While we browse the web, most web pages have an interest in observing our behaviour in order to achieve certain business benefits.
Read more »
For example, they would like to know what kind of content the visitor is interested in, and, more specifically, what to recommend to a user who has already downloaded certain page(s) (e.g. article(s)). Therefore, vaguely knowing users’ areas of interest is often insufficient; most web pages will be interested in the entire course of a visit, and, in the case of returning visitors, they want to know the whole browsing history, too. In order to pull this off, the web server needs to store a personal 'file' about each user, and must be able to identify returning visitors.
However, there are certain technical restrictions to such activities, and therefore newer and newer techniques are invented to identify and profile users. For some of these – such as
web bugs – it is indispensable to store an identifier on the user’s computer. But the identifier may be deleted by the user, and, in addition, these solutions mostly identify a browser instance, i.e. not the computer it runs on.
During our research, we have found a way for a malicious party to identify your computer without storing any data on it, in a browser-independent manner. The technique is based on the fingerprint of your system, which may be created by all visited websites, thereby making it possible for them to reidentify you upon your return. The fingerprint is not dependent on the
web browser software; using multiple browsers does not make your identification more difficult. (What is more, neither does browsing in private mode.)
With this experiment, we would like to draw the attention of the public to these possibilities, and we have confidence in that browser vendors will react to the publicity (
as has been seen earlier). Secondly, we are testing the efficiency of the method to see if the identifiers are also unique in a dataset with many users, and therefore we are collecting fingerprints, too.