User data is probably web publishers’ greatest resource. When we think in terms of behavioural targeting, user data is indispensable. However, its collection is now more difficult than ever.
While that’s already a struggle for publishers, web browsers have also been suppressing browser fingerprinting, a rather clandestine technique which helps in getting details about the user’s device but is highly privacy-invasive in nature.
In this blog, we will discuss what exactly browser fingerprinting refers to, how it compares with cookies, and how it’s faring in the age of privacy laws.
What is Browser Fingerprinting?
Also known as device fingerprinting, browser fingerprinting is a process through which information about a device is collected via a web browser. The set of information related to the device is referred to as a browser fingerprint. Each device or browser has a unique configuration and the specific information can be used to develop a digital fingerprint of that device.
But what kind of information is collected for creating a digital fingerprint? A number of data points are used for browser fingerprinting, some of which have been listed below.
- Current IP address
- Client time zone
- User agent string
- HTTP request headers
- Installed plug-ins, their updates and versions
- List of mime-types
Browser Fingerprinting Vs. Web Cookies
Browser fingerprinting can develop a much more accurate user profile than cookies, which makes it a highly sophisticated technique. Moreover, the various limitations associated with cookies has enabled the increased use of browser fingerprinting. Some common cookie limitations are:
- Privacy settings allow users to delete cookies.
- Cookies are not a feasible way to track users across mobile devices.
- Ads can be detected easily by ad blockers if cookies are being used.
Furthermore, device fingerprints are stored server-side as opposed to client-side, where web cookies are stored. This means that the user cannot delete the fingerprint on their own, as is the case with cookies.
These days, multiple devices are being used by an individual, which poses a great challenge for effectively targeting users. Web cookies aren’t equipped to track users across devices properly. However, by using browser fingerprinting, websites can collect information regarding different devices that are being used by an individual. This can help companies in creating an all-rounded profile about the user, thereby allowing them to serve user-specific ads.
Additionally, the digital fingerprint for a user is highly specific. The chances of two people sharing a digital fingerprint is unlikely. This is because a number of parameters are taken into consideration. Even if two individuals are using the same device model, their browser configuration is bound to be different. Since the number of data points collected is varied and large, browser fingerprinting is able to generate a highly accurate digital fingerprint.
Moreover, when information collected via browser fingerprinting is utilized along with data gathered by web cookies, the user can be tracked in an enhanced way. This can help publishers greatly when it comes to serving meaningful ads.
As users can be tracked and identified effectively via browser fingerprinting, the technique is of great importance in the ad tech industry. But apart from that, the highly specific and accurate nature of browser fingerprinting has made it important for mitigating fraud risks.
Here are a few other ways browser fingerprinting is being utilized at the present time:
- For preventing bank and credit card fraud: The technique can be used for identifying if a credit card is being used from a different device. It can further detect the hijacking of an internet banking session.
- For analytics and tracking: Browser fingerprinting is being used extensively for identifying the users that are returning to websites. When it comes to web analytics, it can accurately track and report on unique users.
- Mitigating e-commerce fraud: The adoption of browser fingerprinting is also increasing for tracking whether an order is being placed by a genuine customer or not.
Browser Fingerprinting in the Age of Privacy Laws
Under privacy laws such CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation), users are provided with specific rights for protecting their personal information. For example, under CCPA, a user has the right to know what kind of private information is being collected about them. Similarly, under GDPR, businesses need to ask for user’s consent before collecting their personal information.
It is true that device fingerprinting uses information regarding users’ devices rather than their personal information, such as IP addresses. But this does not mean that it can steer clear of violating any privacy laws. The definition of “personal information” by GDPR, in fact, includes data points that are used for creating device fingerprints.
Therefore, browser fingerprinting is not better off than cookies in light of privacy laws. Companies who need to use this technique will have to make sure that the user is consenting to share their personal information. Moreover, they need to have ‘legitimate interest’, as per GDPR, for asking for user information.
Without specific information regarding the user, the ad tech industry will have a hard time serving targeted ads. This can seriously hamper the growth of the industry.
Presently, browser fingerprinting is facing the same issues as web cookies. But publishers can still leverage the technique by ensuring compliance with different privacy laws. Browser fingerprinting certainly has many advantages over cookies. So, if publishers manage to use it without violating any laws, it can prove to be a helpful tool.