Ever want to know what browser fingerprinting is or how it is done?
What is Browser Fingerprinting?
A browser or device fingerprint is a term used to describe an identifier generated from information retrieved from a single given device that can be used to identify that single device only. For example, as you will see below, browser fingerprinting can be used to generate an identifier for the browser you are currently viewing this website with. Regardless of you clearing your cookies (which is how most third party companies track your browser) the identifier should be the same every time it is generated for your specific device/browser. A browser fingerprint is usually generated from the browsers user agent, timezone offset, list of installed plugins, available fonts, screen resolution, language and more. The EFF did a study on how unique a browser fingerprint for a given client can be and which browser information provides the most entropy. To see how unique your browser is please check out their demo application Panopticlick.
What can it used for?
So, if this is how it is usually done why do we care about browser fingerprints? Well, the main problem with cookies is they can be volatile, if you manually delete your cookies then the company that put that cookie there loses all association with you and any data they have on your is no longer useful. As well, if a client does not allow third party cookies (or any cookies) on their browser then the company will be unable to track the client at all.
How do we do it?
Collision? Yes, if you end up with two laptops each of the same make, model, year, os version, browser version with the exact same features and plugins enabled then the hashes will be the exact same and anyone relying on their fingerprint will treat both of those devices as the same. But, if you read the white paper by EFF listed above then you will see that their method for generating browser fingerprints is usually unique for almost 3 million different devices. There may be some cases for companies where that much uniqueness is more than enough to use and rely on fingerprints to identify devices and others where they have more than 3 million users.
Where does this really come into play? Most websites usually have their users create and account and log in before allowing them access to portions of the site or to be able to lookup stored information, maybe their credit card payment information, home address, e-mail address, etc. Where browser fingerprints are useful is for trying to identify anonymous visitors to a web application. For example, third party trackers who are collecting search or other kinds of data.
Your fingerprintjs Fingerprint: Could not generate fingerprint
Resources: * panopticlick.eff.org - find out how rare your browser fingerprint is. * github.com/Valve/fingerprintjs - client side browser fingerprinting library.