![](\"https:\/\/media.wired.com\/photos\/6219825ae15f63f9560fa181\/master\/pass\/GettyImages-1153341063.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Sat, 26 Feb 2022 12:00:00 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n Creepy cookies that<\/span> track all your online activity are (slowly) being eradicated. In recent years major web browsers, including Safari<\/a> and Firefox<\/a>, have restricted the practice. Even Chrome has realized that cookies present a privacy nightmare<\/a>. But stopping them ends only one kind of online tracking\u2014others are arguably worse.<\/p>\n Fingerprinting, which involves gathering detailed information about your browser\u2019s or your phone\u2019s settings, falls into this category. The tracking method is largely hidden, there\u2019s not much you can do to stop it, and regulators have done little to limit how companies use it to follow you around the internet.<\/p>\n The exact configuration of lines and swirls<\/a> that make up your fingerprints are thought to be unique to you. Similarly, your browser fingerprint is a set of information that\u2019s collected from your phone or laptop each time you use it that advertisers can eventually link back to you.<\/p>\n \u201cIt takes information about your browser, your network, your device and combines it together to create a set of characteristics that is mostly unique to you,\u201d says Tanvi Vyas, a principal engineer at Firefox. The data that makes up your fingerprint can include the language you use, keyboard layout, your timezone, whether you have cookies turned on, the version of the operating system your device runs, and much more.<\/p>\n By combining all this information into a fingerprint, it\u2019s possible for advertisers to recognize you as you move from one website to the next. Multiple<\/a> studies<\/a> looking at fingerprinting have found that around 80 to 90 percent of browser fingerprints are unique. Fingerprinting is often done by advertising technology companies that insert their code onto websites. Fingerprinting code\u2014which comes in the form of a variety of scripts, such as the FingerprintJS library<\/a>\u2014is deployed by dozens of ad tech firms<\/a> to collect data about your online activity. Sometimes websites that have fingerprinting scripts on them don\u2019t even know about it<\/a>. And the companies are often opaque and unclear in the ways they track you.<\/p>\n Once established, someone\u2019s fingerprint can potentially be combined with other personal information\u2014such as linking it with existing profiles or information murky data brokers hold about you. \u201cThere are so many data sets available today, and there are so many other means to connect your fingerprint with other identifying information,\u201d says Nataliia Bielova, a research scientist at France\u2019s National Institute for Research in Digital Science and Technology, who is currently working at the French data regulator, CNIL.<\/p>\n Fingerprinting evolved alongside the development of web browsers and is intertwined with the web\u2019s history. As browsers have matured they have communicated more with servers\u2014through APIs and HTTP headers\u2014about people\u2019s device settings, says Bielova, who has studied the development of fingerprinting<\/a>. The Electronic Frontier Foundation (EFF) first identified fingerprinting back in 2010<\/a>. Since then fingerprinting has become increasingly common as advertisers have tried to get around cookie blocks and limits put on ad tracking by Google<\/a> and Apple<\/a>.<\/p>\n While there\u2019s little transparency around the companies that run fingerprinting scripts, the practice is verifiably widespread across the web. Many of the websites you visit will fingerprint your device; research from 2020<\/a> found a quarter of the world\u2019s top 10,000 websites running fingerprinting scripts.<\/p>\n New ways of fingerprinting are being created too. \u201cThe existing fingerprinting algorithms are not the upper boundary in terms of trackability,\u201d says Gaston Pugliese, a research fellow at Friedrich-Alexander-Universit\u00e4t in Germany, who has studied the long-term impact of fingerprinting<\/a>. For instance, earlier this year researchers proved they could create fingerprints of GPUs<\/a> to identify people. Tracking people across different browsers<\/a> is also possible.<\/p>\n But not all fingerprinting is bad. David Emm, a principal security researcher at Kaspersky, says the technique can often be used as a way to spot potential fraud, such as banks using it to identify suspicious behavior.<\/p>\n However, the widespread use of fingerprinting for targeted advertising and tracking people\u2019s online movement raises legal problems. Across Europe regulators have been calling for a clampdown on cookie banners<\/a>, which appear on websites asking people if they give their permission to be tracked. The banners are so ubiquitous (and frustrating) that people largely click Accept and don\u2019t understand how they are agreeing to be tracked\u2014that\u2019s leaving aside the fact that many cookie banners may not even do what they claim<\/a>.<\/p>\n In Europe fingerprinting falls under the same General Data Protection Regulation<\/a> and marketing rules<\/a> as cookies, says Elle Hunt, a partner specializing in data and tech at law firm Reed Smith. European regulators have warned since 2014<\/a> that fingerprinting \u201cpresents serious data protection concerns,\u201d and Hunt says many websites don\u2019t tell consumers that they may track people with fingerprinting. \u201cI think that a lot of companies don't realize, and they think that this is a nice way to get around the cookie rules,\u201d she says.<\/p>\n Unlike cookies, it\u2019s hard to stop fingerprinting. Cookies are stored in your browser, and it\u2019s possible to delete your cookie history, block them, or turn them off entirely. \u201cWith the fingerprinting, it's all invisible,\u201d Emm says. \u201cPeople don't know about it; they don't see it.\u201d When the EFF first detailed fingerprinting in 2010, it said it was \u201cakin to a cookie that cannot be deleted.\u201d<\/p>\n Various browser plugins claim to help reduce or stop fingerprinting, but there\u2019s a mix in quality. A 2019 study by a researcher from Snap and two US<\/a> academics found many anti-fingerprinting tools aren\u2019t that useful. The biggest thing you can do to stop fingerprinting is pick a browser that limits tracking and increases privacy<\/a>.<\/p>\n \u201cThe most promising approach that is also built into browsers nowadays is the approach of the Tor browser,\u201d Pugliese says. To prevent fingerprinting, Tor<\/a> tries to standardize all the parts of its browser so everyone appears to have the same fingerprint. Tor isn\u2019t always practical, though; some websites will break, and many companies don\u2019t allow it on corporate networks. Other browsers, including Firefox and Brave, have their own anti-fingerprinting methods. Firefox blocks third-party requests<\/a> to companies that fingerprint, while Brave adds noise by randomizing fingerprints<\/a>.<\/p>\n \u201cIn the fingerprinting space, browsers are going to have to evolve,\u201d says Firefox\u2019s Vyas, adding that anti-fingerprinting technology needs to change in a way that doesn\u2019t break parts of the web. More action from regulators would also help to stamp out the tracking. \u201cIf we had legislative support that said \u2018these fingerprinting technologies and scripts are unlawful,\u2019 then that would help us.\u201d<\/p>\n