I want to revisit some of the most promising fingerprinting techniques. To get up to speed, fingerprinting is a method of tracking users without a direct user ID. It is done by collecting various parameters and comparing the combination. I want to look into hardware-based fingerprinting, which includes collecting device information.
High Uniqueness: Hardware-based fingerprinting leverages the unique characteristics of each device's components. Graphic processing units (GPU), for example, vary between different devices. Even among the same model, they have different performance characteristics.
Persistence: Unlike cookies that can be cleared, hardware information are difficult to alter. It can happen not only when changing the hardware, but also with driver updates. But this doesn't happen too often and makes them highly persistent.
Accuracy: By combining GPU with other device attributes, the accuracy becomes very high. We are talking about CPU, installed fonts, and screen resolution among others.
Data Collection:
JavaScript and WebGL: Scripts can run in the browser to collect data about GPU. For instance, using WebGL, websites can query detailed information about the GPU.
Benchmarking: Some fingerprinting scripts perform lightweight benchmarking tasks to measure the performance.
Information Gathered:
GPU Model and Vendor: The exact model and manufacturer.
Renderer Information: Details about the rendering capabilities and performance.
Texture and Shading Information: Data on texture formats and shader capabilities.
Combining Data Points:
This information is combined with other data points to create a unique combination.
These data points are hashed to create a unique identifier or fingerprint for the device.
The use cases are all the same
Tracking and Analytics: Understanding user behavior across sessions and devices.
Fraud Prevention: Identifying suspicious activity by detecting anomalies in device fingerprints.
Targeted Advertising: Serving personalized ads based on persistent user profiles.
User Privacy Concerns: The detailed nature of fingerprinting raises significant privacy issues. Users are often unaware that such detailed information is being collected.
Legislative Actions: Regulators impose restricsions on collecting personal data without explicit consent.
Counter-Fingerprinting Technologies:
Browser Extensions: Some tools can block or randomize fingerprinting scripts.
Built-In Browser Protections: Some browsers, have built-in protections against fingerprinting. They either block or alter some of the information, making it not usable.
Fingerprinting using GPU and other hardware information is highly precise and persistent. It's not without its downsides, including privacy concerns. But we should be aware of available tools and technology, to be able to use or control its use by others.