The arms race between Internet marketers, who want as much of your personal information as possible, the better to sell you things – and Internet users, who want to keep their information private, but at this point have no idea how to do it, has just escalated again. As the Internet cookie has become endangered, with more and more users rejecting and turning off cookies while browsing, a new way to uniquely identify individual users has arisen: Internet fingerprinting, based on your computer’s unique profile. What is Internet fingerprinting? Read on.
The concept isn’t entirely new. For example, we first wrote about clock skew Internet fingerprinting back in 2005! In part, here is what we had to say about it:
It is now possible to track and identify a computer anywhere it goes on the Internet by using its clock skew as a method for fingerprinting it. Clock skew is what a computer thinks the time is as compared to other time-keeping with which it is interfacing. And when measured against other quantifiable processes when the computer is connected to the Internet, it can apparently provide a reliable fingerprint, unique and allowing it to be tracked across the Internet. Voila. The clock skew fingerprint.
However, the new Internet fingerprint technology is much more insidious, and provides much more information about the individual user (i.e. you).
The way that your Internet fingerprint is identified is through discovery of all sorts of aspects of what you have on your computer – things that are readily indentifiable through your browser, and most especially if you have Java or Flash installed. Things such as what browser you are using, what plugins you’ve added to that browser, what other discoverable software you have installed, what fonts you use, the size of your screen, and many other such things.
When taken as a whole, your computer’s fingerprint is nearly as unique as actual fingerprints. It is extremely unlikely that your exact configuration of hardware, software, plugins, etc., is going to match the exact configuration of anyone else’s computer. Even if it did, it will be far more different from the vast majority of Internet users out there than it will be the same.
And, not only is Internet fingerprinting more effective inasmuch as the user doesn’t have to “accept” it, like they do a cookie, but it also works with mobile phones, which cookies do not.
The Electronic Frontier Foundation (EFF) has a page where you can test just how much information your browser and computer configuration are broadcasting about you. You can test it here.
So, what can you do to minimize your Internet fingerprint, so to speak?
That will be our next article.