Visitors to websites may think their visits are anonymous, but digital techniques can reveal their identities to site operators and track their movements online more revealingly than they realize. Web fingerprinting, also known as device fingerprinting, machine fingerprinting, or browser fingerprinting, probes web browser and device (computer, smartphone, or tablet) properties, such as screen size, browser plugins, time zones, and system fonts. In most cases, the combination of these properties will be unique and can be used like a fingerprint to identify a user thereafter. (That combination may not necessarily be linked to an individual’s name and full identity, but the user still ceases to be anonymous by becoming recognizable.) Once users are identified, websites can secretly track them. At best web fingerprinting is used for fraud detection by credit card companies and financial institutions, for example. Alternatively, it also is used for analytics, marketing, or for obtaining a user’s entire online history. See also: Internet; World Wide Web

A browser fingerprint is a unique identifier used to track devices and compile a user profile. (Credit: Mark Gabrenya/Getty Images)

Researchers from Lehigh University and Washington University in St. Louis have taken web fingerprinting to the next level. Reporting in February 2017 at the Network & Distributed System Security Symposium (NDSS) in San Diego, California, they described a technique that can fingerprint 99.24 percent of users even if they switched from one browser to another by exploiting operating system and hardware (such as central processing unit or computer graphics card) features. Comparatively, present single-browser tracking techniques can effectively fingerprint only 90.84 percent of users. See also: Computer architecture; Microprocessor; Operating system

What can users do to protect their privacy against this technology? Not much. At present, the most commonly used browsers cannot block web fingerprinting. Disabling cookies and enabling all of a browser’s privacy controls will only make a user’s browser look more unique, since most browsers will not have those settings configured. Disabling scripting software, such as JavaScript and Flash scripts, which are used for fingerprinting, will essentially disable the browser’s functionality. A few available browser extensions (add-ons), such as the Electronic Frontier Foundation’s Privacy Badger, can stop browsers from loading web pages from ad servers (third-party sites) that seem to be tracking site visitors. However, this add-on will not stop users’ own favorite websites (first-party sites) from tracking them. See also: Computer security; Software