actually a series of serious privacy risks that must be mitigated. When you share too much information online, you become a target of highly effective marketing campaigns. This usually leads to you spending more money on items and experiences you don’t really need, simply because you are bombarded with advertising messages.
At the same time, the profile that advertisers can create reveals a lot. The more information they store, the higher the risk of a data breach. When that sensitive, granular data is leaked, regaining your online privacy becomes virtually impossible. The tracking methods used are also becoming more sophisticated and captures a lot more data than before.
As mentioned earlier in the article, the principles behind device or online fingerprinting are good. By carefully logging online activities, problems that we now face – such as fake accounts, the spread of fake news, and negative online experiences – can be dealt with effectively. After all, bots will share fingerprints with their real users.
The use of device and online fingerprinting for commercial purposes, however, needs to be stopped. Tracking is only harmless when there is no real data collected and stored; that’s impossible, isn’t it? Advertisers are adding new data nodes in order to gain a more holistic understanding of who you are as an audience and customer.
There are regulations that are trying to stop these bad practices, but regulations alone are not enough. GDPR, for instance, gives users more options when it comes to managing their personal information. Still, GDPR and its enforcement aren’t enough to stop advertisers from actively tracking users based on their fingerprints.
Specific regulation on online fingerprinting is required. Invasion of privacy is a serious issue in the information era of today, so it is only natural for practices like fingerprinting and tracking to be strictly regulated. The last thing we want is for measures that were meant for enhancing security to be used for malicious purposes.
About the essayist: Ebbe Kernel is a Swedish data gathering analyst and consultant. He advises data providers and large companies on in-house data acquisition solutions.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-what-everyone-should-know-about-the-pros-and-cons-of-online-fingerprinting/