Browser Fingerprinting Phone

Browser fingerprinting: What it is and whether you should worry about it

SecurityCategory
5 min read
Tom Rankin

It seems as though user safety and security has been a white hot subject for aeons. It’s certainly always been a popular topic online, and the latest buzzword to learn is “browser fingerprinting.”

A browser fingerprint works much like a physical one. In short, it enables savvy analytics app users to identify individuals simply by studying the information their browsers leave behind when navigating your website.

This post will look at browser fingerprinting in more detail, and discuss when it’s useful and if there are drawbacks. We’ll also talk about how recent data processing laws impact whether you should use it or not. Let’s get started!

What is browser fingerprinting?

Of course, we’re all identifiable from our fingerprint — a unique pattern in the skin on our fingers. Though, you’ll usually only be identified in this way when a crime has been committed, and the police need to match prints left at the scene with a name.

However, this concept of fingerprinting can also be applied to other areas. Because a fingerprint is essentially a unique identifier distinct from your most recognizable elements (i.e. your facial features), the term can also be used to describe the trail of information you leave online.

For example, consider browsing to a website. Unless you’re using a video chat service, there will be no visual elements linking you to that site. However, there are plenty of unique elements that make up your virtual presence, and all it takes is a sophisticated tracker to piece them together.

Usually, these elements fall into two camps:

  • HTTP headers
  • JavaScript elements

The former is pretty simple, as they’re part of practically every HTTP request. However, the latter can provide plenty of specific data relating to your browsing patterns. This includes aspects such as your time zone and date, the browser you’re using and the platform it runs on, the system fonts you use, and the browser’s installed plugins.

Individually, these elements might tell you very little. However, when combined, they can make up a fully unique profile of an individual user, known as a device or browser fingerprint.

How is browser fingerprinting used?

In a nutshell, fingerprinting is primarily used for long-term profit-making opportunities — by which we mean ads. Companies that implement this tactic are looking to ascertain who you are, how you browse the web, what you’re interested in, and what you purchase.

By curating user fingerprints, they end up with profiles that can be used to tailor content and ads to each person’s specific tastes. This obviously increases the likelihood that those users will end up spending money.

Browser fingerprinting can also be used in the place of cookies, and is arguably a better option for ad servers. In fact, fingerprinting can effectively reassemble a tracking cookie after it’s been deleted. What’s more, third-parties can track you across the web based on the nature of the data collected.

Of course, for the end user, this sounds like a scary prospect. However, for a business, this presents a potential golden opportunity to earn money.

Is browser fingerprinting a tactic you should use?

As the saying goes: every cloud has a silver lining. However, when it comes to browser fingerprinting, this aphorism is inverted. In other words, the upsides of the tactic are soured by the downsides.

There’s no doubt that browser fingerprinting and its variants are the ultimate in customer profiling tactics. However, it’s slowly becoming a technique that many companies (including Apple) want to see stopped.

End users are also pushing back against browser fingerprinting.

Tactics to strip away any tell-tale information from your browsing history have become popular, leading to so-called “incognito” or private tabs and windows, which includes the slow-and-steady rise of search engines that enable you to search anonymously, such as DuckDuckGo, and sites such as Am I Unique? and Panopticlick, and much more.

Browser Fingerprinting Digital

Overall, when it comes to whether you should use this tactic, it doesn’t really matter that it’s a useful way to profile your visitors. End users are concerned, which should be enough to stop you in your tracks. Plus, now that some big-name businesses are getting involved by hard-coding ways to stop the practice, there’s little sense in funneling resources away from more traditional approaches.

How does the GDPR impact the use of browser fingerprinting?

You might not be surprised to learn that the General Data Protection Regulation (GDPR) has an effect on the use of browser fingerprinting. In fact, we may see the tactic evolve, given that websites now need to be transparent regarding how they handle personal data.

The data you collect through browser fingerprinting methods is classed as personal information, and as such has to be treated like any other data passing through your site.

Rather than seeing a specific mention of browser fingerprinting within the GDPR, therefore, you’ll find the various elements referred to throughout the entire regulation. When handled correctly, you can stay on the right side of the law, but you’re still likely to get pushback from your user base.

Use browser fingerprinting wisely

We’ll admit that these are tricky times when it comes to how we communicate with others, especially when their personal data is involved. However, with the introduction of the GDPR, we at least have some legal clarity on the best approach.

Browser fingerprinting has been a common tactic of user profiling for some time (albeit in varying degrees of application). It’s arguably the best way of finding out how your business is being accessed. However, if you don’t take the correct measures to look after your users’ data, the tactic could do irreparable damage.

Related: 5 best practices for customer data management