User data is probably web publishers’ greatest resource. When we think in terms of behavioural targeting, user data (browser fingerprinting) is indispensable. However, its collection is now more difficult than ever.
While that’s already a struggle for publishers, web browsers have also been suppressing browser fingerprinting, a rather clandestine technique which helps in getting details about the user’s device but is highly privacy-invasive in nature.
In this blog, we will discuss what exactly browser fingerprinting refers to, how it compares with cookies, and how it’s faring in the age of privacy laws.
What is Browser Fingerprinting?
Also known as device fingerprinting, browser fingerprinting is a process through which information about a device is collected via a web browser. The set of information related to the device is referred to as a browser fingerprint. Each device or browser has a unique configuration and the specific information can be used to develop a digital fingerprint of that device.
But what kind of information is collected for creating a digital fingerprint?
A number of data points are used for browser fingerprinting, some of which have been listed below.
- Current IP address
- Client time zone
- User agent string
- HTTP request headers
- Installed plug-ins, their updates and versions
- List of mime-types
Methods used for Browser Fingerprinting
Websites use multiple methods for tracking users on the internet. This process is done so smoothly you wouldn’t even notice the transaction happening.
The browser fingerprinting technology allows websites to interact with a user’s browser and collect related information.
In this section, we’ll prove all the information you need about how this interaction happens and how the information is obtained.
Through cookies and tracking
One of the most commonly used methods for browser fingerprinting is by using cookies. The cookies are small packers of files stored on your computer- which contains text that provides information about improving user experience.
Through cookies, websites remember and track individual users and their devices by loading small data packets onto your computer.
For example, if a website knows you’re using a Samsung phone, it will provide you with the best settings for your samsung. In a similar manner, cookies store information on a user’s browsing activity, interests, habits, and much more.
Canvas fingerprinting is a newer method of collecting browsing information. This new tracking method is enabled by a new coding feature in HTML5.
HTML5, is actually a new coding language employed for building websites. Within the HTML5, there’s an element called ‘canvas.’ And originally, the canvas element of HTML5 was used for drawing graphics on a web page.
In simple words, the HTML5 canvas element collects information such as active background color settings, font size, and other important settings of the visitor’s browser.
As compared to cookies, canvas fingerprinting won’t load anything on the user’s computers, hence, they’ll not be able to delete any data because it is not stored anywhere.
Browser Fingerprinting Vs. Web Cookies
Browser fingerprinting can develop a much more accurate user profile than cookies, which makes it a highly sophisticated technique. Moreover, the various limitations associated with cookies has enabled the increased use of browser fingerprinting. Some common cookie limitations are:
- Privacy settings allow users to delete cookies.
- Cookies are not a feasible way to track users across mobile devices.
- Ads can be detected easily by ad blockers if cookies are being used.
Furthermore, device fingerprints are stored server-side as opposed to client-side, where web cookies are stored. This means that the user cannot delete the fingerprint on their own, as is the case with cookies.
These days, multiple devices are being used by an individual, which poses a great challenge for effectively targeting users. Web cookies aren’t equipped to track users across devices properly. However, by using browser fingerprinting, websites can collect information regarding different devices that are being used by an individual. This can help companies in creating an all-rounded profile about the user, thereby allowing them to serve user-specific ads.
Additionally, the digital fingerprint for a user is highly specific. The chances of two people sharing a digital fingerprint is unlikely. This is because a number of parameters are taken into consideration. Even if two individuals are using the same device model, their browser configuration is bound to be different. Since the number of data points collected is varied and large, browser fingerprinting is able to generate a highly accurate digital fingerprint.
Moreover, when information collected via browser fingerprinting is utilized along with data gathered by web cookies, the user can be tracked in an enhanced way. This can help publishers greatly when it comes to serving meaningful ads.
Browser Fingerprinting vs. IP address
Many people know that they can hide their online identity by covering their IP address. IP address protocols are designed in a way they send a request for a receiving web server each time there is user-interaction with a website – this happens because the receiving server always needs an IP address for sending a response.
This proves that the IP address of a computer is one of the most authentic strings of numbers which point at a device. Some website owners are also able to track other websites visited by their target audience. They can also peep into the accounts you’re logging into, and also track your geo-location from time to time.
Other Use of Device Fingerprinting
As users can be tracked and identified effectively via browser fingerprinting, the technique is of great importance in the ad tech industry. But apart from that, the highly specific and accurate nature of browser fingerprinting has made it important for mitigating fraud risks.
Here are a few other ways browser fingerprinting is being utilized at the present time:
- For preventing bank and credit card fraud: The technique can be used for identifying if a credit card is being used from a different device. It can further detect the hijacking of an internet banking session.
- For analytics and tracking: Browser fingerprinting is being used extensively for identifying the users that are returning to websites. When it comes to web analytics, it can accurately track and report on unique users.
- Mitigating e-commerce fraud: The adoption of browser fingerprinting is also increasing for tracking whether an order is being placed by a genuine customer or not.
Browser Fingerprinting in the Age of Privacy Laws
Under privacy laws such CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation), users are provided with specific rights for protecting their personal information. For example, under CCPA, a user has the right to know what kind of private information is being collected about them. Similarly, under GDPR, businesses need to ask for user’s consent before collecting their personal information.
It is true that device fingerprinting uses information regarding users’ devices rather than their personal information, such as IP addresses. But this does not mean that it can steer clear of violating any privacy laws. The definition of “personal information” by GDPR, in fact, includes data points that are used for creating device fingerprints.
Therefore, browser fingerprinting is not better off than cookies in light of privacy laws. Companies who need to use this technique will have to make sure that the user is consenting to share their personal information. Moreover, they need to have ‘legitimate interest’, as per GDPR, for asking for user information.
How effective is device fingerprinting?
Ask impression tracking vendors about the efficiency of browser fingerprinting and they’ll call it 95% accurate.
Dig a bit deep and you’ll figure out that the accuracy of browser fingerprinting isn’t as great in the long run.
However, this technology when compared with deterministically matched attribution, it turns out that fingerprinting is 98% accurate when the match is done within the first ten minutes. But, when the attribution window is after 10 minutes or up to three hours, the accuracy actually drops to 80%. Similarly, it drops up to 50% between three to twenty-four hours.
Without specific information regarding the user, the ad tech industry will have a hard time serving targeted ads. This can seriously hamper the growth of the industry.
Presently, browser fingerprinting is facing the same issues as web cookies. But publishers can still leverage the technique by ensuring compliance with different privacy laws. Browser fingerprinting certainly has many advantages over cookies. So, if publishers manage to use it without violating any laws, it can prove to be a helpful tool.
Frequently Asked Questions
Q1. What is device fingerprinting?
Websites use device fingerprinting to collect information about a user’s browser type and version, active plugins, timezone, language, operating system, screen resolution and multiple other active settings.
Q2. Where is browser fingerprinting data stored?
Unlike web cookies that are stored on a user’s device (client’s side), device fingerprints are stored in a database (server-side).
Q3. How unique are browser fingerprints?
In majority of cases, browser fingerprints are unique. In case a browser fingerprint turns out to be non-unique, device’s IP address is added to make it unique. This means that the user cannot delete the fingerprint on their own, as is the case with cookies.