With many Internet users concerned the National Security Agency is tracking their Web browsing activity, Belgian researchers have released another study showing it’s not just government following our activity – marketers and major Web sites are doing it, too.
In a study by researchers from the University of Leuven in Belgium, it came to light that about 145 of the world’s top 10,000 Web sites have been tracking users without their knowledge or consent – even if they’re using the Do Not Track HTTP header on their browsers. The researchers did not disclose which sites were tracking its visitors.
“Device fingerprinting raises serious privacy concerns for everyday users. Its stateless nature makes it hard to detect (no cookies to inspect and delete) and even harder to
opt-out,” researchers noted in their report.
“Moreover, fingerprinting works just as well in the ‘private-mode’ of modern browsers, which cookie-conscious users may be utilizing to perform privacy-sensitive operations.”
Device fingerprinting involves collecting the screen size, versions of installed software and plugins, and the list of installed fonts for PCs, smartphones, and tablets. That makes it easier to track users and identify who they are, because for the most part, the combination of these factors is unique to each device. And with the rise of smartphones and tablets, marketers and advertisers are also able to track users across devices.
While device fingerprinting can also be used in cybersecurity in fraud detection, protection against account hijacking, anti-bot services, and anti-scraping services, researchers said they also found marketers were putting fingerprinting scripts in advertising banners and Web widgets.
The researchers’ tool, FPDetective, zeroes in on detecting fingerprinting through font detection, rather than checking databases of known fingerprinters or blacklisted third-party trackers. Developed as a crawler using two instrumented browsers, PhantomJS and Chromium, the tool visits Web sites and collects data about font loading, or accessing browser properties, in case those activities point to fingerprinting.
“Our findings demonstrate that web fingerprinting is a real and growing issue, deserving the attention of both policymakers and the research community,” the researchers concluded in their report.
“We hope that our framework, which is freely available to other researchers and can easily be extended to conduct further studies, will contribute to addressing this issue by providing a means to shed light on web fingerprinting practices and techniques.”